Re: Admission Control to the IETF 78 and IETF 79 Networks

Any chance of a link to specs showing how it is done?

Might be something that maybe deserves to see wider use.

On Sat, Jul 24, 2010 at 9:19 AM, IETF Chair <chair(_at_)ietf(_dot_)org> wrote:
> eduroam (education roaming) is the secure, world-wide roaming access
> service developed for the international research and education
> community. eduroam allows students, researchers and staff from
> participating institutions to obtain Internet connectivity across campus
> and when visiting other participating institutions by simply opening
> their laptop. Since we expect a reasonable attendance at IETF from
> eduroam-connected sites, IETF participants with an eduroam account
> configured, should get connected to the wireless network right away with
> their usual credentials.
>
> Enjoy,
> Russ
>
> On 6/30/2010 5:55 PM, IETF Chair wrote:
> > I am writing to let you know about a change in the IETF meeting network.
> > At IETF 79 in Beijing, the IETF network will be connected to the open
> > Internet with absolutely no filtering.  However, we have agreed with our
> > hosts that only IETF meeting participants will have access to the
> > network.  Following sound engineering practices, we will deploy
> > admission control mechanisms as part of the IETF 78 meeting network in
> > Maastricht to ensure that they are working properly before they are
> > mission critical.
> >
> > I am writing to let you know what to expect in both Maastricht and Beijing.
> >
> >
> > ADMISSION CONTROL CREDENTIALS
> >
> > To gain access to the IETF network, you will need to provide a
> > credential. Your primary credential will be your registration ID.  You
> > can find your registration ID on the registration web page, in the
> > response email confirmation you received from the Secretariat, on your
> > payment receipt, and on the back of your IETF meeting badge.  Your
> > Registration ID will be your user name, and it will be used with a
> > password that will be provided at a later date.  This same password will
> > be used by all attendees.
> >
> > We recognize that IETF 78 registration IDs are very easy to guess.  We
> > expect to use less easily guessed registration IDs for IETF 79.
> >
> > If for any reason you are uncomfortable using your Registration ID,
> > there will be a supply of completely anonymous Registration ID/Password
> > pairs on slips of paper available at the help desk and registration
> > desk.  You will be asked to show an IETF meeting badge to ensure that
> > slips are only provided to registered meeting attendees.
> >
> > Each set of credentials will allow up to three separate MAC addresses on
> > the network, allowing attendees to use the same credential for their
> > laptop, phone, or other devices.  The limit is to prevent the leak of a
> > single credential from undermining the entire system.
> >
> >
> > GAINING ACCESS TO THE NETWORK
> >
> > The primary mechanism to gain access to the wireless network will be
> > either the "ietf.1x" or "ietf-a.1x" SSID.  These will be configured with
> > WPA1 and WPA2 Enterprise.  You simply provide your credentials to your
> > supplicant software for authentication to the network.  I personally
> > encourage you to use WPA2 over WPA1 if your software and hardware
> > support both.
> >
> > If your software does not support WPA Enterprise, you can use the
> > captive portal.  To use this portal, associate with either the
> > "ietf-portal" or "ietf-a-portal" SSID.  Upon initial connection,
> > Internet connectivity will be blocked.  Simply open a browser and go to
> > any web site, just like many hotel networks, and you will be redirected
> > to a portal page where you can enter your credentials.  Once the
> > credentials are validated, your MAC address will have unrestricted
> > access to the network for some period of time.  The portal page will
> > also have links to the internal wiki page with helpful information as
> > well as a way to create trouble tickets prior to authentication.
> >
> > If your small devices does not support WPA Enterprise and does not have
> > a browser, then you will be able to visit the help desk and register the
> > device MAC address for access to the network.  If you need to register
> > your device, please know the MAC address of your device before you show
> > up at the help desk.
> >
> >
> > FALLBACK PLAN
> >
> > Implementing this plan at IETF 78 in Maastricht is important, but
> > obviously not without risk.  The IEEE 802.1X-based access mechanisms
> > have been well tested at previous meetings, and this mechanism is not
> > likely to be a source of trouble.  The captive portal, however, is a
> > greater unknown.  Please use the WPA SSIDs if at all possible to reduce
> > the load on the portal machines.  If the portals do experience problems,
> > the NOC team will implement a backup plan.  The backup plan will only be
> > used as a last resort as the backup plan will not be an option at IETF
> > 79 in Beijing.
> >
> >
> > Safe Travel and Best Wishes,
> >   Russ Housley
> >   IETF Chair
> >
> > _______________________________________________
> > Ietf mailing list
> > Ietf(_at_)ietf(_dot_)org
> > https://www.ietf.org/mailman/listinfo/ietf
> _______________________________________________
> Ietf mailing list
> Ietf(_at_)ietf(_dot_)org
> https://www.ietf.org/mailman/listinfo/ietf


-- 
Website: http://hallambaker.com/
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf