[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[no subject]

How does what you have in mind compare/relate to the above draft?


> 
>> I'm not sure
>> what exactly you mean by "secure interface", but based on my reading of the
>> draft the only security is for protecting this protocol's packets between
>> the AP and the AR. And this is not an additional feature but a requirement
>> on the protocol.
> 
> Correct - that is the secure interface I mentioned. It is assumed that
> the user will protect his/her own traffic... and that the AR will
> enforce whatever policy it has defined. LWAPP was not intended to
> replace end-to-end security, but securing that interface *is* a
> requirement, not an additional feature. A malicious AP can do very nasty
> things to an AR.
> 
>>> 
>>> Further, the market has made it pretty clear that they no longer want
>>> smart APs that have to be managed individually. They want a central
>>> point of control, with remote interfaces. But this is a market issue,
>>> not a standards one.
>> 
>> This makes sense. But is there any difference between your proposed protocol
>> and SNMP in this context?
> 
> Sure, let me explain.
> 
> What we've heard from our customers is that they are tired to managing
> APs scattered throughout their networks (oh, and it's clear the industry
> is moving in this direction, these are not just my own ramblings). The
> issue SNMP in the AP is that it does require the administrator to touch
> the device. People want a secure plug and play solution. If SNMP is on
> the box, you must configure the community string (and user in the case
> of v3), and this security relationship is one that must be administered
> over the course of the device's lifetime. The market is pretty clear in
> the fact that it wants an AP that can auto-discover ARs and establish a
> security relationship w/o any administrator involvement. The draft's use
> of certificates provides this feature, but I agree that a shared secret
> mechanism should probably  be defined as well.

If I'm understanding this right, the problem is that SNMP does not know how
to use certificates for authentication.... I don't know how hard it is to
solve this if it is needed as you described....

alper


> 
> PatC
> 
> _______________________________________________
> Seamoby mailing list
> Seamoby@ietf.org
&amp;amp;gt; &amp;lt;a  href=&amp;quot;&lt;a  rel=&quot;nofollow&quot; href=&quot;<a  rel="nofollow" href="https://www1.ietf.org/mailman/listinfo/seamoby&amp;quot&quot";>https://www1.ietf.org/mailman/listinfo/seamoby&amp;quot&quot</a>;&gt;<a  rel="nofollow" href="https://www1.ietf.org/mailman/listinfo/seamoby&amp;quot";>https://www1.ietf.org/mailman/listinfo/seamoby&amp;quot</a>&lt;/a&gt;;&amp;gt;&lt;a  rel=&quot;nofollow&quot; href=&quot;<a  rel="nofollow" href="https://www1.ietf.org/mailman/listinfo/seamoby&quot";>https://www1.ietf.org/mailman/listinfo/seamoby&quot</a>;&gt;<a  rel="nofollow" href="https://www1.ietf.org/mailman/listinfo/seamoby";>https://www1.ietf.org/mailman/listinfo/seamoby</a>&lt;/a&gt;&amp;lt;/a&amp;gt;
&amp;amp;gt; 

_______________________________________________
Seamoby mailing list
Seamoby@ietf.org
&amp;lt;a  href=&amp;quot;&lt;a  rel=&quot;nofollow&quot; href=&quot;<a  rel="nofollow" href="https://www1.ietf.org/mailman/listinfo/seamoby&amp;quot&quot";>https://www1.ietf.org/mailman/listinfo/seamoby&amp;quot&quot</a>;&gt;<a  rel="nofollow" href="https://www1.ietf.org/mailman/listinfo/seamoby&amp;quot";>https://www1.ietf.org/mailman/listinfo/seamoby&amp;quot</a>&lt;/a&gt;;&amp;gt;&lt;a  rel=&quot;nofollow&quot; href=&quot;<a  rel="nofollow" href="https://www1.ietf.org/mailman/listinfo/seamoby&quot";>https://www1.ietf.org/mailman/listinfo/seamoby&quot</a>;&gt;<a  rel="nofollow" href="https://www1.ietf.org/mailman/listinfo/seamoby";>https://www1.ietf.org/mailman/listinfo/seamoby</a>&lt;/a&gt;&amp;lt;/a&amp;gt;



&amp;lt;/pre&amp;gt;

&amp;lt;!--X-Body-of-Message-End--&amp;gt;
&amp;lt;!--X-MsgBody-End--&amp;gt;
&amp;lt;!--X-Follow-Ups--&amp;gt;
&amp;lt;hr&amp;gt;
&amp;lt;!--X-Follow-Ups-End--&amp;gt;
&amp;lt;!--X-References--&amp;gt;
&amp;lt;ul&amp;gt;&amp;lt;li&amp;gt;&amp;lt;strong&amp;gt;References&amp;lt;/strong&amp;gt;:
&amp;lt;ul&amp;gt;
&amp;lt;li&amp;gt;&amp;lt;strong&amp;gt;&amp;lt;a name=&amp;quot;01928&amp;quot; href=&amp;quot;msg01928.html&amp;quot;&amp;gt;Re: [Seamoby] LWAPP&amp;lt;/a&amp;gt;&amp;lt;/strong&amp;gt;
&amp;lt;ul&amp;gt;&amp;lt;li&amp;gt;&amp;lt;em&amp;gt;From:&amp;lt;/em&amp;gt; Pat Calhoun &amp;amp;lt;pcalhoun@bstormnetworks.com&amp;amp;gt;&amp;lt;/li&amp;gt;&amp;lt;/ul&amp;gt;&amp;lt;/li&amp;gt;
&amp;lt;/ul&amp;gt;&amp;lt;/li&amp;gt;&amp;lt;/ul&amp;gt;
&amp;lt;!--X-References-End--&amp;gt;
&amp;lt;!--X-BotPNI--&amp;gt;
&amp;lt;ul&amp;gt;
&amp;lt;li&amp;gt;Prev by Date:
&amp;lt;strong&amp;gt;&amp;lt;a href=&amp;quot;msg01932.html&amp;quot;&amp;gt;RE: [Seamoby] LWAPP&amp;lt;/a&amp;gt;&amp;lt;/strong&amp;gt;
&amp;lt;/li&amp;gt;
&amp;lt;li&amp;gt;Next by Date:
&amp;lt;strong&amp;gt;&amp;lt;a href=&amp;quot;msg01934.html&amp;quot;&amp;gt;RE: [Seamoby] LWAPP&amp;lt;/a&amp;gt;&amp;lt;/strong&amp;gt;
&amp;lt;/li&amp;gt;
&amp;lt;li&amp;gt;Previous by thread:
&amp;lt;strong&amp;gt;&amp;lt;a href=&amp;quot;msg01928.html&amp;quot;&amp;gt;Re: [Seamoby] LWAPP&amp;lt;/a&amp;gt;&amp;lt;/strong&amp;gt;
&amp;lt;/li&amp;gt;
&amp;lt;li&amp;gt;Next by thread:
&amp;lt;strong&amp;gt;&amp;lt;a href=&amp;quot;msg01927.html&amp;quot;&amp;gt;Re: [Seamoby] LWAPP&amp;lt;/a&amp;gt;&amp;lt;/strong&amp;gt;
&amp;lt;/li&amp;gt;
&amp;lt;li&amp;gt;Index(es):
&amp;lt;ul&amp;gt;
&amp;lt;li&amp;gt;&amp;lt;a href=&amp;quot;maillist.html#01933&amp;quot;&amp;gt;&amp;lt;strong&amp;gt;Date&amp;lt;/strong&amp;gt;&amp;lt;/a&amp;gt;&amp;lt;/li&amp;gt;
&amp;lt;li&amp;gt;&amp;lt;a href=&amp;quot;thrd2.html#01933&amp;quot;&amp;gt;&amp;lt;strong&amp;gt;Thread&amp;lt;/strong&amp;gt;&amp;lt;/a&amp;gt;&amp;lt;/li&amp;gt;
&amp;lt;/ul&amp;gt;
&amp;lt;/li&amp;gt;
&amp;lt;/ul&amp;gt;

&amp;lt;!--X-BotPNI-End--&amp;gt;
&amp;lt;!--X-User-Footer--&amp;gt;
&amp;lt;!--X-User-Footer-End--&amp;gt;
&amp;lt;/body&amp;gt;
&amp;lt;/html&amp;gt;
&lt;/pre&gt;
&lt;!--X-Body-of-Message-End--&gt;
&lt;!--X-MsgBody-End--&gt;
&lt;!--X-Follow-Ups--&gt;
&lt;hr&gt;
&lt;!--X-Follow-Ups-End--&gt;
&lt;!--X-References--&gt;
&lt;!--X-References-End--&gt;
&lt;!--X-BotPNI--&gt;
&lt;ul&gt;
&lt;li&gt;Prev by Date:
&lt;strong&gt;&lt;a href=&quot;msg01930.html&quot;&gt;[no subject]&lt;/a&gt;&lt;/strong&gt;
&lt;/li&gt;
&lt;li&gt;Next by Date:
&lt;strong&gt;&lt;a href=&quot;msg01932.html&quot;&gt;[no subject]&lt;/a&gt;&lt;/strong&gt;
&lt;/li&gt;
&lt;li&gt;Previous by thread:
&lt;strong&gt;&lt;a href=&quot;msg01930.html&quot;&gt;[no subject]&lt;/a&gt;&lt;/strong&gt;
&lt;/li&gt;
&lt;li&gt;Next by thread:
&lt;strong&gt;&lt;a href=&quot;msg01932.html&quot;&gt;[no subject]&lt;/a&gt;&lt;/strong&gt;
&lt;/li&gt;
&lt;li&gt;Index(es):
&lt;ul&gt;
&lt;li&gt;&lt;a href=&quot;maillist.html#01931&quot;&gt;&lt;strong&gt;Date&lt;/strong&gt;&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href=&quot;threads.html#01931&quot;&gt;&lt;strong&gt;Thread&lt;/strong&gt;&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;
&lt;/li&gt;
&lt;/ul&gt;

&lt;!--X-BotPNI-End--&gt;
&lt;!--X-User-Footer--&gt;
&lt;!--X-User-Footer-End--&gt;
&lt;/body&gt;
&lt;/html&gt;
</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->
<ul>
<li>Prev by Date:
<strong><a href="msg01930.html">[no subject]</a></strong>
</li>
<li>Next by Date:
<strong><a href="msg01932.html">[no subject]</a></strong>
</li>
<li>Previous by thread:
<strong><a href="msg01930.html">[no subject]</a></strong>
</li>
<li>Next by thread:
<strong><a href="msg01932.html">[no subject]</a></strong>
</li>
<li>Index(es):
<ul>
<li><a href="maillist.html#01931"><strong>Date</strong></a></li>
<li><a href="threads.html#01931"><strong>Thread</strong></a></li>
</ul>
</li>
</ul>

<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
</body>
</html>