[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: TSP (draft-blanchet-v6ops-tunnelbroker-tsp-00) comments

To: Marc Blanchet <Marc.Blanchet@hexago.com>
Subject: Re: TSP (draft-blanchet-v6ops-tunnelbroker-tsp-00) comments
From: Pekka Savola <pekkas@netcore.fi>
Date: Mon, 1 Mar 2004 00:43:11 +0200 (EET)
Cc: v6ops@ops.ietf.org
In-reply-to: <310770000.1078092778@classic.viagenie.qc.ca>

On Sun, 29 Feb 2004, Marc Blanchet wrote:
> > Thanks for updating the spec -- it has been a long time :).
> 
> (well, v6ops was not supposed to work on protocols... ;-)))

But individuals are welcome to :-)

> > The user is expected
> > to give an IP address, which (supposedly) is used to identify the user.
> 
> no. IP address is used to create the tunnel on both end. User
> authentication is used to identify the user. 

Ok -- I think the problem is that the document does not describe other 
than which authentication mechanisms are used -- nothing at what 
key/account material or procedures are used prior to the mechanical 
authentication algorithm use.

> > 4) SASL doesn't work with UDP, so my guess is that the whole UDP 
> > signalling must have been some kind of glitch in the spec.
> 
> I will improve in next version. (it works, I'm using it every day...)

Hmm.. unless I looked at it wrong, the SASL spec disagrees with you
:-).

> > 3. Advantages of TSP
> > 
> >    o  A signaling protocol to establish the tunnel: no need to change
> >       kernels, routing...
> > 
> > ==> I do not understand what you mean by this advantage.  Perhaps you
> > should elaborate or reword.
> 
> ok. what was meant is that it is "just" a signaling protocol: it is on the
> control plane. No modifications needed elsewhere.

UDP encapsulation, at least, is a (minor) modification.

> >    Automation of the prefix assignment and DNS delegation, done by TSP,
> >    is a very important feature for a provider in order to substantially
> >    decrease support costs.  The provider can use the same authentication
> >    database that is used to authenticate the IPv4 users.
> > 
> > ==> there is not even a hint how TSP could use the same databases as with
> > v4 authentication :-)
> 
> ok. answer was "radius"... Will add.

and which attributes, etc -- I think some details are needed so that 
this could work interoperably.

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

Follow-Ups:
- Re: TSP (draft-blanchet-v6ops-tunnelbroker-tsp-00) comments
  - From: Florent Parent <Florent.Parent@hexago.com>

References:
- Re: TSP (draft-blanchet-v6ops-tunnelbroker-tsp-00) comments
  - From: Marc Blanchet <Marc.Blanchet@hexago.com>

Prev by Date: Re: WG Last Call: draft-ietf-v6ops-isp-scenarios-analysis-01.txt
Next by Date: Re: TSP (draft-blanchet-v6ops-tunnelbroker-tsp-00) comments
Previous by thread: Re: TSP (draft-blanchet-v6ops-tunnelbroker-tsp-00) comments
Next by thread: Re: TSP (draft-blanchet-v6ops-tunnelbroker-tsp-00) comments
Index(es):
- Date
- Thread