Re: Admission Control to the IETF 78 and IETF 79 Networks

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The usability of these systems suck.

Any time a user has to think when the computer can think for them is a
failure. Every WiFi access control system I have ever used has
required me to configure the computer.

If the designers had actual brains instead of bits of liver strapped
round their waist by dogbert then all that would be necessary to
securely authenticate to the network is to give either the MAC address
of the computer or the fingerprint of the cert.


This configuration is going to cost several minutes per participant.
Think of it on Enterprise scale and you have significant costs.


And the coffee shop scenario is not about authentication, its really
about getting acceptance of the terms of service.


On Sat, Jul 3, 2010 at 12:02 PM, Iljitsch van Beijnum
<iljitsch@xxxxxxxxx> wrote:
> On 2 jul 2010, at 2:30, Phillip Hallam-Baker wrote:
>
>> It has taken ten years for WiFi to get to a state where an adequate
>> credential mechanism is supported, and it is still clunky.
>
> What are you talking about?? Enterprise type WPA where you authenticate against a back end server has been around for years, and with WPA2 it supports good encryption, too.
>
>> And they
>> still don't have a decent mechanism to support the typical coffee shop
>> type access mode.
>
> Well, you could use WPA(2) there too. People who don't have a working account yet for the hotspot in question would then log in as guest, create an account and then log in with that account.
>
> But I would argue that the IETF in general has ignored access control to IP networks and how this interacts with provisioning of addresses and other information once PPP was out the door. Look at the backflips that are required to provide ethernet-based broadband access. Although we can partially blame this on the lack of uptake of 802.1x which handles the authentication, but that still makes (IP-over-)ethernet-based broadband problematic because of its point-to-multipoint model that isn't appropriate for providing services.
>
>



-- 
Website: http://hallambaker.com/
_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]