Iljitsch, > Let's start with the last question first: there is no discussion of > IEEE 802.1x and why that would be insufficient here. Both drafts seem > to be written to make things as easy as possible on the DSL service > providers and their vendors without much consideration for the > migration issues this would impose on end-users. DHCP clients are > generally not a user serviceable part in the most popular operating > systems and home gateways. This makes using something that is > available today, such as 802.1x, highly preferable.
802.1x has been one of the other options on the table in DSL forum, and I think they even sent a similar question to IEEE as they did earlier to us. I don't know if the IEEE responded about 802.1x. In any case DSL Forum is saying that their preferred solution is based on DHCP. > The other thing that is missing in action is IPv6. I think it's > irresponsible to deploy any new technology that's IPv4-only at this > point in time. For this reason, too, it's highly preferable to use a > non-IP based authentication protocol. Presumably you could develop the same feature for both IPv4 and IPv6 DHCP. However, IPv6 has also other address configuration mechanisms, so clearly this could not be used for preventing access to those. In the case that the DSL Forum is looking at that does not seem to matter, however, because in their environment DSL home router and BRAS would communicate via DHCP only. Presumably in IPv6 they would use prefix delegation. > There is some discussion in one of the drafts about what the client > would be, but the discussion is not very illuminating. In my > experience, there are two ways of connecting to DSL networks: with a > simple modem, that doesn't do much except some protocol translation, > and with a home gateway/router with the modem function built in. In > the former case, the modem generally passes authentication protocols > through more or less transparently, so any device connected to the > modem, such as a PC or a home gateway/router without the modem > function built in, will have to engage in authentication directly. In > the case of the integrated home gateway, the authentication > credentials would be configured on the gateway and client PCs wouldn't > have to run the authentication protcol. I believe they are looking at the second case. Clearly, expecting new support from hosts would be very problematic for deployment. Jari _______________________________________________ Int-area mailing list [email protected] https://www1.ietf.org/mailman/listinfo/int-area
