[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Tunnel Set-up requirements: Issue to be resolved
> IMHO a protocol doing this MUST not rely on an external mechanism.
But later you say that referring to a website for registration is ok.
Perhaps we mean different things by "external mechanism".
I think it is find to have the tunnel set-up return a
"please register at www.example.com/register" as you suggest,
and that is what I call "external".
So I suspect we agree on this point.
I don't know if the "direct" is that useful. You effectively end
up carrying a subset of html when you do this; it is simpler just
to refer to a URL.
(And there might non-technical reasons for an ISP wanting a URL for
registration; they can have banner ads for their ADSL service etc.)
One question:
For the [registered user, aka one with an account] you are describing
something that looks like a full authentication exchange, which opens
up the door to questions like "are we encapsulating EAP over the tunnel
setup protocol? or SASL?".
Do you see this strong authentication as a requirement?
Or do you think it is sufficient to have the registration result in
some "key/tag" where presenting that key/tag in the clear in the tunnel setup
protocol is sufficient?
Erik