On Fri, 5 Oct 2007, Maglione Roberta wrote:
As a Service Provider I can say that architecture considerations
done in DSLF are mainly driven by the evolution of the already
deployed solutions for IP Sessions: infect in order to gradually
migrate from PPP based to IP based Sessions many SP's today already
use a naïf form of identification/authentication based on line ID
carried on DHCP w/option 82. Using DHCP w/option 82 as credential
for authentication lacks in flexibility because line ID is
automatically inserted by the Access Node and restricts the
authentication to the DSL Line so it does not allow performing
authentication based on username and password, ...
One thing has been bugging me for a while. Why exactly is
username/password authentication useful in this context?
In some cases it's probably worthwhile to tie some special
configuration (e.g., if the customer has a fixed IP address [can also
be achieved in DHCP server configs] or an associated static route --
these are mainly for power users, SOHOs and SMEs) to the specific
customer. Line identification is in many cases sufficient here.
However one potential advantage is that with user/pass auth the user
could take his DSL modem, plug it in to some other part of the network
and get his personal configuration with no config changes at the ISP
end.
But at least so far (e.g., with ATM based DSL systems) I've seen that
such transparent moving doesn't work as the ISPs need to configure
something (not sure what exactly) on their systems in any case. So,
unless technology has changed so that transparent moving can be
supported without config changes, it's not clear how much user vs line
identification matters.
Because probably 95% or 99% of customers have no special
configuration, i.e., every bulk user is configured the same way I see
little reason why username/password authentication would be useful.
It seems to mostly be a relic of the old "PPP" based thinking.
Am I missing something?
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
_______________________________________________
Int-area mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/int-area
