Re: Write an RFC Was: experiments in the ietf week

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Phillip does have a point regarding 802.1x authentication, which is
typically used to authenticate the user to the service, and not vice
versa. Conceivably a person could set up an "evil" access point that
advertises the same beacon as the official access points, and has
802.1x enabled to accept the same shared user name and password (which
is also well publicized).

One way that could make this much more secure from the user viewpoint
would be for every attendee to receive an individual 802.1x user name
and password, perhaps printed on the back of their name tag.
Presumably an "evil" access point would not have access to these names
and passwords, so users can be sure that they are attaching to an
official access point. But as this would create much more work for the
NOC and admin staff, I'm not advocating we do that.

Cheers,
Andy

On Mon, Mar 24, 2008 at 10:30 PM, Patrik Fältström <patrik@xxxxxxxxxx> wrote:
>
> On 25 mar 2008, at 02.18, Hallam-Baker, Phillip wrote:
>
> > I am willing to have a go at it next time round but only if I have
> > some idea what I am expected to have on my machine and what
> > authentication indicata I am to expect.
> >
> > As it stands there is no way for me to evaluate an authentic or
> > inauthentic experience. I don't know what authentic looks like. I
> > have no trust anchor.
>
> This email message sent to me was enough of a trust anchor to use
> 802.1x. Specifically as "the instructions" are the same as IETF-70 and
> previous meetings.
>
> http://www.ietf.org/mail-archive/web/71attendees/current/msg00154.html
>
> Sure, the mail was not signed, but I also asked a friend at the
> meeting "what he used". And as we both had the same instructions, we
> trusted that. If we wanted to, we could have asked someone actually
> running the network, but we did not feel we had to.
>
>    Patrik
>
>
> _______________________________________________
> IETF mailing list
> IETF@xxxxxxxx
> https://www.ietf.org/mailman/listinfo/ietf
>
_______________________________________________
IETF mailing list
IETF@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]