Re: [proxies] Review of draft-hoeper-proxythreat-01.txt (Part 1)
Alan DeKok <aland@deployingradius.com> Mon, 17 November 2008 14:45 UTC
Return-Path: <proxies-bounces@ietf.org>
X-Original-To: proxies-archive@ietf.org
Delivered-To: ietfarch-proxies-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 041CB3A688B; Mon, 17 Nov 2008 06:45:21 -0800 (PST)
X-Original-To: proxies@core3.amsl.com
Delivered-To: proxies@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 81D063A68EB for <proxies@core3.amsl.com>; Mon, 17 Nov 2008 04:44:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RwL+D0mBnMNh for <proxies@core3.amsl.com>; Mon, 17 Nov 2008 04:44:08 -0800 (PST)
Received: from liberty.deployingradius.com (liberty.deployingradius.com [88.191.76.128]) by core3.amsl.com (Postfix) with ESMTP id A4FD73A688B for <proxies@ietf.org>; Mon, 17 Nov 2008 04:44:08 -0800 (PST)
Received: from Thor.local (unknown [12.104.246.163]) by liberty.deployingradius.com (Postfix) with ESMTPSA id C66521234251; Mon, 17 Nov 2008 13:44:05 +0100 (CET)
Message-ID: <49216718.6070905@deployingradius.com>
Date: Mon, 17 Nov 2008 13:44:08 +0100
From: Alan DeKok <aland@deployingradius.com>
User-Agent: Thunderbird 2.0.0.17 (Macintosh/20080914)
MIME-Version: 1.0
To: Bernard Aboba <bernard_aboba@hotmail.com>
References: <7.0.1.0.2.20081104092258.0251aaa0@nist.gov> <7.0.1.0.2.20081104105518.025aa8c8@nist.gov> <BLU137-W54E3AB48E6D604B591851E931F0@phx.gbl> <491D92DF.6020100@restena.lu> <491EBDA2.4060209@wierenga.net> <BLU137-W184088AF25C88B75E1D78593110@phx.gbl>
In-Reply-To: <BLU137-W184088AF25C88B75E1D78593110@phx.gbl>
X-Enigmail-Version: 0.95.7
X-Mailman-Approved-At: Mon, 17 Nov 2008 06:45:19 -0800
Cc: proxies@ietf.org, katrin.hoeper@nist.gov
Subject: Re: [proxies] Review of draft-hoeper-proxythreat-01.txt (Part 1)
X-BeenThere: proxies@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion list for ad hoc group interested in security and proxies <proxies.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/proxies>, <mailto:proxies-request@ietf.org?subject=unsubscribe>
List-Archive: <https://www.ietf.org/mailman/private/proxies>
List-Post: <mailto:proxies@ietf.org>
List-Help: <mailto:proxies-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/proxies>, <mailto:proxies-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: proxies-bounces@ietf.org
Errors-To: proxies-bounces@ietf.org
Bernard Aboba wrote: > Similarly, I believe that understanding how proxies are actually deployed > and used is critical. For example, at present inter-domain > key transport via proxies is very rarely deployed (EDUROAM is the only > major deployment I am aware of). This is because 802.11i has not caught > on in hospitality, hotspots or carriers, where web portals are > overwhelmingly popular. There are, as always, discussions about rolling out world-wide roaming for 802.1X. Trials are occurring now, but I think widespread deployment is 2-3 years out. > My takeaway from all this is that real world deployments appear to have a > very low complexity tolerance. Even technologies which are frequently > assumed to be well established (e.g. EAP, 802.1X) frequently exceed that > tolerance level. Even standard RADIUS has significant complexities when used for world-wide roaming. The people building the equipment often don't understand the specs (and therefore don't follow them), the people deploying the equipment often don't understand networking, and the people managing the businesses often don't understand their market. The result is a world-wide network which is composed of the lowest common denominator. Usernames/passwords go one way, ACKs/NAKs go the other, and generally you see an accounting Start. I think there's a need for a document that covers *more* than the bits & bytes in the protocols. e.g. Both recommended and not recommended network design, practices, etc. Such a document could be used as a reference for global roaming implementations. It could also significantly increase network reliability, and shorten deployment times, by educating the people who build and maintain those networks. Alan DeKok. _______________________________________________ Proxies mailing list Proxies@ietf.org https://www.ietf.org/mailman/listinfo/proxies
- [proxies] New draft: draft-hoeper-proxythreat-01.… Katrin Hoeper
- Re: [proxies] New draft: draft-hoeper-proxythreat… Katrin Hoeper
- [proxies] Review of draft-hoeper-proxythreat-01.t… Bernard Aboba
- Re: [proxies] Review of draft-hoeper-proxythreat-… Stefan Winter
- Re: [proxies] Review of draft-hoeper-proxythreat-… Katrin Hoeper
- Re: [proxies] Review of draft-hoeper-proxythreat-… Klaas Wierenga
- Re: [proxies] Review of draft-hoeper-proxythreat-… Bernard Aboba
- Re: [proxies] Review of draft-hoeper-proxythreat-… Klaas Wierenga
- Re: [proxies] Review of draft-hoeper-proxythreat-… Bernard Aboba
- Re: [proxies] Review of draft-hoeper-proxythreat-… Alan DeKok
- [proxies] next steps for draft-hoeper-proxythreat… Klaas Wierenga