Re: TSP (draft-blanchet-v6ops-tunnelbroker-tsp-00) comments

[Florent Parent <Florent.Parent@hexago.com>]

--On Monday, March 01, 2004 00:43:11 +0200 Pekka Savola <pekkas@netcore.fi> 
wrote:

> On Sun, 29 Feb 2004, Marc Blanchet wrote:

snip...

> > no. IP address is used to create the tunnel on both end. User
> > authentication is used to identify the user.
>
> Ok -- I think the problem is that the document does not describe other
> than which authentication mechanisms are used -- nothing at what
> key/account material or procedures are used prior to the mechanical
> authentication algorithm use.

understood. Will add in next rev.

> > > 4) SASL doesn't work with UDP, so my guess is that the whole UDP
> > > signalling must have been some kind of glitch in the spec.
> >
> > I will improve in next version. (it works, I'm using it every day...)
>
> Hmm.. unless I looked at it wrong, the SASL spec disagrees with you
> :-).

SASL spec supports "connection-based protocols". Using UDP requires you to 
establish and maintain a "connection" for the duration of the 
authentication exchange and tunnel setup.

This will be explain in the next rev., along with the "reliable UDP" stuff.

snip...

> > > ==> there is not even a hint how TSP could use the same databases as
> > > with v4 authentication :-)
> >
> > ok. answer was "radius"... Will add.
>
> and which attributes, etc -- I think some details are needed so that
> this could work interoperably.

agreed. Will add.

Florent