[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Merge NAT-PT approaches?

To: Brian E Carpenter <brian.e.carpenter@gmail.com>
Subject: Re: Merge NAT-PT approaches?
From: Iljitsch van Beijnum <iljitsch@muada.com>
Date: Fri, 28 Dec 2007 14:03:42 +0100
Cc: IPv6 Operations <v6ops@ops.ietf.org>
In-reply-to: <476B373F.8040108@gmail.com>
References: <A720A931-C3D2-42EA-AE52-B9966F6A79A4@muada.com> <476B373F.8040108@gmail.com>

On 21 dec 2007, at 4:47, Brian E Carpenter wrote:

I'm sympathetic to the idea. Bringing in the shim action
only when it's actually needed sounds good in principle.
The devil is in the details, of course, but we can
investigate that off-list if people would like us
to follow this up.


One thing before we jump into specifics:

I don't think reusing parts from shim6 makes a lot of sense forauthentication. There are already several datagram basedauthentication mechanisms, and they can get quite complex. If a hostneeds to authenticate towards a NAT-PT translator, it would be muchsimpler to set up a TLS-protected TCP session and then do simple user/password authentication. Then, the translator can trust all packetscoming from the source address in question, or it can provide the hostwith a session key that can then be used in further shim signaling.

Follow-Ups:
- Re: Merge NAT-PT approaches?
  - From: marcelo bagnulo braun <marcelo@it.uc3m.es>

Prev by Date: IPv6 broadband provisioning
Next by Date: Re: Merge NAT-PT approaches?
Previous by thread: IPv6 broadband provisioning
Next by thread: Re: Merge NAT-PT approaches?
Index(es):
- Date
- Thread