ietf
[Top] [All Lists]

Re: Back to authentication on the IETF network

2010-07-12 15:48:28
 On 7/12/2010 1:19 PM, Chris Elliott wrote:
On Jul 12, 2010, at 3:54 PM, Ted Hardie <ted(_dot_)ietf(_at_)gmail(_dot_)com
<mailto:ted(_dot_)ietf(_at_)gmail(_dot_)com>> wrote:

On Mon, Jul 12, 2010 at 12:41 PM, Chris Elliott 
<chelliot(_at_)pobox(_dot_)com
<mailto:chelliot(_at_)pobox(_dot_)com>> wrote:

I will suggest that in Beijing we may need to physically
authenticate people
coming into the terminal room, but I will leave the decision on
whether and
how to do that up to the host in Beijing.

Chris.

What does "physically authenticate people" mean here?  Show that they
have a badge (common and meets the stated requirement of "keep the
IETF network for IETF attendees")?  Or write down the name?   Or write
down the name and the network port for the cable they pick up?

The differences here are not subtle, and I don't think this question
really
does belong with the hosts in Beijing.  They can present requirements
to the IETF, but it is up to us to decide how to meet them.  If their
choice
in meeting the requirement "keep the IETF network for IETF attendees"
turns into "Track the network usage on a per attendee basis", the
attendees
really need to know whether that is because that was the real requirement
all along or because the IETF management failed to provide a realistic
alternative that met the stated goal.

Our requirement in Beijing is to meet the government restriction that
only attendees of the meeting can access the Internet through our
external link.

There are no requirements for, and we will certainly not be doing, any
monitoring of users. Period.

You wont have to - the Chinese Government and several others will
monitor that for you. You dont believe me - ask the Bureau of State
Security...



I do not know the layout of the Beijing IETF meeting space. Therefore,
I do not know the best approach to securing wired connections in the
terminal room and elsewhere. I am suggesting, to be more explicit,
that a guard at the door of the terminal room checking that everyone
simply has an IETF badge, as we have done in many previous meetings,
may be sufficient for Beijing as well, and the easiest solution for all.
Yeah I bet.

Todd
And we are working hand-in-hand with the Beijing folks first in
Maastricht and then Beijing to refine the requirements and the
implementation. Four or five of the folks that will be the core of the
NOC team in Beijing are members of the NOC team in Maastricht and will
be working with us throughout the meeting. Some of them will be
staffing the help desk alongside the RIPE folks, so come by and
introduce yourselves.

Our roles will reverse in Beijing as they will be responsible for the
network and we will be there to help.

We are well aware of the concerns of IETF attendees around privacy. We
share these concerns.

Chris.

best regards,

Ted Hardie


_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf