On Sat, Jul 3, 2010 at 3:13 PM, Phillip Hallam-Baker <hal...@gmail.com>wrote:
> The usability of these systems suck. > > Any time a user has to think when the computer can think for them is a > failure. Every WiFi access control system I have ever used has > required me to configure the computer. > > If the designers had actual brains instead of bits of liver strapped > round their waist by dogbert then all that would be necessary to > securely authenticate to the network is to give either the MAC address > of the computer or the fingerprint of the cert. > MAC secure? Surely you jest. > This configuration is going to cost several minutes per participant. > Think of it on Enterprise scale and you have significant costs. > > > And the coffee shop scenario is not about authentication, its really > about getting acceptance of the terms of service. > > > On Sat, Jul 3, 2010 at 12:02 PM, Iljitsch van Beijnum > <iljit...@muada.com> wrote: > > On 2 jul 2010, at 2:30, Phillip Hallam-Baker wrote: > > > >> It has taken ten years for WiFi to get to a state where an adequate > >> credential mechanism is supported, and it is still clunky. > > > > What are you talking about?? Enterprise type WPA where you authenticate > against a back end server has been around for years, and with WPA2 it > supports good encryption, too. > > > >> And they > >> still don't have a decent mechanism to support the typical coffee shop > >> type access mode. > > > > Well, you could use WPA(2) there too. People who don't have a working > account yet for the hotspot in question would then log in as guest, create > an account and then log in with that account. > > > > But I would argue that the IETF in general has ignored access control to > IP networks and how this interacts with provisioning of addresses and other > information once PPP was out the door. Look at the backflips that are > required to provide ethernet-based broadband access. Although we can > partially blame this on the lack of uptake of 802.1x which handles the > authentication, but that still makes (IP-over-)ethernet-based broadband > problematic because of its point-to-multipoint model that isn't appropriate > for providing services. > > > > > > > > -- > Website: http://hallambaker.com/ > _______________________________________________ > Ietf mailing list > Ietf@ietf.org > https://www.ietf.org/mailman/listinfo/ietf > -- Chris Elliott chell...@pobox.com
_______________________________________________ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf