[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [dhcwg] Discussion of dhc WG rechartering for DHCP authentication

Hi,

I think it is a good idea to extend DHCP for providing subscriber authentication given that other approaches are more complex. I think most of the service providers supply their own Residential Gateways and it is RGs which initiate PPPoE/DHCP. Those who use their modems in plain bridging mode and rely on 3rd party devices (including PCs and other routers) may have to continue with PPP for the migration.  Coming to the alternative approaches

1. PANA needs considerable re-work like PANA snooping on DSLAM to install L2 filters, and PANA support on RG,BNG and also a tweak in the way DHCP functions.
2. There are some deployments which use 802.1x directly and let the DSLAM talk to AAA  and do the authentication. In this case, RG initiates 802.1x and DSLAM acts as authenticator. But it is always preferred to have the authentication done at BRAS than at the DSLAM. So, 802.1x in its current form may not be suitable for all the service providers offering DSL service.

Ofcourse, if 802.1af is available which enables forwarding 802.1x frames to BRAS, then this looks more efficient than changing DHCP. It depends on how long it takes to become a standard.

Thanks,
Pavan Kurapati

________________________________________
From: Ralph Droms [rdroms at cisco.com]
Sent: Wednesday, October 31, 2007 6:43 PM
To: dhcwg at ietf.org
Subject: [dhcwg] Discussion of dhc WG rechartering for DHCP authentication

Second try - still soliciting expert DHCP input (as well as any other
input you might care to provide) from dhc WG members...

There is a lengthy discussion about rechartering the dhc WG to take
on the DHCP authentication proposals in draft-pruss-dhcp-auth-
dsl-01.txt and draft-zhao-dhc-user-authentication-02 in the int-
area at ietf.org mailing list.  Both of these drafts have been submitted
for to the WG for review in the past, and neither, to date, has been
accepted as a dhc WG work iterm.  I've included a copy of the initial
posting, http://www1.ietf.org/mail-archive/web/int-area/current/
msg00957.html, below.  Because this discussion may lead to the
rechartering of the dhc WG to take on either or both of these drafts
as new work items, those of you not on the int-area mailing list
should consider reviewing the e-mail thread and contributing to the
discussion.

- Ralph


=====
To: Internet Area <int-area at ietf.org>
Subject: [Int-area] DCHP-based authentication for DSL?
From: Jari Arkko <jari.arkko at piuha.net>
Date: Thu, 04 Oct 2007 23:22:15 +0300


We talked about the DSL requirements earlier on this list. Now
they have sent us a liaison statement regarding what they would
like to do:

"At this time, we would like to make the IETF aware that during
our most recent DSL Forum quarterly meeting, the Architecture
and Transport Working Group agreed to seriously consider adopting
a mechanism such as that proposed in draft-pruss-dhcp-auth-dsl-01.txt
or draft-zhao-dhc-user-authentication-02. We understand that the authors
of these specifications intend to produce a combined document soon.
The DSL Forum formally requests that the IETF adopt this as a work
item, and would appreciate being advised of progress as soon as
possible.

Our next quarterly meeting is December 10-13, in Lisbon, Portugal."


How do we feel about this? Is this a good idea, considering the DSL
architecture? How will it affect DHCP the protocol? How would
you go about making DHCP extensions so that they work best
for all possible environments and not just DSL? Is anyone
already working on the combined draft promised above? Are
there any other choices that we should recommend instead?

I would like to hold the discussion on this in this list until
we've determined that the DHCP protocol is the right tool
for the job. If it is, we can recharter DHC WG again to add
the actual development work there. (DHC is right now
being rechartered but that recharting is mostly a cleanup
and not the addition of functionality to do this.)

Jari


_______________________________________________
dhcwg mailing list
dhcwg at ietf.org
https://www1.ietf.org/mailman/listinfo/dhcwg

**************** CAUTION - Disclaimer *****************
This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solely for the use of the addressee(s). If you are not the intended recipient, please notify the sender by e-mail and delete the original message. Further, you are not to copy, disclose, or distribute this e-mail or its contents to any other person and any such actions are unlawful. This e-mail may contain viruses. Infosys has taken every reasonable precaution to minimize this risk, but is not liable for any damage you may sustain as a result of any virus in this e-mail. You should carry out your own virus checks before opening the e-mail or attachment. Infosys reserves the right to monitor and review the content of all messages sent to or from this e-mail address. Messages sent to or from this e-mail address may be stored on the Infosys e-mail system.
***INFOSYS******** End of Disclaimer ********INFOSYS***

_______________________________________________
dhcwg mailing list
dhcwg at ietf.org
https://www1.ietf.org/mailman/listinfo/dhcwg