Re: [Netrqmts] IETF 105 Minutes

Toerless Eckert <tte@cs.fau.de> Tue, 30 July 2019 22:58 UTC

Return-Path: <eckert@i4.informatik.uni-erlangen.de>
X-Original-To: netrqmts@ietfa.amsl.com
Delivered-To: netrqmts@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 250CE1201CB for <netrqmts@ietfa.amsl.com>; Tue, 30 Jul 2019 15:58:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.95
X-Spam-Level:
X-Spam-Status: No, score=-3.95 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kcxiTwWlDb0B for <netrqmts@ietfa.amsl.com>; Tue, 30 Jul 2019 15:58:49 -0700 (PDT)
Received: from faui40.informatik.uni-erlangen.de (faui40.informatik.uni-erlangen.de [IPv6:2001:638:a000:4134::ffff:40]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CA8FE12010D for <netrqmts@ietf.org>; Tue, 30 Jul 2019 15:58:48 -0700 (PDT)
Received: from faui48f.informatik.uni-erlangen.de (faui48f.informatik.uni-erlangen.de [131.188.34.52]) by faui40.informatik.uni-erlangen.de (Postfix) with ESMTP id 07CEE54802C; Wed, 31 Jul 2019 00:58:44 +0200 (CEST)
Received: by faui48f.informatik.uni-erlangen.de (Postfix, from userid 10463) id EBA3D440041; Wed, 31 Jul 2019 00:58:43 +0200 (CEST)
Date: Wed, 31 Jul 2019 00:58:43 +0200
From: Toerless Eckert <tte@cs.fau.de>
To: Michael Richardson <mcr+ietf@sandelman.ca>
Cc: netrqmts@ietf.org
Message-ID: <20190730225843.hznqmck3lkgfpwz4@faui48f.informatik.uni-erlangen.de>
References: <DF3803B7-C05B-4A31-B873-73A86B1416CE@vigilsec.com> <19915.1564514403@localhost> <20190730202439.zl6gjvzasxofvej2@faui48f.informatik.uni-erlangen.de> <27837.1564524525@localhost> <20190730222340.x6g232kpp7eadanp@faui48f.informatik.uni-erlangen.de> <2712.1564526544@localhost>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <2712.1564526544@localhost>
User-Agent: NeoMutt/20170113 (1.7.2)
Archived-At: <https://mailarchive.ietf.org/arch/msg/netrqmts/CTFw1LFHOVfW8JHWkTPgbjlVtsA>
Subject: Re: [Netrqmts] IETF 105 Minutes
X-BeenThere: netrqmts@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF Meeting Network Requirements <netrqmts.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netrqmts>, <mailto:netrqmts-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netrqmts/>
List-Post: <mailto:netrqmts@ietf.org>
List-Help: <mailto:netrqmts-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netrqmts>, <mailto:netrqmts-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Jul 2019 22:58:51 -0000

On Tue, Jul 30, 2019 at 06:42:24PM -0400, Michael Richardson wrote:
> 
> Toerless Eckert <tte@cs.fau.de> wrote:
>     >> A $22 home router fixes that problem.
> 
>     > Sure, but why would i have to bring my own WiFi<->WiFi home router to
>     > the IETF to give me that function for the company notebook.
> 
> Laptops are regularly attacked at the Coffee Shop from BEHIND the NAT44
> "firewall".  No firewall the IETF provides will solve that.

That IMHO today an untypical and recgonizeable bad hotspot setup.

> As your company IT guy why they gave you an insecure laptop for travel.
> So seriously, go ask them.  NOT AN IETF PROBLEM.

Providing access that is less secured than what users can normally
expect at work/hotspots/home is an explicit IETF choice, and i am
questioning why people would think its a good idea to only provide that
choice.

> Better yet, bring your company IT guy to IETF, so that they learn what's it
> like to be connected to the actual Internet. As you say, most have never been online.

Nobody connects endpoint to the actual Internet without firewalls in between.

Yes, a good travel notebook should have that firewall built-in. Many may
be good. Windows probably a lot better than Linux. But its a kind of
strange policy to provide such an uncommon type of access without
communicating it clearly to the whole community and understanding their
preferences.

>     > I guess the best thing i could think of would be to have a BCP RFC for
>     > how hotels should build out their network infrastructure to be best
>     > prepared for conferences/workshops etc. This could easily proliferate
> 
> It's a great idea, and I sure wish it would occur.
> 
> To be effective, they hotel chains would need to solicit this document, and
> pay a significant figure for the consulting.  Otherwise, they will ignore it.

If a lot of conferences would refer to it, the hotels would not ignore
it. Otherwise we might worst case support the business model of useless
consultants reading our doc, and recommending its points for a lot of
money to hotels.

But yes, its work, so the question is whether there is enough critical
mass to write it.

> capport WG has been struggling for attention of the same types.

I think thats a fundamentally different problem space.

To automate the captive portal problem, you need to be able to tie every
IoT devices authenticatication to some poor human, who forcefully has to absorb the
advertisement of the portal and bear legal responsiblity requested by
the portal. So pretty much you need a mobile phone app and cloud broker
where iot device manufacturer can hire middle school kids that will then
continuously watch advertisement clips from those portal operators and
whose parents will pay the bail when the kid has to go to jail for
something the IoT device did do wrong.

Or else the business model of the captive portal has to change.

Cheers
    toerless
> 
> -- 
> ]               Never tell me the odds!                 | ipv6 mesh networks [
> ]   Michael Richardson, Sandelman Software Works        |    IoT architect   [
> ]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [
> 



> -- 
> Netrqmts mailing list
> Netrqmts@ietf.org
> https://www.ietf.org/mailman/listinfo/netrqmts


-- 
---
tte@cs.fau.de