[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Handling rogue RA feedback
On 24-jul-2007, at 13:30, Tim Chown wrote:
Any comments on
http://www3.ietf.org/proceedings/07jul/slides/dhc-5.pdf
to the v6ops list would be welcome.
Ignoring all the protocol details for a moment, it seems to me that
the problem here is sourcing some kind of authentication between the
network and the host. There are several mechanisms that allow the
network to ask the host/user for credentials:
1. 802.1x
2. 802.11 WPA(2)
3. PPP PAP/CHAP
It would make sense to make the authentication work the other way
around as well, so you know you're actually talking to the network
you think you're talking to (goodbye man in the middle and rogue
access points) and then you can use that authentication data to
futher authenticate later stages in the configuration process, such
as RAs or DHCP.
The scope of the work required is rather extensive, though, and many
of the protocols used today aren't even IETF protocols. But getting
this right would clearly be beneficial, if only to get rid of those
annoying hacks that wifi hotspots use for authentication and payment.