"non-authenticated" tunneling [Re: draft-durand-v6ops-assisted-tunneling-requirements-00.txt]

[Pekka Savola <pekkas@netcore.fi>]

Just clarification...

On Fri, 23 Apr 2004, Gert Doering wrote:
> On Fri, Apr 23, 2004 at 02:37:49PM -0700, Alain Durand wrote:
> > Would ISP be willing to deploy IPv6 tunnel service in this 
> > non-authenticated mode 
> > on production networks? 
> 
> Good question.  We certainly are not interested in providing 
> non-authenticated (= anonymous?) tunnel services.  
> 
> We want/need to be able to backtrace abuse, and (unless I overlook 
> anything) this can only be done if we know who setup the tunnel.

The "non-authenticated mode" -terminology is confusing, I think.  It 
would be better if we'd be able to find something else.

The question is: would ISPs in general be willing to host a "try-out 
service" which dependended only on the source IPv4 address of the 
hosts?

In other words, would:
 1) IPv4 source address identification be sufficient for ISPs offering 
    this "try-out tunneling" to their own customers _only_, and

 2) same as above, but also to the outsiders (compare to public 6to4 
    relays, but with IPv6 addresses from your pTLA).

My guess is that for 1), the answer would be generally "yes", and for 
2) generally "no".

(That's host we as a NREN would probably react.)

The similar questions could be asked about the "authenticated" mode as
well, of course.  I have a huch that the responses would be similar,
except in a few special cases.

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings