[ietf78-tech] auth token

Sat Jun 26 13:09:51 PDT 2010

Not to imply that /both/ isn't an acceptable answer too ... I just don't think we can make .1x mandatory. 

- Jim

On Jun 26, 2010, at 1:07 PM, Joel Jaeggli <joelja at bogus.com> wrote:

> When the discussion of captive Portal vs 802.1x came up the last the the preference seemed to be for the former.
> 
> Joel's iPad
> 
> On Jun 26, 2010, at 12:55 PM, Chris Elliott <chelliot at pobox.com> wrote:
> 
>> Why put more hardware in the data path? And use a known insecure method?
>> 
>> Let's use WPA/WPA2 with 802.1X and Radius. Obviously the AP's support this. The switches also support this on wired, although I don't think we need to authenticate wired as long as we check badges for folks coming into the terminal room.
>> 
>> Chris.
>> 
>> 
>> --
>> Chris Elliott
>> 
>> 
>> On Jun 26, 2010, at 3:45 PM, John Kemp <kemp at network-services.uoregon.edu> wrote:
>> 
>>> 
>>> I guess I should say "hello!", since the demon has now been invoked.
>>> My name is not Hans Kuhn, but we have been known to share a beer now
>>> and again...
>>> 
>>> To Randy's question, I thought that sounded like a simple and
>>> efficient idea, i.e. token exists already.
>>> 
>>> Same phone/codes as you used for the other phone meeting?
>>> US: +1 650 625 2888 ... ???
>>> 
>>> My plan for this week is to proof-of-concept and performance
>>> test MAC address filtering and redirection using ebtables and
>>> broute.  So that's what I'm working on.  Idea is that there are
>>> two nics on the box, multiple vlans in trunk on each side, matching
>>> multiple interfaces defined on the nics on the box,
>>> and two bridge interfaces carrying whichever vlans are chosen, any
>>> designated as "filtered" or designated as "clear".  So that's the
>>> general concept.  Bridging + mac address filtering.  Let me know
>>> if that sounds approximately correct for the requirements???
>>> 
>>> John Kemp (kemp at network-services.uoregon.edu)
>>> 
>>> 
>>> On 06/25/2010 11:24 PM, Jim Martin wrote:
>>>>  Sorry Randy ... just too much real life this week. Actually, John, Joel and Rob Nagy are working together on a first cut plan. I expect to discuss their results on the monday call so we can have something for Ray on the Tuesday admin call.
>>>> 
>>>>  - Jim
>>>> 
>>>> On Jun 25, 2010, at 10:48 PM, Randy Bush wrote:
>>>> 
>>>>>> of course we are too late to have the maastricht registration process
>>>>>> issue a token set we can use as auth.  but ...
>>>>>> 
>>>>>> as part of reg process, everyone is issued a reg number.  they get this
>>>>>> on their reg web page, on their email receipt, on the paper receipt they
>>>>>> get when they get their badge, ...
>>>>>> 
>>>>>> so, straw proposal
>>>>>> 
>>>>>> o use reg number for maastricht and, optionally, plan to issue our own
>>>>>> reg token for beijing
>>>>>> 
>>>>>> o have paper bag full of reg numbers at the reg desk for those who
>>>>>> lost theirs, want privacy, or whatever
>>>>> 
>>>>> i noticed the stunning response to this.  am i off the wall as usual?
>>>>> is there a better/easier/sexier hack?  as russ/ray will need to start
>>>>> socializing this with the users, we should come to some sort of plan.
>>>>> 
>>>>> randy
>>>>> _______________________________________________
>>>>> ietf78-tech mailing list
>>>>> ietf78-tech at daedelus.com
>>>>> http://www.daedelus.com/mailman/listinfo/ietf78-tech
>>>> 
>>>> 
>>>> 
>>>> _______________________________________________
>>>> ietf78-tech mailing list
>>>> ietf78-tech at daedelus.com
>>>> http://www.daedelus.com/mailman/listinfo/ietf78-tech
>>> 
>>> _______________________________________________
>>> ietf78-tech mailing list
>>> ietf78-tech at daedelus.com
>>> http://www.daedelus.com/mailman/listinfo/ietf78-tech
>> _______________________________________________
>> ietf78-tech mailing list
>> ietf78-tech at daedelus.com
>> http://www.daedelus.com/mailman/listinfo/ietf78-tech
>> 
> _______________________________________________
> ietf78-tech mailing list
> ietf78-tech at daedelus.com
> http://www.daedelus.com/mailman/listinfo/ietf78-tech