Re: [Secauth] Closing SecAuth list
Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Tue, 13 January 2015 16:30 UTC
Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: secauth@ietfa.amsl.com
Delivered-To: secauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6E6901A8AE6 for <secauth@ietfa.amsl.com>; Tue, 13 Jan 2015 08:30:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yVNGhKKNwNUU for <secauth@ietfa.amsl.com>; Tue, 13 Jan 2015 08:30:04 -0800 (PST)
Received: from mail-la0-x22d.google.com (mail-la0-x22d.google.com [IPv6:2a00:1450:4010:c03::22d]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 563B41A8AAC for <secauth@ietf.org>; Tue, 13 Jan 2015 08:30:04 -0800 (PST)
Received: by mail-la0-f45.google.com with SMTP id gq15so3568035lab.4 for <secauth@ietf.org>; Tue, 13 Jan 2015 08:30:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=4R08BzzBrkdmYUJlomoXsFYxx/IN672GnCbhWQnxgjw=; b=a6W9hRUzxXDCuk4eRmL797IE6cIbcz5cf0Q8o5cYA0Kci9dRtt47FT9CQj+zaeQOmb xQtuA6uycxvk/1w6l1IfP1CjARhw9X4EeooUOPmPwP30yvZwkufTFzp2GffsczgK5BQ5 DVGviaUoIjgKAf/5mV3OkEJaAj0cOGpsl4+Q0Bx+JZKbA901DFUWSUSJh2MQMdrobkKO iRNtY7Mh/v2kQjBn5y8uV8811j+IDrPRv4ACu32J/9EcxziSBPDkWo7jLayobTxDox5h sXV3DiEW7VLLI7aYca9byK4hnTxpbRtU24pqSXq9FZg+hMgFpCKYZqPzenNxhtteZMmq pLTg==
MIME-Version: 1.0
X-Received: by 10.152.20.98 with SMTP id m2mr43514794lae.49.1421166602567; Tue, 13 Jan 2015 08:30:02 -0800 (PST)
Received: by 10.112.49.52 with HTTP; Tue, 13 Jan 2015 08:30:02 -0800 (PST)
In-Reply-To: <54B544DB.9040002@gmail.com>
References: <CAHbuEH45CtkRsPvjYXU-tRE6PBbufDztAJ=SGOwgGSp76DvjWQ@mail.gmail.com> <DUB119-DS5A9C15A543028B641DEC8B1400@phx.gbl> <CAHbuEH6Qi5yRXVCS8T=Baz7_p0CHhq6qKk5kBVUy6-mSnDyB8Q@mail.gmail.com> <54B544DB.9040002@gmail.com>
Date: Tue, 13 Jan 2015 11:30:02 -0500
Message-ID: <CAHbuEH7mdiZeeasXRd8PFygZO-pm1UC=BVDyfk+8pvNxipCHzg@mail.gmail.com>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
To: Alexandre Petrescu <alexandre.petrescu@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/secauth/xjsiX5mwo4DynC_UTy97k8SU9Us>
Cc: "secauth@ietf.org" <secauth@ietf.org>
Subject: Re: [Secauth] Closing SecAuth list
X-BeenThere: secauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Omni-purpose Network-layer based Secure Authentication and Authorization non-working group discussion list <secauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secauth>, <mailto:secauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secauth/>
List-Post: <mailto:secauth@ietf.org>
List-Help: <mailto:secauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secauth>, <mailto:secauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Jan 2015 16:30:17 -0000
Hi Alex, Thanks, response in-line. On Tue, Jan 13, 2015 at 11:16 AM, Alexandre Petrescu <alexandre.petrescu@gmail.com> wrote: > Hello Kathleen, > > Le 13/01/2015 14:40, Kathleen Moriarty a écrit : >> >> As an observer, I see that people are not coming together to solve a >> problem in which there will be support by the community responsible >> for the technology (wifi hotspots). > > > The hurdle to connect to wifi hotspots is a real problem. Sometimes > it's impossible to connect, other times the only way to connect is an > insecure way[*]. > > The community responsible for the technology used in these hotspots is > divided in two: those who offer heavy web portal authentication and > those who gave up and afford no security at all. A 3rd category of > those who offer Radius/DIAMETER-kinds of authentication exists, but has > more limited tract. > > Each of these categories needs to listen to what the end user needs, not > to what the current access control technology has to offer. > > To that one may add these trends: > - new GUI-less small devices come on the market - how will they connect > to web portal hotspots where one has to fill forms in? > - new methods of authenticating with one different password token per > device are non-scalable. > > [*] : examples of insecure ways to connect to WiFi hotspots: (1) > one particular large airport wifi hotspot has no link-layer and no web > portal security; (2) during last Winter Games the password to connect to > a wifi hotspot was shown in clear on TV to world audience. > >> I am also seeing disconnected threads that bring in SDN and NFV in >> the mix for device authentication without thought of how this might >> be used or connected into infrastructure and resistance to >> suggestions on how to accomplish that (if it is even needed). > > > If by SDN/NFV we mean OpenFlow and YANG, and knowing that any new > protocol or protocol enhancement must have a MIB feature in it, then it > does make sense to have SDN/NFV. > >> I've also noticed the sporadic question, "What is SecAuth?" after >> all of the time spent and discussions, which shows others are >> confused on the goal and problem or set of problems being worked on. > > > Certainly. SecAuth acronym per se is difficult to pronounce and too > generic. But I wouldn't care for the time being. > >> I appreciate the messages asking why the list is being closed. I >> would like to see a clearly defined problem statement with agreed >> upon goals and I am not sure we will get there as it stands now since >> the conversation goes in circles and mixes the sets of problems even >> within a single response. > > > I agree. > >> We have a few people that are actively participating, but I don't >> think they all support the work. I have noticed several advising the >> list, pointing to other solutions in play to raise awareness of >> existing options. I've also gotten some private notes thanking me >> for closing the list, so views are mixed here. > > > I agree. > > I think there is need and effort ready from a particular equipment > manufacturer, and I think there is this wifi hotspot problem; but maybe I am > wrong, I dont know. This is only one of the three problems being discussed and there isn't enough to go forward on yet. I'm asking that those interested go back and collect thoughts to devise feasible options. If this is the problem selected, I would also need to see support from those who can make the change (organizations running the wifi hotspots). I don't see the motivation for them to switch from using a captive portal, especially since they charge for use of the infrastructure they host/provide. I understand this is an issue for users, but also see that the problem is bigger and involves providers of the service (who have not been participating in the discussion). Is it worth it for those interested to get together on a single problem and come back with a more clearly defined scope? If so, it would be great to see that happen and to see some of the concerns addressed by getting involvement/support of service providers. Thank you. > > Alex > > >> We would be happy to set up a list on a defined scope with willing >> participants, but I do think people have to come to agreement on a >> narrowed goal or sets of goals. >> >> Thank you, Kathleen >> >> On Tue, Jan 13, 2015 at 6:21 AM, Yoav Nir <synp71@live.com> wrote: >>> >>> Hi, Kathleen >>> >>> That's a strange decision IMO. I agree that the scope has not been >>> narrowed enough to justify a BoF just yet, but the list does have >>> some activity on it, and there does seem to be a problem in there >>> and some people who want that problem solved. >>> >>> Closing the list sends people to either the main IETF list, the >>> SAAG list, or to form their own Google group, none of which is IMO >>> better than the status quo ante. >>> >>> I believe that the mailing list at least should remain open for >>> now. >>> >>> Yoav >>> >>> -----Original Message----- From: Secauth >>> [mailto:secauth-bounces@ietf.org] On Behalf Of Kathleen Moriarty >>> Sent: Tuesday, January 13, 2015 1:21 AM To: secauth@ietf.org >>> Subject: [Secauth] Closing SecAuth list >>> >>> Hello, >>> >>> The SecAuth list will be closing. Those interested to continue to >>> identify and narrow the scope of work should get together >>> off-list. If a clear problem statement has been defined and has >>> support from the necessary communities to do the work, you can >>> check with the Security ADs to request a new list, Bof, etc. >>> >>> -- >>> >>> Best regards, Kathleen >>> >>> _______________________________________________ Secauth mailing >>> list Secauth@ietf.org >>> https://www.ietf.org/mailman/listinfo/secauth >>> >> >> >> > > > _______________________________________________ > Secauth mailing list > Secauth@ietf.org > https://www.ietf.org/mailman/listinfo/secauth -- Best regards, Kathleen
- [Secauth] Closing SecAuth list Kathleen Moriarty
- Re: [Secauth] Closing SecAuth list Alexandre Petrescu
- Re: [Secauth] Closing SecAuth list Kathleen Moriarty
- Re: [Secauth] Closing SecAuth list Alexandre Petrescu
- Re: [Secauth] Closing SecAuth list Kathleen Moriarty
- Re: [Secauth] Closing SecAuth list Alan DeKok
- Re: [Secauth] Closing SecAuth list Paul Lambert