In your previous mail you wrote:
Seriously, I believe that most of the requirements can be met pretty
easily. You need to design a protocol that starts with a formal
handshake, probably similar in nature to the PPP control protocol:
=> are you suggesting to use the UDP optional encapsulation of
the FreeBSD/OpenBSD user-mode PPP tool (aka http://www.Awfulhak.org/ppp.html)?
It has no IPv6 support but this is easy to fix (some patches are already
available for previous versions). This can do the job for BSD boxes
(so we had only to do this for Linux (port) and Windowses (someone
from Microsoft :-)).
provide credentials in a format that is compatible with a Radius
back-end. You want the handshake to be at least a three ways handshake,
so has to ensure that the connection actually works. You may want to
negotiate something like ESP or TLS.
=> I am strongly in favor of ESP because TLS protected connections are
too easily killed by junk RSTs (not a real problem for the web but
here we'd like to get long term connections).
As Francis points out, once the
connection is set and the identities have been validated, then we
probably are home free -- use autoconfig if needed, use NUD, etc.
=> IPv6 has a superior design, just be convinced outselves (:-)!
Thanks
[EMAIL PROTECTED]
PS: BSD user PPP uses synchronous serial line encapsulation for UDP
(ie. the IP packet is put directly into an UDP packet) and asynchronous
one for TCP (ie. TCP provides an octet stream). This seems reasonnable
and simple (maximal reuse of the code for serial lines).
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
