On 2009/4/13 Ralph Droms <rdr...@cisco.com> wrote:
For example, would a host process
information received from a Starbucks network over its 802.11
interface differently from information received a home network over
the 802.11 interface?
It's even more fun than that. How do we reliably know that we are at
Starbucks, and not at home? The SSID? That's not an authenticated
token. Currently Windows makes security decisions based on the
SSID. You could call this the best answer they could come up with
for a problem with no good answers. Or you could say that it
instills the user with a false sense of security. Either way, it's
not something I'd be comfortable seeing in a protocol spec, so if the
client is in fact to make decisions as you've suggested, we'd need a
secure way of doing this. I don't know enough about WPA Enterprise
to know if there's a bidirectional authentication going on there -
from the UI perspective it looks like it's one-way.
_______________________________________________
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf
