Re: How to get onto the IETF authenticated LAN?
Yoav Nir <ynir@checkpoint.com> Wed, 28 July 2010 07:43 UTC
Return-Path: <ynir@checkpoint.com>
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 48DF73A69A2 for <ietf@core3.amsl.com>; Wed, 28 Jul 2010 00:43:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.73
X-Spam-Level:
X-Spam-Status: No, score=-2.73 tagged_above=-999 required=5 tests=[AWL=-0.131, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BCs+nmKMBh-n for <ietf@core3.amsl.com>; Wed, 28 Jul 2010 00:43:53 -0700 (PDT)
Received: from michael.checkpoint.com (smtp.checkpoint.com [194.29.34.68]) by core3.amsl.com (Postfix) with ESMTP id 6EEA53A699C for <ietf@ietf.org>; Wed, 28 Jul 2010 00:43:50 -0700 (PDT)
X-CheckPoint: {4C4FEB7F-0-1B221DC2-2FFFF}
Received: from il-ex01.ad.checkpoint.com (il-ex01.checkpoint.com [194.29.34.26]) by michael.checkpoint.com (8.12.10+Sun/8.12.10) with ESMTP id o6S7i6Dq006807; Wed, 28 Jul 2010 10:44:06 +0300 (IDT)
Received: from il-ex01.ad.checkpoint.com ([126.0.0.2]) by il-ex01.ad.checkpoint.com ([126.0.0.2]) with mapi; Wed, 28 Jul 2010 10:44:37 +0300
From: Yoav Nir <ynir@checkpoint.com>
To: Phillip Hallam-Baker <hallam@gmail.com>
Date: Wed, 28 Jul 2010 10:44:04 +0300
Subject: Re: How to get onto the IETF authenticated LAN?
Thread-Topic: How to get onto the IETF authenticated LAN?
Thread-Index: AcsuKLpoONPUl82JSOCpDWLuaII9lQ==
Message-ID: <4141D6E7-6354-484A-82B5-3318DA96D6B3@checkpoint.com>
References: <AANLkTimjJ4myRE_hQ3BDcqt_wD4FYR6K_BoaUsftqoBG@mail.gmail.com>
In-Reply-To: <AANLkTimjJ4myRE_hQ3BDcqt_wD4FYR6K_BoaUsftqoBG@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: IETF Discussion Mailing List <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Jul 2010 07:43:58 -0000
But we have... On Jul 27, 2010, at 5:08 PM, Phillip Hallam-Baker wrote: > The endpoints used in these protocols all have the ability to perform > public key cryptography at acceptable speeds. Even if they did not, > the price of 64Mb of flash memory is negligible these days and that is > sufficient to store more than enough keys to maintain tens of > thousands of session keys in the access point. Agree. > We have the resources and the technology to do the job right. Why do > we keep doing half measures that we know are wrong? Because this is layer-2 stuff that should be in IEEE. > I know this particular issue is an IEEE funeral, but isn't there a > point where others decide to take responsibility? We did. The IETF answer would be to "just use IPSec". It's fine to use the wifi with broken or missing security, as long as you're securing your traffic end-2-end. You might want to look at http://tools.ietf.org/html/draft-laganier-ike-ipv6-cga-02 , which may allow you to do the IPsec with very little pre-configuring.
- How to get onto the IETF authenticated LAN? Phillip Hallam-Baker
- Re: How to get onto the IETF authenticated LAN? Yoav Nir
- Re: How to get onto the IETF authenticated LAN? Dan Harkins