The usability of these systems suck. Any time a user has to think when the computer can think for them is a failure. Every WiFi access control system I have ever used has required me to configure the computer. If the designers had actual brains instead of bits of liver strapped round their waist by dogbert then all that would be necessary to securely authenticate to the network is to give either the MAC address of the computer or the fingerprint of the cert. This configuration is going to cost several minutes per participant. Think of it on Enterprise scale and you have significant costs. And the coffee shop scenario is not about authentication, its really about getting acceptance of the terms of service. On Sat, Jul 3, 2010 at 12:02 PM, Iljitsch van Beijnum <iljitsch@xxxxxxxxx> wrote: > On 2 jul 2010, at 2:30, Phillip Hallam-Baker wrote: > >> It has taken ten years for WiFi to get to a state where an adequate >> credential mechanism is supported, and it is still clunky. > > What are you talking about?? Enterprise type WPA where you authenticate against a back end server has been around for years, and with WPA2 it supports good encryption, too. > >> And they >> still don't have a decent mechanism to support the typical coffee shop >> type access mode. > > Well, you could use WPA(2) there too. People who don't have a working account yet for the hotspot in question would then log in as guest, create an account and then log in with that account. > > But I would argue that the IETF in general has ignored access control to IP networks and how this interacts with provisioning of addresses and other information once PPP was out the door. Look at the backflips that are required to provide ethernet-based broadband access. Although we can partially blame this on the lack of uptake of 802.1x which handles the authentication, but that still makes (IP-over-)ethernet-based broadband problematic because of its point-to-multipoint model that isn't appropriate for providing services. > > -- Website: http://hallambaker.com/ _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf