[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: comment on unmanaged analysis presentation/doc
Erik Nordmark wrote:
> While I won't comment on TSP vs. some other way of explicitly configuring
> tunnels, I'll make a more general comment.
I don't know what other ways you have in mind, but as a technologist I must
admit that I do see merits in the TSP approach.
> I'm very concerned about trying to fully automate tunnel setup (whether
> over IPv4 NATs or just plain old IPv4) due to the trust and security issues.
> Thus I think it makes sense to have an authenticated and properly authorizable
> tunnel establishment method that can work whether or not there is an
> IPv4 NAT in the path.
I think we will soon need to be careful about how we define the term
"automatic tunnel". Marc Blanchet has introduced a new term "semi-automatic"
tunnel into the discussion to refer to the process of automating configured
tunnel setup (am I representing this properly, Marc?)
I have been struggling with the cumbersome terminology this imparts, i.e.,
we now have "semi-automatic configured tunnels" and we may one day also have
"semi-automatic-automatic tunnels". It might help to look to the characteristics
of the two different mechansims:
"Configured" tunnels, as we know them today, are (in part) defined to
"...behave as virtual point-to-point links" [MECH, 1.1]. "Automatic" tunnels,
as we know them today, are understood to behave as virtual point-to-multi-
point links. But, both point-to-point and point-to-multipoint virtual links
may benefit from "semi-automatic" explicit configuration mechanisms such as
> The operational model for this is that the user establishes a trust
> relationship with the tunnel provider and uses this to establish and maintain
> the tunnel automatically.
My individual submission entitled "ISATAP interactions with TSP" explores
possible benefits for using TSP with ISATAP, including exactly the sort of
trust relationship you describe above. It is possible that these same benefits
may extend to the general case of point-to-multipoint virtual links, but I'm
not prepared to make any claims in that regard. The draft can be found at:
> I think this can be made really simple but yet secure.
As above, as a technologist I admit that I do see merits in this approach.