ietf
[Top] [All Lists]

Re: Back to authentication on the IETF network (was: Re: IETF 78: getting to/from/around Maastricht)

2010-07-12 15:22:53
On Jul 12, 2010, at 3:54 PM, Ted Hardie <ted(_dot_)ietf(_at_)gmail(_dot_)com> 
wrote:

On Mon, Jul 12, 2010 at 12:41 PM, Chris Elliott 
<chelliot(_at_)pobox(_dot_)com> wrote:

I will suggest that in Beijing we may need to physically authenticate people
coming into the terminal room, but I will leave the decision on whether and
how to do that up to the host in Beijing.

Chris.

What does "physically authenticate people" mean here?  Show that they
have a badge (common and meets the stated requirement of "keep the
IETF network for IETF attendees")?  Or write down the name?   Or write
down the name and the network port for the cable they pick up?

The differences here are not subtle, and I don't think this question really
does belong with the hosts in Beijing.  They can present requirements
to the IETF, but it is up to us to decide how to meet them.  If their choice
in meeting the requirement "keep the IETF network for IETF attendees"
turns into "Track the network usage on a per attendee basis", the attendees
really need to know whether that is because that was the real requirement
all along or because the IETF management failed to provide a realistic
alternative that met the stated goal.

Our requirement in Beijing is to meet the government restriction that only 
attendees of the meeting can access the Internet through our external link.

There are no requirements for, and we will certainly not be doing, any 
monitoring of users. Period.

I do not know the layout of the Beijing IETF meeting space. Therefore, I do not 
know the best approach to securing wired connections in the terminal room and 
elsewhere. I am suggesting, to be more explicit, that a guard at the door of 
the terminal room checking that everyone simply has an IETF badge, as we have 
done in many previous meetings, may be sufficient for Beijing as well, and the 
easiest solution for all.

And we are working hand-in-hand with the Beijing folks first in Maastricht and 
then Beijing to refine the requirements and the implementation. Four or five of 
the folks that will be the core of the NOC team in Beijing are members of the 
NOC team in Maastricht and will be working with us throughout the meeting. Some 
of them will be staffing the help desk alongside the RIPE folks, so come by and 
introduce yourselves.

Our roles will reverse in Beijing as they will be responsible for the network 
and we will be there to help.

We are well aware of the concerns of IETF attendees around privacy. We share 
these concerns.

Chris.

best regards,

Ted Hardie
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf