Re: Hotel networks (Was Re: Security for the IETF wireless network)
Stefan Winter <stefan.winter@restena.lu> Sat, 26 July 2014 10:33 UTC
Return-Path: <stefan.winter@restena.lu>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 650D51A0AB7 for <ietf@ietfa.amsl.com>; Sat, 26 Jul 2014 03:33:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FXOwHw_eBK8S for <ietf@ietfa.amsl.com>; Sat, 26 Jul 2014 03:33:41 -0700 (PDT)
Received: from smtp.restena.lu (legolas.restena.lu [IPv6:2001:a18:1::34]) by ietfa.amsl.com (Postfix) with ESMTP id 2521A1A0141 for <ietf@ietf.org>; Sat, 26 Jul 2014 03:33:40 -0700 (PDT)
Received: from smtp.restena.lu (localhost [127.0.0.1]) by smtp.restena.lu (Postfix) with ESMTP id 313C0F1075; Sat, 26 Jul 2014 12:33:40 +0200 (CEST)
Received: from viper.local (unknown [158.64.15.196]) by smtp.restena.lu (Postfix) with ESMTPSA id BB7CA9DD29; Sat, 26 Jul 2014 12:33:39 +0200 (CEST)
Message-ID: <53D38402.5040407@restena.lu>
Date: Sat, 26 Jul 2014 12:33:38 +0200
From: Stefan Winter <stefan.winter@restena.lu>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: Randall Gellens <randy@qti.qualcomm.com>, ietf@ietf.org
Subject: Re: Hotel networks (Was Re: Security for the IETF wireless network)
References: <0FE63216-9BE8-450F-80FB-D1DB6166DFEF@ietf.org> <CFF7BBD1.28A2F%wesley.george@twcable.com> <8B1DA3E3-F195-4CBC-B565-85CAFC31CB1B@shinkuro.com> <3708BC187C6387C727398CBB@JCK-EEE10> <53D25E42.1010903@bogus.com> <4ECAD61D-C3CE-4A6E-B4DE-F3A57EA6601A@shinkuro.com> <CAKr6gn0igB_JwZkkJkTMttQF5+Vuyyimnm3q6mrVh_WrpvOFFw@mail.gmail.com> <53D26553.60200@restena.lu> <p06240612cff85f60303b@[192.168.6.56]>
In-Reply-To: <p06240612cff85f60303b@[192.168.6.56]>
X-Enigmail-Version: 1.6
OpenPGP: id=8A39DC66
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="W7JdSuepp9H48gAmF8HE1hcbiUEI5VDaB"
X-Virus-Scanned: ClamAV
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/zFpF-9PRFAokfxgkAeJY2L3dJiQ
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 26 Jul 2014 10:33:43 -0000
Hi, >> Assuming you didn't (because NOC doesn't tell us what to expect), >> how do >> you know you connected to the IETF network, and not some evil twin who >> is able to spell "ietf-1x" correctly in his AP config dialog? > > Would connecting to this evil twin network be worse than connecting to > the plain ietf network, perhaps also operated by an evil twin? Those two choices are equally bad indeed. The point is that we can do much better, with a few simple steps. And the IETF network has already gone 90% of the way by enabling 1X with RADIUS server etc. At that point, *not* going the few last steps doesn't make much sense. You don't stop running a marathon one mile before the end, just because "25 miles is pretty good, I don't need the rest". Or do you? Thinking about it, maybe the 1X network evil twin is worse than a plain open network even: when connecting to an open network, people (probably and rightfully) don't assume any confidence in the network they connect to. The 1X "enterprise security" label alone can easily make people think that it is more secure against all kinds of attacks and be more relaxed in their surfing/usage habits - while it's not, unless you take all the right steps. Greetings, Stefan Winter
- Re: Security for the IETF wireless network Brian E Carpenter
- Re: Security for the IETF wireless network Stefan Winter
- Re: Security for the IETF wireless network George, Wes
- Re: Security for the IETF wireless network George, Wes
- Hotel networks (Was Re: Security for the IETF wir… Steve Crocker
- Re: Security for the IETF wireless network joel jaeggli
- Re: [90all] Security for the IETF wireless network Randall Gellens
- Re: Security for the IETF wireless network Stefan Winter
- Re: Security for the IETF wireless network Tim Wicinski
- Re: [90all] Security for the IETF wireless network Randy Bush
- Re: Hotel networks (Was Re: Security for the IETF… John C Klensin
- Re: Hotel networks (Was Re: Security for the IETF… Steve Crocker
- Re: Hotel networks (Was Re: Security for the IETF… joel jaeggli
- Re: Hotel networks (Was Re: Security for the IETF… Steve Crocker
- Re: Hotel networks (Was Re: Security for the IETF… George Michaelson
- Re: Hotel networks (Was Re: Security for the IETF… John C Klensin
- Re: Hotel networks (Was Re: Security for the IETF… Stefan Winter
- Re: Security for the IETF wireless network Bill Fenner
- Re: Security for the IETF wireless network George Michaelson
- Re: Security for the IETF wireless network Stefan Winter
- Re: Security for the IETF wireless network Brian E Carpenter
- Re: Security for the IETF wireless network Bill Fenner
- Re: Security for the IETF wireless network Bill Fenner
- Re: Security for the IETF wireless network John Levine
- Re: Security for the IETF wireless network Stefan Winter
- Re: Security for the IETF wireless network Stefan Winter
- Re: Hotel networks (Was Re: Security for the IETF… Samuel Weiler
- Re: Hotel networks (Was Re: Security for the IETF… Randall Gellens
- Re: Hotel networks (Was Re: Security for the IETF… Randall Gellens
- Re: Hotel networks (Was Re: Security for the IETF… Niels Dettenbach (Syndicat IT&Internet)
- Re: Hotel networks (Was Re: Security for the IETF… Stefan Winter
- Re: Hotel networks (Was Re: Security for the IETF… Randall Gellens
- Re: Hotel networks (Was Re: Security for the IETF… Randall Gellens
- Re: Hotel networks (Was Re: Security for the IETF… Melinda Shore
- Re: Security for the IETF wireless network Michael Richardson