[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: comment on unmanaged analysis presentation/doc



> Marc did explicitly ask that TSP be a v6ops mechanism for discussion.
> 
> To address that question with my input.
> 
> I believe TSP is an important tool for users.  I believe we can begin work
> on this tool within v6ops and support it being worked on within this list.
> 
> Others should respond here with your opinion and this is important per
> Margarets talk  today.  One way or the other.

While I won't comment on TSP vs. some other way of explicitly configuring
tunnels, I'll make a more general comment.

I'm very concerned about trying to fully automate tunnel setup (whether
over IPv4 NATs or just plain old IPv4) due to the trust and security issues.
Thus I think it makes sense to have an authenticated and properly authorizable
tunnel establishment method that can work whether or not there is an
IPv4 NAT in the path. 

The operational model for this is that the user establishes a trust
relationship with the tunnel provider and uses this to establish and maintain
the tunnel automatically.

I think this can be made really simple but yet secure.

  Erik