IETF Logo Mail Archive

Re: [Secauth] Closing SecAuth list

Alexandre Petrescu <alexandre.petrescu@gmail.com> Tue, 13 January 2015 16:16 UTC

Return-Path: <alexandre.petrescu@gmail.com>
X-Original-To: secauth@ietfa.amsl.com
Delivered-To: secauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 55BC21A8AAC for <secauth@ietfa.amsl.com>; Tue, 13 Jan 2015 08:16:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.983
X-Spam-Level:
X-Spam-Status: No, score=-4.983 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_CUSTOM_MED=0.001, FREEMAIL_FROM=0.001, HELO_EQ_FR=0.35, NML_ADSP_CUSTOM_MED=0.9, RCVD_IN_DNSWL_HI=-5, SPF_SOFTFAIL=0.665] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1EnQCKmp8v84 for <secauth@ietfa.amsl.com>; Tue, 13 Jan 2015 08:16:32 -0800 (PST)
Received: from oxalide-out.extra.cea.fr (oxalide-out.extra.cea.fr [132.168.224.8]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 55E691A8AA6 for <secauth@ietf.org>; Tue, 13 Jan 2015 08:16:32 -0800 (PST)
Received: from pisaure.intra.cea.fr (pisaure.intra.cea.fr [132.166.88.21]) by oxalide.extra.cea.fr (8.14.2/8.14.2/CEAnet-Internet-out-2.3) with ESMTP id t0DGGTo5029103 for <secauth@ietf.org>; Tue, 13 Jan 2015 17:16:29 +0100
Received: from pisaure.intra.cea.fr (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id 11B8A20756A for <secauth@ietf.org>; Tue, 13 Jan 2015 17:16:39 +0100 (CET)
Received: from muguet2.intra.cea.fr (muguet2.intra.cea.fr [132.166.192.7]) by pisaure.intra.cea.fr (Postfix) with ESMTP id 089712075AF for <secauth@ietf.org>; Tue, 13 Jan 2015 17:16:39 +0100 (CET)
Received: from [127.0.0.1] (is010446-4.intra.cea.fr [10.8.33.116]) by muguet2.intra.cea.fr (8.13.8/8.13.8/CEAnet-Intranet-out-1.2) with ESMTP id t0DGGREC010053 for <secauth@ietf.org>; Tue, 13 Jan 2015 17:16:29 +0100
Message-ID: <54B544DB.9040002@gmail.com>
Date: Tue, 13 Jan 2015 17:16:27 +0100
From: Alexandre Petrescu <alexandre.petrescu@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:31.0) Gecko/20100101 Thunderbird/31.3.0
MIME-Version: 1.0
To: secauth@ietf.org
References: <CAHbuEH45CtkRsPvjYXU-tRE6PBbufDztAJ=SGOwgGSp76DvjWQ@mail.gmail.com> <DUB119-DS5A9C15A543028B641DEC8B1400@phx.gbl> <CAHbuEH6Qi5yRXVCS8T=Baz7_p0CHhq6qKk5kBVUy6-mSnDyB8Q@mail.gmail.com>
In-Reply-To: <CAHbuEH6Qi5yRXVCS8T=Baz7_p0CHhq6qKk5kBVUy6-mSnDyB8Q@mail.gmail.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/secauth/upUXe5_47GhDykoPefGkmhEvwzs>
Subject: Re: [Secauth] Closing SecAuth list
X-BeenThere: secauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Omni-purpose Network-layer based Secure Authentication and Authorization non-working group discussion list <secauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secauth>, <mailto:secauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secauth/>
List-Post: <mailto:secauth@ietf.org>
List-Help: <mailto:secauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secauth>, <mailto:secauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Jan 2015 16:16:35 -0000

Hello Kathleen,

Le 13/01/2015 14:40, Kathleen Moriarty a écrit :
> As an observer, I see that people are not coming together to solve a
>  problem in which there will be support by the community responsible
>  for the technology (wifi hotspots).

The hurdle to connect to wifi hotspots is a real problem.  Sometimes
it's impossible to connect, other times the only way to connect is an
insecure way[*].

The community responsible for the technology used in these hotspots is
divided in two: those who offer heavy web portal authentication and
those who gave up and afford no security at all.  A 3rd category of
those who offer Radius/DIAMETER-kinds of authentication exists, but has
more limited tract.

Each of these categories needs to listen to what the end user needs, not
to what the current access control technology has to offer.

To that one may add these trends:
- new GUI-less small devices come on the market - how will they connect
   to web portal hotspots where one has to fill forms in?
- new methods of authenticating with one different password token per
   device are non-scalable.

[*] : examples of insecure ways to connect to WiFi hotspots: (1)
one particular large airport wifi hotspot has no link-layer and no web
portal security; (2) during last Winter Games the password to connect to
a wifi hotspot was shown in clear on TV to world audience.

> I am also seeing disconnected threads that bring in SDN and NFV in
> the mix for device authentication without thought of how this might
> be used or connected into infrastructure and resistance to
> suggestions on how to accomplish that (if it is even needed).

If by SDN/NFV we mean OpenFlow and YANG, and knowing that any new
protocol or protocol enhancement must have a MIB feature in it, then it
does make sense to have SDN/NFV.

> I've also noticed the sporadic question, "What is SecAuth?" after
> all of the time spent and discussions, which shows others are
> confused on the goal and problem or set of problems being worked on.

Certainly.  SecAuth acronym per se is difficult to pronounce and too
generic.  But I wouldn't care for the time being.

> I appreciate the messages asking why the list is being closed.  I
> would like to see a clearly defined problem statement with agreed
> upon goals and I am not sure we will get there as it stands now since
> the conversation goes in circles and mixes the sets of problems even
> within a single response.

I agree.

> We have a few people that are actively participating, but I don't
> think they all support the work. I have noticed several  advising the
> list, pointing to other solutions in play to raise awareness of
> existing options.  I've also gotten some private notes thanking me
> for closing the list, so views are mixed here.

I agree.

I think there is need and effort ready from a particular equipment 
manufacturer, and I think there is this wifi hotspot problem; but maybe 
I am wrong, I dont know.

Alex

> We would be happy to set up a list on a defined scope with willing
> participants, but I do think people have to come to agreement on a
> narrowed goal or sets of goals.
>
> Thank you, Kathleen
>
> On Tue, Jan 13, 2015 at 6:21 AM, Yoav Nir <synp71@live.com> wrote:
>> Hi, Kathleen
>>
>> That's a strange decision IMO. I agree that the scope has not been
>>  narrowed enough to justify a BoF just yet, but the list does have
>>  some activity on it, and there does seem to be a problem in there
>>  and some people who want that problem solved.
>>
>> Closing the list sends people to either the main IETF list, the
>> SAAG list, or to form their own Google group, none of which is IMO
>>  better than the status quo ante.
>>
>> I believe that the mailing list at least should remain open for
>> now.
>>
>> Yoav
>>
>> -----Original Message----- From: Secauth
>> [mailto:secauth-bounces@ietf.org] On Behalf Of Kathleen Moriarty
>> Sent: Tuesday, January 13, 2015 1:21 AM To: secauth@ietf.org
>> Subject: [Secauth] Closing SecAuth list
>>
>> Hello,
>>
>> The SecAuth list will be closing.  Those interested to continue to
>>  identify and narrow the scope of work should get together
>> off-list. If a clear problem statement has been defined and has
>> support from the necessary communities to do the work, you can
>> check with the Security ADs to request a new list, Bof, etc.
>>
>> --
>>
>> Best regards, Kathleen
>>
>> _______________________________________________ Secauth mailing
>> list Secauth@ietf.org
>> https://www.ietf.org/mailman/listinfo/secauth
>>
>
>
>

v2.23.0 | Report a Bug | By Email