[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: TSP (draft-blanchet-v6ops-tunnelbroker-tsp-00) comments
On Sun, 29 Feb 2004, Marc Blanchet wrote:
> > Thanks for updating the spec -- it has been a long time :).
>
> (well, v6ops was not supposed to work on protocols... ;-)))
But individuals are welcome to :-)
> > The user is expected
> > to give an IP address, which (supposedly) is used to identify the user.
>
> no. IP address is used to create the tunnel on both end. User
> authentication is used to identify the user.
Ok -- I think the problem is that the document does not describe other
than which authentication mechanisms are used -- nothing at what
key/account material or procedures are used prior to the mechanical
authentication algorithm use.
> > 4) SASL doesn't work with UDP, so my guess is that the whole UDP
> > signalling must have been some kind of glitch in the spec.
>
> I will improve in next version. (it works, I'm using it every day...)
Hmm.. unless I looked at it wrong, the SASL spec disagrees with you
:-).
> > 3. Advantages of TSP
> >
> > o A signaling protocol to establish the tunnel: no need to change
> > kernels, routing...
> >
> > ==> I do not understand what you mean by this advantage. Perhaps you
> > should elaborate or reword.
>
> ok. what was meant is that it is "just" a signaling protocol: it is on the
> control plane. No modifications needed elsewhere.
UDP encapsulation, at least, is a (minor) modification.
> > Automation of the prefix assignment and DNS delegation, done by TSP,
> > is a very important feature for a provider in order to substantially
> > decrease support costs. The provider can use the same authentication
> > database that is used to authenticate the IPv4 users.
> >
> > ==> there is not even a hint how TSP could use the same databases as with
> > v4 authentication :-)
>
> ok. answer was "radius"... Will add.
and which attributes, etc -- I think some details are needed so that
this could work interoperably.
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings