[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: draft-durand-v6ops-assisted-tunneling-requirements-00.txt

Hi Alain,

See my comments in-line.

Regards,
Jordi

----- Original Message ----- 
From: "Alain Durand" <Alain.Durand@Sun.COM>
To: "JORDI PALET MARTINEZ" <jordi.palet@consulintel.es>
Cc: <v6ops@ops.ietf.org>
Sent: Thursday, April 15, 2004 1:10 AM
Subject: Re: draft-durand-v6ops-assisted-tunneling-requirements-00.txt


> 
> On Apr 14, 2004, at 2:37 PM, JORDI PALET MARTINEZ wrote:
> 
> > Hi Alain,
> >
> > I provide some new comments in-line.
> >
> > I noticed that in 7.2 you kept "simple mode", probably should be 
> > changed to "non-authenticated" to avoid confusions.
> 
> 
> Initially,  section 4 was 'simple mode' and was renamed 'non 
> authenticated mode' by reference
I know ;-)

> to the fact that no specific authentication was required.
> This is a left over from that time, thank you for pointing it.

> 
> Since then, others made the comment that is this mode is restricted to 
> the IPv4 ISP customers,
> there is already some kind of authentication in place at the IPv4 
> layer, thus calling this
> 'non authenticated' is a bit of a misnomer...

I'm not sure to catch this, but let me try ...
Well, in my opinion it depends on the usage done by each ISP deploying it. Some could be willing to keep the service open (even to non-own customers, as today happens with lot's of TBs). Following this rationale, this could support a kind of "anonymous" users (those that access the system with "anonymous/anonymous" user/password ?) or even supporting a mode that doesn't require for sending ANY user/password, right ? I still believe non-authenticated is fine in that case.

> 
> Any suggestion for a alternate name would be welcome.

But if we are sure that we want to force a kind of "anonymous" authentication (request all the time a user/password but it could be anonymous/anonymous), then an alternative name could be "anonymous mode".

But may be entering in this kind of discussion is going too much further for a requirements document and should be part of the protocol itself ?

> 
> Actually, this raises another point. Are both modes (authenticated and 
> non-authenticated) necessary?
> Will ISPs be willing to deploy such tunnels in the mode described in 
> section 4. especially
> in light of the security considerations discussed in section 4.4?

I think so. Actually is happening, and I feel is still important to allow it in the future to facilitate the deployment.

> 
> Any feedback on this topic from operational ISP people would be greatly 
> appreciated.
> 
> - Alain.
> 
> 
> 


**********************************
Madrid 2003 Global IPv6 Summit
Presentations and videos on line at:
http://www.ipv6-es.com

This electronic message contains information which may be privileged or confidential. The information is intended to be for the use of the individual(s) named above. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, including attached files, is prohibited.