[Top] [All Lists]

Re: Write an RFC Was: experiments in the ietf week

2008-03-25 06:06:06
Phillip does have a point regarding 802.1x authentication, which is
typically used to authenticate the user to the service, and not vice
versa. Conceivably a person could set up an "evil" access point that
advertises the same beacon as the official access points, and has
802.1x enabled to accept the same shared user name and password (which
is also well publicized).

One way that could make this much more secure from the user viewpoint
would be for every attendee to receive an individual 802.1x user name
and password, perhaps printed on the back of their name tag.
Presumably an "evil" access point would not have access to these names
and passwords, so users can be sure that they are attaching to an
official access point. But as this would create much more work for the
NOC and admin staff, I'm not advocating we do that.


On Mon, Mar 24, 2008 at 10:30 PM, Patrik Fältström 
<patrik(_at_)frobbit(_dot_)se> wrote:

On 25 mar 2008, at 02.18, Hallam-Baker, Phillip wrote:

I am willing to have a go at it next time round but only if I have
some idea what I am expected to have on my machine and what
authentication indicata I am to expect.

As it stands there is no way for me to evaluate an authentic or
inauthentic experience. I don't know what authentic looks like. I
have no trust anchor.

This email message sent to me was enough of a trust anchor to use
802.1x. Specifically as "the instructions" are the same as IETF-70 and
previous meetings.

Sure, the mail was not signed, but I also asked a friend at the
meeting "what he used". And as we both had the same instructions, we
trusted that. If we wanted to, we could have asked someone actually
running the network, but we did not feel we had to.


IETF mailing list

IETF mailing list