Charles Clancy wrote: > Often switching to a mutually-authenticated EAP method is not viable, > because there is no enrollment capabilities, i.e. you can't sign up new > users without giving them a web GUI to type in their credit card > information. If hotspot deployers had a server-authenticated EAP method > that tied a client's MAC address to a particular set of keys, they could
... lose a lot of users. People log in from different machines, and understand "name + password == access". > then decide whether that user could access the Internet based on whether > or not they had signed in to a web portal or not. Companies are deploying these solutions today. They're obtain some acceptance, but in the enterprise area, rather than in Hotspots. > This approach would go a long way toward improving security in many > wireless networks. I think it would be extremely useful in hotels, > universities, coffee shops, etc. It might be useful to think about some > requirements for these scenarios too, and kill two birds with one stone. Seamless roaming is very, very, difficult to implement correctly. There are just too many bit players who lack the capability to do anything other than to bill users. Alan DeKok. _______________________________________________ Emu mailing list Emu@ietf.org https://www1.ietf.org/mailman/listinfo/emu
