ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Admission Control to the IETF 78 and IETF 79 Networks

2010-07-06 10:01:40
from [Phillip Hallam-Baker] [Permanent Link] 
The usability of these systems suck.

Any time a user has to think when the computer can think for them is a
failure. Every WiFi access control system I have ever used has
required me to configure the computer.

If the designers had actual brains instead of bits of liver strapped
round their waist by dogbert then all that would be necessary to
securely authenticate to the network is to give either the MAC address
of the computer or the fingerprint of the cert.


This configuration is going to cost several minutes per participant.
Think of it on Enterprise scale and you have significant costs.


And the coffee shop scenario is not about authentication, its really
about getting acceptance of the terms of service.


On Sat, Jul 3, 2010 at 12:02 PM, Iljitsch van Beijnum
<iljitsch(_at_)muada(_dot_)com> wrote:

On 2 jul 2010, at 2:30, Phillip Hallam-Baker wrote:


It has taken ten years for WiFi to get to a state where an adequate
credential mechanism is supported, and it is still clunky.


What are you talking about?? Enterprise type WPA where you authenticate 
against a back end server has been around for years, and with WPA2 it 
supports good encryption, too.


And they
still don't have a decent mechanism to support the typical coffee shop
type access mode.


Well, you could use WPA(2) there too. People who don't have a working account 
yet for the hotspot in question would then log in as guest, create an account 
and then log in with that account.

But I would argue that the IETF in general has ignored access control to IP 
networks and how this interacts with provisioning of addresses and other 
information once PPP was out the door. Look at the backflips that are 
required to provide ethernet-based broadband access. Although we can 
partially blame this on the lack of uptake of 802.1x which handles the 
authentication, but that still makes (IP-over-)ethernet-based broadband 
problematic because of its point-to-multipoint model that isn't appropriate 
for providing services.






-- 
Website: http://hallambaker.com/
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: IETF privacy policy - update, Stephan Wenger
Next by Date:  Re: [dispatch] VIPR - proposed charter version 3, Peter Musgrave
Previous by Thread:  Re: Admission Control to the IETF 78 and IETF 79 Networks, Iljitsch van Beijnum
Next by Thread:  Re: Admission Control to the IETF 78 and IETF 79 Networks, Chris Elliott
Indexes:  [Date] [Thread] [Top] [All Lists]