Re: Handling rogue RA feedback

[Marc Blanchet <marc.blanchet@viagenie.ca>]

Le 07-07-24 à 13:58, Iljitsch van Beijnum a écrit :

> On 24-jul-2007, at 13:30, Tim Chown wrote:
>
> > Any comments on
>
> > http://www3.ietf.org/proceedings/07jul/slides/dhc-5.pdf
>
> > to the v6ops list would be welcome.
>
> Ignoring all the protocol details for a moment, it seems to me that  
> the problem here is sourcing some kind of authentication between  
> the network and the host. There are several mechanisms that allow  
> the network to ask the host/user for credentials:
>
> 1. 802.1x
> 2. 802.11 WPA(2)
> 3. PPP PAP/CHAP
>
> It would make sense to make the authentication work the other way  
> around as well, so you know you're actually talking to the network  
> you think you're talking to

SEND[RFC3971]?

Marc.

> (goodbye man in the middle and rogue access points) and then you  
> can use that authentication data to futher authenticate later  
> stages in the configuration process, such as RAs or DHCP.
>
> The scope of the work required is rather extensive, though, and  
> many of the protocols used today aren't even IETF protocols. But  
> getting this right would clearly be beneficial, if only to get rid  
> of those annoying hacks that wifi hotspots use for authentication  
> and payment.

-----
IPv6 book: Migrating to IPv6, Wiley, 2006, http://www.ipv6book.ca