ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Admission Control to the IETF 78 and IETF 79 Networks

2010-07-06 11:00:15
from [Chris Elliott] [Permanent Link] 
On Sat, Jul 3, 2010 at 3:13 PM, Phillip Hallam-Baker 
<hallam(_at_)gmail(_dot_)com>wrote:


The usability of these systems suck.

Any time a user has to think when the computer can think for them is a
failure. Every WiFi access control system I have ever used has
required me to configure the computer.

If the designers had actual brains instead of bits of liver strapped
round their waist by dogbert then all that would be necessary to
securely authenticate to the network is to give either the MAC address
of the computer or the fingerprint of the cert.



MAC secure? Surely you jest.



This configuration is going to cost several minutes per participant.
Think of it on Enterprise scale and you have significant costs.


And the coffee shop scenario is not about authentication, its really
about getting acceptance of the terms of service.


On Sat, Jul 3, 2010 at 12:02 PM, Iljitsch van Beijnum
<iljitsch(_at_)muada(_dot_)com> wrote:

On 2 jul 2010, at 2:30, Phillip Hallam-Baker wrote:


It has taken ten years for WiFi to get to a state where an adequate
credential mechanism is supported, and it is still clunky.


What are you talking about?? Enterprise type WPA where you authenticate

against a back end server has been around for years, and with WPA2 it
supports good encryption, too.



And they
still don't have a decent mechanism to support the typical coffee shop
type access mode.


Well, you could use WPA(2) there too. People who don't have a working

account yet for the hotspot in question would then log in as guest, create
an account and then log in with that account.


But I would argue that the IETF in general has ignored access control to

IP networks and how this interacts with provisioning of addresses and other
information once PPP was out the door. Look at the backflips that are
required to provide ethernet-based broadband access. Although we can
partially blame this on the lack of uptake of 802.1x which handles the
authentication, but that still makes (IP-over-)ethernet-based broadband
problematic because of its point-to-multipoint model that isn't appropriate
for providing services.







--
Website: http://hallambaker.com/
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf





-- 
Chris Elliott
chelliot(_at_)pobox(_dot_)com

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [dispatch] VIPR - Speaking of Video Calls .., Richard Shockey
Next by Date:  Re: draft-housley-two-maturity-levels, John C Klensin
Previous by Thread:  Re: Admission Control to the IETF 78 and IETF 79 Networks, Phillip Hallam-Baker
Next by Thread:  Re: Admission Control to the IETF 78 and IETF 79 Networks, tytso
Indexes:  [Date] [Thread] [Top] [All Lists]