Am Donnerstag, 27. Dezember 2007 19:35:02 schrieb Alan DeKok: > David B. Nelson wrote: > >> If the only way to obtain network access is via EAP, then you have a > >> bootstrapping problem. Once the users have signed up, everything is > >> great. The users who *haven't* signed up are shut out. Permanently. > > > > So, this is really an enrollment issue, not an authentication issue? > > No. Think of roaming, which I've been spending a lot of time on lately. > > If authentication is required for any IP-based network access, then > how do roaming users know that they can authenticate using the local > network? Pre-provisioning devices with roaming knowledge doesn't scale, > and it doesn't handle dynamic networks. 802.11af doesn't scale either, > and isn't designed to scale. > > When the user doesn't have any network access, they can't determine > whether or not authentication is possible. They can't determine which > authentication credentials to use. So requiring authentication means > *forbidding* network access to a large class of users who could > *potentially* obtain network access. > > Alan DeKok. > > -- > to unsubscribe send a message to radiusext-request@ops.ietf.org with > the word 'unsubscribe' in a single line as the message text body. > archive: <http://psg.com/lists/radiusext/> -- Stefan WINTER Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche Ingenieur Forschung & Entwicklung 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg E-Mail: stefan.winter@restena.lu Tel.: +352 424409-1 http://www.restena.lu Fax: +352 422473
Attachment:
signature.asc
Description: This is a digitally signed message part.