ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Admission Control to the IETF 78 and IETF 79 Networks

2010-07-01 12:50:09
from [Ted Hardie] [Permanent Link] 
On Thu, Jul 1, 2010 at 8:52 AM, Richard L. Barnes <rbarnes(_at_)bbn(_dot_)com> 
wrote:

There's a difference, however, between ticking a box and having individual
user-attributable credentials.  The two techniques are focused on different
goals, generically binding users to an AUP, without caring who they are,
versus being able to identify individual users on the network (with more
detail than a MAC address).

The proposal here is the latter, which would seem to raise the question of
why individual user attribution is necessary, i.e., why anonymity in the
IETF network unacceptable -- even within the pool of IETF participants.



I agree with Richard's view here, and I suggest the following
modifications to the  proposed admission control:

1) Use only paper-provided slips to provide authentication credentials.
There is no stated reason for associating specific registration data
with the network authentication method and it is trivial to provide
the slips of paper to anyone with a proper badge.  Let the individual
getting a slip shuffle the pile, get multiple slips every day, or do
whatever else they would like to increase randomness.  But start from
the presumption that the admission control is to limit access to
"registered attendees only" not to provide an association to
registration data.

2) Favor anonymous MAC registration over portal methods.  Set up a
terminal or group of terminals which allow individuals to register
their MAC addresses for access.   Allow anyone with a badge access to
those terminals, and do not collect information on which individual
entered which MAC address.  (The portal mechanism relies on a specific
ordering of application protocol activity at best; at worst it
provides a full-on monkey-in-the-middle.  That should be a last
resort)

3) For the portal, there is no reason to have the MAC-based
permissions created to be time limited.  If proper credentials from a
slip of paper are entered, there is no reason not to treat this as
equivalent to registration of the MAC address for the duration of the
meeting.

 My personal preference is that this requirement from the host be
politely declined as contrary to the usual operation of the IETF
network.   But if it is not going to be declined, then the admission
control should not further the ability to associate specific
credentials to individuals.

Just two cents,

Ted Hardie
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Admission Control to the IETF 78 and IETF 79 Networks, Iljitsch van Beijnum
Next by Date:  Re: [dispatch] VIPR - proposed charter version 3, Mary Barnes
Previous by Thread:  Re: Admission Control to the IETF 78 and IETF 79 Networks, Richard L. Barnes
Next by Thread:  Re: Admission Control to the IETF 78 and IETF 79 Networks, Russ Housley
Indexes:  [Date] [Thread] [Top] [All Lists]