Ted: >> There's a difference, however, between ticking a box and having individual >> user-attributable credentials. The two techniques are focused on different >> goals, generically binding users to an AUP, without caring who they are, >> versus being able to identify individual users on the network (with more >> detail than a MAC address). >> >> The proposal here is the latter, which would seem to raise the question of >> why individual user attribution is necessary, i.e., why anonymity in the >> IETF network unacceptable -- even within the pool of IETF participants. > > I agree with Richard's view here, and I suggest the following > modifications to the proposed admission control: > > 1) Use only paper-provided slips to provide authentication credentials. > There is no stated reason for associating specific registration data > with the network authentication method and it is trivial to provide > the slips of paper to anyone with a proper badge. Let the individual > getting a slip shuffle the pile, get multiple slips every day, or do > whatever else they would like to increase randomness. But start from > the presumption that the admission control is to limit access to > "registered attendees only" not to provide an association to > registration data. > > 2) Favor anonymous MAC registration over portal methods. Set up a > terminal or group of terminals which allow individuals to register > their MAC addresses for access. Allow anyone with a badge access to > those terminals, and do not collect information on which individual > entered which MAC address. (The portal mechanism relies on a specific > ordering of application protocol activity at best; at worst it > provides a full-on monkey-in-the-middle. That should be a last > resort) > > 3) For the portal, there is no reason to have the MAC-based > permissions created to be time limited. If proper credentials from a > slip of paper are entered, there is no reason not to treat this as > equivalent to registration of the MAC address for the duration of the > meeting. > > My personal preference is that this requirement from the host be > politely declined as contrary to the usual operation of the IETF > network. But if it is not going to be declined, then the admission > control should not further the ability to associate specific > credentials to individuals. A few points in response: 1) Anonymous slips are available to anyone with an IETF meeting badge that wants them, as often as they want them, from two sources: the IETF registration desk and the network help desk. 2) The MAC address registration is available at the network help desk. 3) I have not discussed the portal time limit with the NOC Team, but I'll recommend that the registration work for the whole week. Russ _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf