Re: [OPSAWG] leaf device network configuration format (was draft-winter-opsawg-eap-metadata)
Alan DeKok <aland@deployingradius.com> Mon, 21 March 2016 19:03 UTC
Return-Path: <aland@deployingradius.com>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 79B9412DA45; Mon, 21 Mar 2016 12:03:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TdjjZdS7FTnu; Mon, 21 Mar 2016 12:03:29 -0700 (PDT)
Received: from mail.networkradius.com (mail.networkradius.com [62.210.147.122]) by ietfa.amsl.com (Postfix) with ESMTP id 4F35012DA8D; Mon, 21 Mar 2016 12:01:53 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.networkradius.com (Postfix) with ESMTP id 952AB121C; Mon, 21 Mar 2016 19:01:52 +0000 (UTC)
Received: from mail.networkradius.com ([127.0.0.1]) by localhost (mail-server.vmhost2.networkradius.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id grtc5xTdp5mO; Mon, 21 Mar 2016 19:01:52 +0000 (UTC)
Received: from [192.168.20.14] (69-196-165-104.dsl.teksavvy.com [69.196.165.104]) by mail.networkradius.com (Postfix) with ESMTPSA id F3D9CCF9; Mon, 21 Mar 2016 19:01:50 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 9.2 \(3112\))
From: Alan DeKok <aland@deployingradius.com>
In-Reply-To: <56EA99C6.2080600@restena.lu>
Date: Mon, 21 Mar 2016 15:02:00 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <2764C5A6-F563-4E79-A702-C9A0C06DB932@deployingradius.com>
References: <56EA99C6.2080600@restena.lu>
To: Winter Stefan <stefan.winter@restena.lu>
X-Mailer: Apple Mail (2.3112)
Archived-At: <http://mailarchive.ietf.org/arch/msg/opsawg/CtZhSWhwKHgks_iH6HjwL1KQGlY>
Cc: IETF OOPSAWG <opsawg@ietf.org>, IETF OPSEC <opsec@ietf.org>
Subject: Re: [OPSAWG] leaf device network configuration format (was draft-winter-opsawg-eap-metadata)
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Mar 2016 19:03:31 -0000
On Mar 17, 2016, at 7:49 AM, Stefan Winter <stefan.winter@restena.lu> wrote: > In a nutshell: end users get EAP configuration wrong because it's too > complex, and as a result they are vulnerable to many badnesses out there > in the Wi-Fi world. A common config format would settle all the complex > pieces automatically for them, and make the internet a safer place for them. I'll have a short presentation at the end of RADEXT which addresses this problem directly. And shows how easy it is for bad actors to confuse naive users. I'll post a link to the presentation here when it's ready. In short, there is no practical way to onboard users securely via the method of "connect to an SSID, and click through the prompts". The configuration MUST be provided to the user signed, and/or via an out of band method. Alan DeKok.
- [OPSAWG] leaf device network configuration format… Stefan Winter
- Re: [OPSAWG] leaf device network configuration fo… Alan DeKok