>>> (6) A personal comment is that this proposal specifically allows >>> for the creation of walled gardens in service provision. That's >>> something an IAB workshop warned about some years ago >>> (RFC 3002 section 4.2), although mainly with respect to network >>> provision. The community might want to consider whether there's a >>> deeper issue than just the technical merit of this draft. >> >> Well.. that is of course possible if some operator wants to do so. > > Right, and I'm not saying the IETF can forbid this. I think it's > something the IETF should be aware that it's allowing, however. > So excuse me if I forward this part of my review as a public > Last Call comment. I *do* appreciate this: > o In absence of a specifically indicated service the home agent MUST > act as if the default service, plain Internet access had been > requested. There is no absolute requirement that this default > service be allowed to all subscribers, but it is highly > RECOMMENDED in order to avoid having normal subscribers employ > operator-specific configuration values in order to get basic > service.
The walls are indeed something to be concerned about (and I have yet to see that garden anywhere...) However, it is also a fact that there is a need to provide connectivity to a particular network (such as a corporate network) and that providers see this as a lucrative service for them to offer. It is also fact that different security policies are and firewalls are needed under different circumstances. All of these things can be achieved today, but at a greater cost for the providers and lesser capabilities for the mobile nodes to affect the choices. So I think we need to provide functionality in this space. The statement that you quote above is in the document due to some fairly spectacular failures of past arrangements. I would be interested in adding similar statements that make recommendations about how and for what purpose service separation should occur, and what some of the potential issues are. For instance, my phone as currently configured works great with the, entire Internet, but fails to work with some operator services, because the operator decided in their great wisdom to offer those services only in a separate network. My phone can deal with multiple networks easily, but its almost impossible for a non-expert to get the config right, and even experts get them wrong in many cases -- in my case I used the config scripts from the operator as-is, and they still got it wrong by connecting me only to the Internet. Jari _______________________________________________ Gen-art mailing list [email protected] https://www1.ietf.org/mailman/listinfo/gen-art
