Pekka,
> I completely agree. Additionally, I'd like to see an
> infrastructureless solution to be used anywhere possible.
> Why? Basically because an infrastructureless solution means
> that we can make it to work with zero configuration, while
> any infrastructure necessarily needs that either the initial
> credentials must be configured or that new nodes must learn
> the credentials of the infrastructure through "leap of faith".
>
In general, if I am a network service provider, then I have a
strong business interest in maintaining good service in my network.
Since I
am paying for the routers, wires, electricity, etc., and my
customers are paying me for the service, I want to make
sure I've got control over the quality of IP service that gets
delivered, so I can deliever good service to my customers.
This is not like the MIP BU security problem where there is
no infrastructure for authenticating across the Internet. There is, in
fact, an
extensive infrastructure that is available, both technological
(in NASes and AAA servers) and business/societal (in roaming
agreements and billing reconciliation) for ensuring that the host
that gets on the network is who they say they are, and that they
pay for the service they use. This infrastructure is thus leveragable
for
authenticating that the host that gets on the network has the right
to claim a particular identity. What's needed yet, and what we've
proposed in ABKs, is a way for other hosts to validate that claim, and
for a host to validate the claim of a router in that regard after the
initial
entry into the network. The note that Markku sent regarding use
of IPsec seemed like it might have the same properties (but the
details need to be worked out).
So, the upshot of what I am saying is that I believe this is not a
purely
technical problem. There are sociological and business aspects
of it that suggest a solution which leverages off the existing
authentication/business infrastructure is likely to be more of interest
to
existing ISPs and future wireless ISPs.
Now, that said, I agree that an infrastructureless solution may be of
interest in some circumstances. It may even be of interest to ISPs,
if the details are right. But I don't think there will ever be a case
where an ISP will let a host on their network without requiring
some kind of authentication as to the right of that host to use
the network (unless, of course, the ISP is giving away the
service).
jak
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
