In your previous mail you wrote: => first I have submitted the draft, second I tried to make clear that my proposal relies only on (any kind of) network access control (i.e. anything more that just plug and play). AAA is an implementation option which has extra benefits.
> - As a general rule, I'd like the Internet to use end-to-end > mechanisms more than network assistance. This isn't just > an architectural principle, but it will also ensure that > we can deploy our things without waiting for providers to > catch up. I agree. But I would personally make a stronger statement since I'm concerned with the direction of piling more and more requirements and dependencies on AAA. Thus I think the AAA approach is the wrong one - if we collectively can make AAA/Diameter do the things needed to make Radius more usable => for my purpose Radius is enough (only a new attribute is needed for the home address, a new version of RFC 3162 ?) (reliabiliy, security, some extensibility) I think we've collectively have been successful. Keep piling more stuff on the AAA system and it might very well get too heavy to be able to fly... => I agree but AAA is the only way to provide (one day) remote network access control (*not* necessary but fine). Also, waiting for AAA solutions to be available (specified, implemeted, and deployed) before MIPv6 can be used seems to be counter to our desire to finish up MIPv6 soon. => I never proposed to wait for AAA solutions (as I ask only for network access control, not everywhere but enough to make HAO spoofing unattractive). While I have concerns with using the AAA per above I think the phased approach (where the AAA approach continues to be discussed and further understood) makes sense to me. => have you still concerns with using network access control in a BCP? Regards [EMAIL PROTECTED] PS (for the IPv6 WG list): my draft is about HAO vs ingress filtering, I assume there is a consensus about traditional ingress filtering, i.e. RFC 2827 is applicable to IPv6 (i.e. we don't need another document and we'll get tradition IPv6 ingress filtering (access lists and unicast RPF) support in the next router software version (I apologize if this is already available)). -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
