Re: [perpass] perpass: what next?
Stefan Winter <stefan.winter@restena.lu> Thu, 09 July 2015 07:45 UTC
Return-Path: <stefan.winter@restena.lu>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 41CDE1AC43D for <perpass@ietfa.amsl.com>; Thu, 9 Jul 2015 00:45:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.909
X-Spam-Level:
X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01, WEIRD_PORT=0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OjBQAvHBMhYe for <perpass@ietfa.amsl.com>; Thu, 9 Jul 2015 00:45:17 -0700 (PDT)
Received: from smtprelay.restena.lu (smtprelay.restena.lu [IPv6:2001:a18:1::62]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 982531AC44D for <perpass@ietf.org>; Thu, 9 Jul 2015 00:45:17 -0700 (PDT)
Received: from aragorn.restena.lu (aragorn.restena.lu [IPv6:2001:a18:1:8::155]) by smtprelay.restena.lu (Postfix) with ESMTPS id 720F843976; Thu, 9 Jul 2015 09:45:16 +0200 (CEST)
Message-ID: <559E268C.60306@restena.lu>
Date: Thu, 09 Jul 2015 09:45:16 +0200
From: Stefan Winter <stefan.winter@restena.lu>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: Michael Richardson <mcr+ietf@sandelman.ca>
References: <5530EEAB.5050601@cs.tcd.ie> <25042.1429279352@sandelman.ca> <5541D7DD.9010504@restena.lu> <30883.1430401937@sandelman.ca>
In-Reply-To: <30883.1430401937@sandelman.ca>
OpenPGP: id=AD3091F3AB24E05F4F722C03C0DE6A358A39DC66; url=http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="NWLDNKLl1qHL9TRR0T9HptEUjiHWFlQdO"
Archived-At: <http://mailarchive.ietf.org/arch/msg/perpass/2oGgjuzis_P8x_JsqJc3iS04lig>
Cc: perpass@ietf.org
Subject: Re: [perpass] perpass: what next?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Jul 2015 07:45:19 -0000
Hello, > Would there be value to deploy this at IETF meeting networks? There was a very long and for me depessing thread on this question; once on attendees of a meeting where I reached out to get 1X security done; once on ietf@ietf.org (thread starting 27 April 2014 "Security for the IETF wireless network"). It seems like the use case at IETF meetings is so different from normal corporate use that attendees don't see significant enough value in security the 1X network properly. The story goes like this... Since the network uses username+password =="ietf/ietf" there is no risk to leak personal credentials. So there is no need to authenticate the network to the user. My argument that users could fall into a rogue 1X evil clone if they don't get provisioned proper security settings was waved away with statements such as that nobody should trust the network anyway, and that the situation is no different on the open ietf network. Needless to say that I was extremely unhappy with that way of thinking, but at some point I gave up (I considered to set up an evil twin myself, but don't want to be overly nasty). It's like... everybody should eat our dogfood, except ourselves. :-( Stefan -- Stefan WINTER Ingenieur de Recherche Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg Tel: +352 424409 1 Fax: +352 422473 PGP key updated to 4096 Bit RSA - I will encrypt all mails if the recipient's key is known to me http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
- Re: [perpass] perpass: what next? John Levine
- [perpass] perpass: what next? Stephen Farrell
- Re: [perpass] perpass: what next? Michael Richardson
- Re: [perpass] perpass: what next? Mike Liebhold
- Re: [perpass] perpass: what next? Watson Ladd
- Re: [perpass] perpass: what next? Stephen Farrell
- Re: [perpass] perpass: what next? Tim Bray
- Re: [perpass] perpass: what next? Adam Caudill
- Re: [perpass] perpass: what next? Paul Wouters
- Re: [perpass] perpass: what next? carlo von lynX
- Re: [perpass] perpass: what next? Mike Liebhold
- Re: [perpass] perpass: what next? Watson Ladd
- Re: [perpass] perpass: what next? carlo von lynX
- Re: [perpass] perpass: what next? Joseph Lorenzo Hall
- Re: [perpass] perpass: what next? Christian Huitema
- Re: [perpass] perpass: what next? Stefan Winter
- Re: [perpass] perpass: what next? Michael Richardson
- Re: [perpass] perpass: what next? Ted Lemon
- Re: [perpass] perpass: what next? Mike Liebhold
- Re: [perpass] perpass: what next? Stefan Winter
- Re: [perpass] perpass: what next? Stefan Winter
- Re: [perpass] perpass: what next? Stephen Farrell
- Re: [perpass] perpass: what next? Kathleen Moriarty