Re: [Emu] Provisioning, configuration, etc. and EAP

Mon, 28 Mar 2022 13:38:52 -0700 

Alan DeKok <al...@deployingradius.com> wrote:
    >> 64K is plenty to run RFC8995.  Probably we can get away with a total
    >> of less than 10K exchanged in the worst case situations, with 2K being
    >> more typical.

    >   That's good, but I still have concerns with the process of using EAP
    > for, well, almost everything.

    >   Anonymous / unauthenticated EAP-TLS exists.  I'd like to know why
    > that's unacceptable for provisioning general-purpose devices.

    >   For example, see any number of device management products.  These
    > products download large amounts of configuration, and even applications
    > to end-user devices.  This process is part of provisioning the device,
    > and can't be done via tunnelling that data in EAP.  So if we're not
    > using EAP for most of that complex provisioning, why not just use the
    > same methods for all of it?

Well, this is not something I'd do as part of onboarding, but rather as part
of _configuration_, and I agree that it would be better to just use IP for that.

    >> The cost is that it has to be setup and available across a potentially
    >> large enterprise situation.  At the small scale of one or two home
    >> routers, it's just not a problem.

    >   I'm not clear how a large enterprise causes any issues.  For my
    > proposal, just put records into DNS, and various data into web pages.
    > Anyone with corporate credentials can then get on the secure WiFi
    > network.

The issue is that new SSIDs have to deployed over hundreds of access points.
This new "LAN" has to have VLANs deployed for it,  and if done wrong, might
need DHCPv4.
There is a limit in air-time for the number of beacons that the APs have time
for as well, but it's not a concern, AFAIK, until you get into the O(10^2) 
range.

    >   It's 2022... why is it difficult to get onto a friends WiFi network,
    > securely, and easily?

Two out of three?

-- 
]               Never tell me the odds!                 | ipv6 mesh networks [ 
]   Michael Richardson, Sandelman Software Works        | network architect  [ 
]     m...@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [

Attachment: signature.asc
Description: PGP signature

_______________________________________________
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu

Reply via email to