On 7/12/10 11:39 AM, Martin Rex wrote:
Personally, I'm heavily opposed to an approach along these lines.
It is a big plus that MAC addresses can be trivially changed,
and I regularly connect with random MACs in public places.
Russ and Ted discussed use of MAC addresses for access. I may have
missed or misunderstood their point, although such a scheme is often
used (and easily defeated) in typical coffee-shop settings. I may be
wrong, and this is a good list for learning such things.
When security is desired, something like WPA2 Enterprise EAP-TTLS seems
more realistic. Perhaps other options need to be included to overcoming
third-party software for versions of Windows. This approach would keep
information and privacy better secured, and systems less exposed to
various exploits, since some attendees may actually need protection in
the big city. :^)
Better security can be found with 802.1X-2010 that resolves some
vulnerabilities by using MACSec 802.1AE to encrypt data between logical
ports. This suffers a drawback of deploying client certs, of poor
coverage, along with the anxiety that EAP-TPM might cause.
Personally, I'm somewhat less concerned about a unique or fixed ID in
my DSL-router. I have only one DSL subscription with one single ISP,
and I need to authenticate to my ISP with userid&pass -- which makes
we wonder why should there be a unique/fixed ID in that device,
it is absolutely unnecessary.
Securing wireless must detect MitM attack. Using a cert at the server
when making changes seems a small price.
-Doug
_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf