[ietf78-tech] auth token

Joel Jaeggli joelja at bogus.com
Sat Jun 26 13:07:45 PDT 2010 

When the discussion of captive Portal vs 802.1x came up the last the the preference seemed to be for the former.

Joel's iPad

On Jun 26, 2010, at 12:55 PM, Chris Elliott <chelliot at pobox.com> wrote:

> Why put more hardware in the data path? And use a known insecure method?
> 
> Let's use WPA/WPA2 with 802.1X and Radius. Obviously the AP's support this. The switches also support this on wired, although I don't think we need to authenticate wired as long as we check badges for folks coming into the terminal room.
> 
> Chris.
> 
> 
> --
> Chris Elliott
> 
> 
> On Jun 26, 2010, at 3:45 PM, John Kemp <kemp at network-services.uoregon.edu> wrote:
> 
>> 
>> I guess I should say "hello!", since the demon has now been invoked.
>> My name is not Hans Kuhn, but we have been known to share a beer now
>> and again...
>> 
>> To Randy's question, I thought that sounded like a simple and
>> efficient idea, i.e. token exists already.
>> 
>> Same phone/codes as you used for the other phone meeting?
>> US: +1 650 625 2888 ... ???
>> 
>> My plan for this week is to proof-of-concept and performance
>> test MAC address filtering and redirection using ebtables and
>> broute.  So that's what I'm working on.  Idea is that there are
>> two nics on the box, multiple vlans in trunk on each side, matching
>> multiple interfaces defined on the nics on the box,
>> and two bridge interfaces carrying whichever vlans are chosen, any
>> designated as "filtered" or designated as "clear".  So that's the
>> general concept.  Bridging + mac address filtering.  Let me know
>> if that sounds approximately correct for the requirements???
>> 
>> John Kemp (kemp at network-services.uoregon.edu)
>> 
>> 
>> On 06/25/2010 11:24 PM, Jim Martin wrote:
>>>   Sorry Randy ... just too much real life this week. Actually, John, Joel and Rob Nagy are working together on a first cut plan. I expect to discuss their results on the monday call so we can have something for Ray on the Tuesday admin call.
>>> 
>>>   - Jim
>>> 
>>> On Jun 25, 2010, at 10:48 PM, Randy Bush wrote:
>>> 
>>>>> of course we are too late to have the maastricht registration process
>>>>> issue a token set we can use as auth.  but ...
>>>>> 
>>>>> as part of reg process, everyone is issued a reg number.  they get this
>>>>> on their reg web page, on their email receipt, on the paper receipt they
>>>>> get when they get their badge, ...
>>>>> 
>>>>> so, straw proposal
>>>>> 
>>>>> o use reg number for maastricht and, optionally, plan to issue our own
>>>>>  reg token for beijing
>>>>> 
>>>>> o have paper bag full of reg numbers at the reg desk for those who
>>>>>  lost theirs, want privacy, or whatever
>>>> 
>>>> i noticed the stunning response to this.  am i off the wall as usual?
>>>> is there a better/easier/sexier hack?  as russ/ray will need to start
>>>> socializing this with the users, we should come to some sort of plan.
>>>> 
>>>> randy
>>>> _______________________________________________
>>>> ietf78-tech mailing list
>>>> ietf78-tech at daedelus.com
>>>> http://www.daedelus.com/mailman/listinfo/ietf78-tech
>>> 
>>> 
>>> 
>>> _______________________________________________
>>> ietf78-tech mailing list
>>> ietf78-tech at daedelus.com
>>> http://www.daedelus.com/mailman/listinfo/ietf78-tech
>> 
>> _______________________________________________
>> ietf78-tech mailing list
>> ietf78-tech at daedelus.com
>> http://www.daedelus.com/mailman/listinfo/ietf78-tech
> _______________________________________________
> ietf78-tech mailing list
> ietf78-tech at daedelus.com
> http://www.daedelus.com/mailman/listinfo/ietf78-tech
>

More information about the ietf78-tech mailing list