Re: [Secauth] My Summary of the December Conference Call
Alexandre Petrescu <alexandre.petrescu@gmail.com> Tue, 13 January 2015 16:25 UTC
Return-Path: <alexandre.petrescu@gmail.com>
X-Original-To: secauth@ietfa.amsl.com
Delivered-To: secauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 20A471A8AAC for <secauth@ietfa.amsl.com>; Tue, 13 Jan 2015 08:25:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.983
X-Spam-Level:
X-Spam-Status: No, score=-4.983 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_CUSTOM_MED=0.001, FREEMAIL_FROM=0.001, HELO_EQ_FR=0.35, NML_ADSP_CUSTOM_MED=0.9, RCVD_IN_DNSWL_HI=-5, SPF_SOFTFAIL=0.665] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wvZsqInaWplY for <secauth@ietfa.amsl.com>; Tue, 13 Jan 2015 08:25:47 -0800 (PST)
Received: from oxalide-out.extra.cea.fr (oxalide-out.extra.cea.fr [132.168.224.8]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7FC371A8AA9 for <secauth@ietf.org>; Tue, 13 Jan 2015 08:25:47 -0800 (PST)
Received: from pisaure.intra.cea.fr (pisaure.intra.cea.fr [132.166.88.21]) by oxalide.extra.cea.fr (8.14.2/8.14.2/CEAnet-Internet-out-2.3) with ESMTP id t0DGPik9031825; Tue, 13 Jan 2015 17:25:44 +0100
Received: from pisaure.intra.cea.fr (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id 4C6B32075E4; Tue, 13 Jan 2015 17:25:54 +0100 (CET)
Received: from muguet2.intra.cea.fr (muguet2.intra.cea.fr [132.166.192.7]) by pisaure.intra.cea.fr (Postfix) with ESMTP id 409062075C2; Tue, 13 Jan 2015 17:25:54 +0100 (CET)
Received: from [127.0.0.1] (is010446-4.intra.cea.fr [10.8.33.116]) by muguet2.intra.cea.fr (8.13.8/8.13.8/CEAnet-Intranet-out-1.2) with ESMTP id t0DGPgg6018560; Tue, 13 Jan 2015 17:25:44 +0100
Message-ID: <54B54706.10704@gmail.com>
Date: Tue, 13 Jan 2015 17:25:42 +0100
From: Alexandre Petrescu <alexandre.petrescu@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:31.0) Gecko/20100101 Thunderbird/31.3.0
MIME-Version: 1.0
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>, secauth@ietf.org
References: <54AEA0DA.7080103@gmx.net> <54B4E7A8.9080006@gmail.com> <54B50332.2060905@gmx.net>
In-Reply-To: <54B50332.2060905@gmx.net>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/secauth/77uSojxzr7Ifcp0X_L8-3yrpeug>
Subject: Re: [Secauth] My Summary of the December Conference Call
X-BeenThere: secauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Omni-purpose Network-layer based Secure Authentication and Authorization non-working group discussion list <secauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secauth>, <mailto:secauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secauth/>
List-Post: <mailto:secauth@ietf.org>
List-Help: <mailto:secauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secauth>, <mailto:secauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Jan 2015 16:25:50 -0000
Le 13/01/2015 12:36, Hannes Tschofenig a écrit : > Regarding web portals and their impact on security and usability: I > agree that those are indeed problems. There may even be simple solutions > to those problems but the real challenge is with the existing > infrastructure. How do you provide incentives for the small and medium > enterprises (like all the small hotels and restaurants) to change their > infrastructure to make this happen? This is a good question. How does google provide incentive for me to use it and not altavista? Alex > > Ciao > Hannes > > On 01/13/2015 10:38 AM, Alexandre Petrescu wrote: >> Hello, >> >> Le 08/01/2015 16:23, Hannes Tschofenig a écrit : >>> Hi all, >>> >>> in December we had a conference call and it clarified many aspects for >>> me. I wanted to post a short summary of what I understood (in an attempt >>> to see whether others got the same impression at the call). >>> >>> Hosnieh explained a model using OpenFlow where the AAA client is >>> actually moved into the cloud. Consequently, there is no need to use >>> RADIUS or Diameter in such a model since the network access >>> authentication messages are just forwarded from the access point to the >>> cloud infrastructure using some tunneling mechanism. >>> >>> Now, there is still a problem with that model since at the end of the >>> protocol dance the access point (who was previously running the AAA >>> client) now has to be informed about the authorization decision. At a >>> minimum it has to get the keys for enabling link layer security. From >>> the discussions on the call I got the impression that this transfer of >>> authorization information from the cloud infrastructure to the access >>> point has not yet been standardized in an OpenFlow alike model. (Note >>> that OpenFlow just served as an example and similar technologies could >>> be used that aim to delegate the execution to some other nodes.) >>> >>> Did others understood the problem description in the same way? >> >> Architecting the placement of AAA elements may be realized by SDN/NFV >> tools, such as to obtain a more efficient authentication step for WiFi. >> >> But I would suggest to clarify another dimension of the problem: that of >> the usecase scenario where this is needed. Do we consider WiFi >> hotspots? And web portal authentication? Or do we consider cellular >> systems and EAP authentication? >> >>> If "yes", then the question is >>> >>> * Is this a worthwhile problem to solve? In some sense this could be >>> seen as a competitor to RADIUS and Diameter. >> >> I consider the portal automation in WiFi hotspots to be a problem >> hampering smooth connectivity. Does it need a RADIUS or EAP kind of >> solution? Or an enhancement of some other protocol (http? dns?) to >> realize this automation? >> >>> * Are we just moving problems around here and not really advancing the >>> state of the art (which might a general question with OpenFlow alike >>> technologies IMHO)? >> >> We would need to identify where is a practical problem, and where is >> problem of intelect only. Just exercising protocol design is obviously >> not enough to pursue; this should be an engineering activity aiming at >> deploying product useful to an end user. >> >>> * Is there indeed a standardization gap (or are we just uninformed >>> about the state of the art)? >> >> Yes, there are a few protocols like dns and http which allow the web >> portals authenticators to be mean to the end user, to restrain >> connectivity, to reduce number of customers. >> >>> * Is the IETF the right venue to do this type of standardization work? >> >> This is a good question. If the protocols we look at are IETF >> protocols, and if the problem is understood as real by several IETFers, >> then this is the venue. If the protocols are not IETF, or if the >> problem is not understood as real by several IETFers then this is not >> the venue. >> >> Alex >> >>> >>> Thoughts? >>> >>> Ciao >>> Hannes >>> >>> >>> >>> _______________________________________________ >>> Secauth mailing list >>> Secauth@ietf.org >>> https://www.ietf.org/mailman/listinfo/secauth >>> >> >> _______________________________________________ >> Secauth mailing list >> Secauth@ietf.org >> https://www.ietf.org/mailman/listinfo/secauth >
- [Secauth] My Summary of the December Conference C… Hannes Tschofenig
- Re: [Secauth] My Summary of the December Conferen… Hosnieh Rafiee
- Re: [Secauth] My Summary of the December Conferen… Alan DeKok
- Re: [Secauth] My Summary of the December Conferen… Alexandre Petrescu
- Re: [Secauth] My Summary of the December Conferen… Hannes Tschofenig
- Re: [Secauth] My Summary of the December Conferen… Alexandre Petrescu