Dual stack hotspot/captive portal
christian at kuhtz.com
Thu Feb 24 06:12:12 CET 2011
Maybe I misunderstand your point, but how is that any different from today on a client attached to open service set and using a captive portal?
If you want last mile protection, nothing other than 802.1x or IPSEC tunnel to start encryption will do. And maybe Hotspot 2.0 will make that more palatable in the not too distant future. That is at least what you can probably expect from the carrier community on this point -- and another topic altogether that has nothing to do with IPv6.
Sent from my Android phone with K-9 Mail. Please excuse my brevity.
Mikael Abrahamsson <swmike at swm.pp.se> wrote:
On Wed, 23 Feb 2011, Marc Blanchet wrote: > I thought we were talking about hotspot with captive portal which > suggests public places with not the same level of security requirements > as an enterprise network. Not protecting users from man-in-the-middle attacks and session hijackings is really bad business practice. You need to protect the users MORE in that kind of environment than on an enterprise LAN. The most adverse environment securitywise is the role of an ISP, not the enterprise. > To me, captive portals are just fine with router advertisements and I > don't see real need for DHCPv6. However, DHCPv6 can be a solution in > this environment, but there is currently some lack of clients > implementations. That might change in a not so distant future. However, > if one wants to do it right now, and it is for the general public, I > guess RA are probably more simple than DHCPv6, given all implementations > support RA. You use RAs always, even in DHCPv6. You probably mean SLAAC. And I would design it so that people with DHCPv6 support get IPv6, if they don't, they don't get IPv6. No SLAAC allowed. I guess we can agree to disagree. -- Mikael Abrahamsson email: swmike at swm.pp.se
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the ipv6-ops