[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Opportunistic Tunneling
-- Monday, February 23, 2004 11:19:16 +0200 Pekka Savola
<pekkas@netcore.fi> wrote/a ecrit:
> On Fri, 20 Feb 2004, JORDI PALET MARTINEZ wrote:
>> > Responding a to few points you raised..
>> >
>> > On Tue, 17 Feb 2004, JORDI PALET MARTINEZ wrote:
>> > > I believe proto-41 is also one of the proposals on the table for
>> > > both unmanaged and 3GPP.
>> > >
>> > > For example, TSP can make use of it. We also have a Tunnel Broker
>> > > implementation that does.
>> >
>> > Note that while proto-41 forwarding is probably useful in e.g.
>> > unmanaged scope in general, it is not really applicable to this
>> > specific topic, "opportunistic tunneling", where the tunneling is
>> > autoomatic, and requires no supporting ISPs. E.g., tunnel brokers are
>> > out of scope for this topic.
>> >
>> > Ignoring proto-41 however...
>>
>> It will depend on what we consider "opportunistic". For me is clear
>> that we can have tunnel brokers that work like 6to4, i.e., no user
>> registration. Then you use proto-41 (or other means) ... also TSP
>> here can play the game, if no user authentication is required.
>
> I guess this could be possible in theory. User authentication will
> probably always be there, though. The user and the ISP have to set up
> some kind of authentication to ensure that nobody else can hijack the
> tunnel, at least -- not considering the non-technical requirements,
> such as the economic (non-incentive) for deploying such an anonymous
> tunnel service, which would probably lead to a lot of trouble in the
> long run (abuse reports from your netblock, increased traffic ~=
> bigger payments to your transit operators, etc.).
in TSP anonymous mode, one can filter TSP requests to his own autonomous
system. This is really just a management function, not related to the TSP
protocol itself.
in TSP authentication mode, then the AAA database is used.
>
> So, this approach would seem to have both technical and non-technical
> constraints why its feasibility is a bit questionable.
TSP is deployed live in many organisations at this point.
Marc.
>
> --
> Pekka Savola "You each name yourselves king, yet the
> Netcore Oy kingdom bleeds."
> Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
>
>
------------------------------------------
Marc Blanchet
Hexago
tel: +1-418-266-5533x225
------------------------------------------
http://www.freenet6.net: IPv6 connectivity
------------------------------------------