On Sun, 2004-04-25 at 17:37, Pekka Savola wrote: > Just clarification... > > On Fri, 23 Apr 2004, Gert Doering wrote: > > On Fri, Apr 23, 2004 at 02:37:49PM -0700, Alain Durand wrote: > > > Would ISP be willing to deploy IPv6 tunnel service in this > > > non-authenticated mode > > > on production networks? > > > > Good question. We certainly are not interested in providing > > non-authenticated (= anonymous?) tunnel services. > > > > We want/need to be able to backtrace abuse, and (unless I overlook > > anything) this can only be done if we know who setup the tunnel. > > The "non-authenticated mode" -terminology is confusing, I think. It > would be better if we'd be able to find something else. I would call that "Anonymous". But I would provide the 'client' with a cookie or something similar so that they can pass the cookie to you when they come back and thus allowing them to get the same prefix they had before. > The question is: would ISPs in general be willing to host a "try-out > service" which dependended only on the source IPv4 address of the > hosts? > > In other words, would: > 1) IPv4 source address identification be sufficient for ISPs offering > this "try-out tunneling" to their own customers _only_, and This indeed works for most ISP's. They can do this by filtering based on the request made or simply by putting a firewall on the service endpoint and thus filtering out anything unwanted. > 2) same as above, but also to the outsiders (compare to public 6to4 > relays, but with IPv6 addresses from your pTLA). Anonymous is done by many ISP's already, at least if you look at a TB being a anonymous service; Freenet6 is probably the best answer here. > My guess is that for 1), the answer would be generally "yes", and for > 2) generally "no". Correct. > (That's host we as a NREN would probably react.) > > The similar questions could be asked about the "authenticated" mode as > well, of course. I have a huch that the responses would be similar, > except in a few special cases. It actually all depends on one simple thing: money. If an authenticated user does pay why shouldn't you give service to them even if it is somewhere else. Though such policies are mostly ISP based. Greets, Jeroen
Attachment:
signature.asc
Description: This is a digitally signed message part