RE: comment on unmanaged analysis presentation/doc

[Marc Blanchet <Marc.Blanchet@viagenie.qc.ca>]

-- vendredi, septembre 20, 2002 11:53:28 +0200 Erik Nordmark
<Erik.Nordmark@sun.com> wrote/a écrit:

>> Marc did explicitly ask that TSP be a v6ops mechanism for discussion.
>> 
>> To address that question with my input.
>> 
>> I believe TSP is an important tool for users.  I believe we can begin
>> work on this tool within v6ops and support it being worked on within
>> this list.
>> 
>> Others should respond here with your opinion and this is important per
>> Margarets talk  today.  One way or the other.
> 
> While I won't comment on TSP vs. some other way of explicitly configuring
> tunnels, I'll make a more general comment.
> 
> I'm very concerned about trying to fully automate tunnel setup (whether
> over IPv4 NATs or just plain old IPv4) due to the trust and security
> issues. Thus I think it makes sense to have an authenticated and properly
> authorizable tunnel establishment method that can work whether or not
> there is an IPv4 NAT in the path. 

that is _exactly_ what tsp is doing.

Marc.

> 
> The operational model for this is that the user establishes a trust
> relationship with the tunnel provider and uses this to establish and
> maintain the tunnel automatically.
> 
> I think this can be made really simple but yet secure.
> 
>   Erik
>