> Two of the reasons the DSLF is asking for DHCP Auth to be considered by > the IETF are that: > > (1) PANA does not meet IPAuth-14 "Must allow for authentication and > download of subscriber service profile before service IP address is > assigned." IPAuth14 is from the earlier DSLF liaison document to which > Mark referred.
As others have already explained, PANA can be run using an IP address that is solely configured/assigned for the PANA signaling (e.g., a link-local address, or a short-lease private address, etc.) Once PANA is successful, the client is allowed to configure another IP address, and that'd be your "service IP address." We have already taken this into account in PANA design. > (2) Standard 802.1x was driven by security between physical Ethernet > ports. The extension work on 802.1af needed for credentials to traverse > a DSLAM will not be available in needed timeframes. ... Coming back to the implementation issue... DSLAMs are already doing DHCP snooping. Introduction of PANA would mean they also need to snoop on PANA now. I don't think this justifies EAP/DHCP standardization at all. Alper _______________________________________________ Int-area mailing list [email protected] https://www1.ietf.org/mailman/listinfo/int-area
