Dave Thaler wrote, around 18/8/07 3:23 AM:
-----Original Message-----
From: Wojciech Dec (wdec) [mailto:[EMAIL PROTECTED]
Sent: Friday, August 17, 2007 5:37 AM
To: Dave Thaler; Alper Yegin; Internet Area
Cc: Dhc Chairs
Subject: RE: [Int-area] DSL forum liaison statement on
subscriberauthentication
-----Original Message-----
From: Dave Thaler [mailto:[EMAIL PROTECTED]
Sent: 15 August 2007 23:24
To: Alper Yegin; Internet Area
Cc: Dhc Chairs
Subject: RE: [Int-area] DSL forum liaison statement on
subscriberauthentication
-----Original Message-----
From: Alper Yegin [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 15, 2007 1:31 PM
To: Dave Thaler; 'Internet Area'
Cc: 'Dhc Chairs'
Subject: RE: [Int-area] DSL forum liaison statement on
subscriberauthentication
[...]
2) Is the problem about authenticating access to the
local link,
or
about authenticating access to the network behind the L3
edge
device?
I think it is both.
If it is both, and the link is capable of carrying non-IP
traffic
(like
Ethernet is), then a L3 solution would be particularly
inappropriate.
WT-146 provided by DSLF is all about "IP sessions." So, I presume
non-IP
traffic is out of scope.
[...]
Yes I think that's a fundamental problem. They're not
considering the larger issues, and as a result some are
asking for a poor solution.
While theretically other protocols may be possible, practically DSL
service operators support only IP traffic for residential users, and a
majority of business L3 services too. As such the solution requested
for
this space is precisely for that, no more, no less.
I think there is some confusion here, perhaps on my part (which is why I
was asking the questions).
Since we agree that there can be two machines of the same subscriber on
the same link, in at least one of the models supported by WT-146 and
IPAuth-18, what _prevents_ those two machines from using a protocol
other than IP?
By this you seem to be talking about two devices behind the home
gateway, which assuming it is some Ethernet switch, they should have no
problem talking to each other in a protocol other than IP. It's when
you look at service provided by the service provider on the other side
of the home gateway when the assertion is made that the service provider
is only providing an IP service.
And since we agree that there can be two subscribers on the same shared
link, in at least one of the models supported by WT-146 and IPAuth-18,
what _prevents_ those two subscribers from using a protocol other than
IP?
Well the would of the WT-146 effort is about defining the ability to
give service at a greater than port granularity but one should remember
that underlying the IP Session is a port to which services are bound.
So the answer to your question is the service definition by the Service
Provider is for an IP service explicitly and they do want to prevent
people running random protocols over the layer 2 network. These layer 2
networks can be 200 K in size and you need to have security and control
on session behaviour in networks of that size.
In short I read IPAuth-18 as saying port is part of the session
definition. So a session is for a Port+IP.
- Ric
-Dave
_______________________________________________
Int-area mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/int-area
_______________________________________________
Int-area mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/int-area
