RE: "non-authenticated" tunneling [Re: draft-durand-v6ops-assisted-tunneling-requirements-00.txt]

["Soliman Hesham" <H.Soliman@flarion.com>]

I have one comment on this thread. 

The discussion seems to look at the transition mechanism
in isolation. I.e., whether the mechanism is authenticated
or not, and based on that we seem to be deciding whether 
it's useful for ISPs to deploy such mechanisms. 

There is a typical flaw in concentrating on the mechanism
without considering the context. I thought that one of the
reasons for considering specific scenarios was to avoid 
that flaw. For instance, a mechanism itself may be "unauthenticated", 
but that doesn't mean that when it gets used in a network
that assumes secure access and user tracking it's still
considered unauthenticated. ISPs may already have existing 
tools in their network to augment the security "deficiencies"
of a particular mechanism. 

The danger of going down this track is that we might duplicate
work done somewhere else without providing additional benefits
to certain scenarios. I.e. if the default is "make no assumptions
about the context" we could end up with solutions that are
over complicated in some scenarios. 

So I think this discussion is more useful when considering
specific cases. 

Hesham


========================================================
This email may contain confidential and privileged material for the sole
use of the intended recipient.  Any review or distribution by others is 
strictly prohibited.  If you are not the intended recipient please contact
the sender and delete all copies.
========================================================