[ietf78-tech] user device authentication in maastricht
Randy Bush
randy at psg.com
Mon Jun 28 08:54:29 PDT 2010
>> Q: is there an escape, i.e. if a user can not authenticate, is there an
>> ssid they can use for free?
>> A: no. then what would be the purpose of the exercise?
>
> Yes, for Maastricht--with logging so we can track failures. No, for
> Beijing.
please descrive logging of failures? how is one diagnosed? how is it
logged? how does that cause the user to be allowed out?
>> o one regid authentication gets one mac allowed. if the user wishes
>> to authenticate multiple devices, they must go to the reg desk and
>> draw from the bag. otherwise, the leak of one regid gives a horde
>> of attackers access.
>
> I'd argue for at least two mac addresses per. Most laptops have
> wireless and wired and many of our users will use both.
sure. though is it easy for auth system to allow two?
randy
More information about the ietf78-tech
mailing list