Clarifying...
> > 1. What were your design considerations in regards to putting the
> > authorization info and server on the firewall itself? The
> > alternatives are harder, but strike me as possibly more secure
> > than putting such important stuff on boxes whose physical
> > security cannot be assured.
>
> In a typical setup, no sensitive information is stored on the firewall
> machine (or gateway, as we call it), so I'm afraid I don't understand
> your question.
From the NoCat whitepaper:
| -The Client then makes an HTTPS POST request to the Authentication
| Service (probably via an SSL enabled browser.) The POST request
| includes the member's login, password, and optional MAC address
| information.>
| -The Authentication Service validates the request, and returns an>
| appropriate response to the Client.
My impression was that the NoCatAuth process verified this
login-password-MAC thing, and so would need to store....something?
> > 2. Any thoughts about HereUAre.com? I met with them last year
> > downin Santa Clara, CA., though nothing came of it.
> Don't know anything about it, but last we heard they were trying to
> make money on a public radio band, so we weren't especially interested.
So radio's and radio silicon is okay to sell, but not radio
service? :*) Not trying to bait you here -- I'm a big proponent of
public-access 802.11 hotspots. So much so that I wish it could move
at the velocity of something driven by capitalism rather than altruism.
> > 3. I was curious if you've looked at LaBrea at all, to tarpit the
> > unused IP's on the WLAN until someone authenticates with your
> > NoCatAuth.
>
> Never looked at it before you mentioned it, but I'd say it's basically
> outside the scope of our project. Other wireless groups have expressed
> an interest in RIDS, to prevent luser antics on the wireless network,
> and our attitude is basically the same. We do require transparent port
> forwarding on the gateway firewall, however.
From my perspective, I see 'theft of service' as, well, the
point of any authentication scheme. Perhaps my perspective isn't
that aligned with NoCat's?
Thanks again!
-Scott
_______________________________________________
Leaf-devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-devel
