[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Handling rogue RA feedback



On 24-jul-2007, at 13:30, Tim Chown wrote:

Any comments on

http://www3.ietf.org/proceedings/07jul/slides/dhc-5.pdf

to the v6ops list would be welcome.

Ignoring all the protocol details for a moment, it seems to me that the problem here is sourcing some kind of authentication between the network and the host. There are several mechanisms that allow the network to ask the host/user for credentials:

1. 802.1x
2. 802.11 WPA(2)
3. PPP PAP/CHAP

It would make sense to make the authentication work the other way around as well, so you know you're actually talking to the network you think you're talking to (goodbye man in the middle and rogue access points) and then you can use that authentication data to futher authenticate later stages in the configuration process, such as RAs or DHCP.

The scope of the work required is rather extensive, though, and many of the protocols used today aren't even IETF protocols. But getting this right would clearly be beneficial, if only to get rid of those annoying hacks that wifi hotspots use for authentication and payment.