[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: VPN Auth (was VPN authentication/verification and WG re-chartering)

To: "Schliesser, Benson" <bensons at savvis.net>
Subject: Re: VPN Auth (was VPN authentication/verification and WG re-chartering)
From: Ron Bonica <rbonica at juniper.net>
Date: Tue, 05 Jun 2007 17:11:10 -0400
Cc: l3vpn at ietf.org
In-reply-to: <2DC6358FAE5D5F44A12DC5ABFDA8AC4DD440CA@s228130hz1ew24.apptix-01.savvis.net>
List-help: <mailto:l3vpn-request@ietf.org?subject=help>
List-id: l3vpn.ietf.org
List-post: <mailto:l3vpn@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/l3vpn>, <mailto:l3vpn-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/l3vpn>, <mailto:l3vpn-request@ietf.org?subject=unsubscribe>
References: <2DC6358FAE5D5F44A12DC5ABFDA8AC4DD440CA@s228130hz1ew24.apptix-01.savvis.net>
User-agent: Mozilla Thunderbird 1.0.2 (Windows/20050317)


Schliesser, Benson wrote:
> Sorry for replying to my own message, but I would like to encourage
> discussion around VPN Auth requirements.
> 
> 
>>I would like to see discussion of the requirements first, so that 
>>candidate solutions have a point of reference.
> 
> 
> For instance, I would argue that there are several roles/modes of
> authentication that must be considered: SP-managed, user-managed, and
> co-managed. Each of these modes have slightly different requirements, of
> course, and different alerting and/or response mechanisms.

Could you say a few words about what each of these terms means?

> 
> Across all of these modes the primary goal is to be assured that all
> sites attached to the VPN are intended and allowed to be members.
> Secondary goals *might* include verification that the CE was configured
> by the correct authority (i.e. is not a hacked or replaced device), that
> routes originating from the CE (or PE) are legitimate, etc. Maybe a
> solution for one of the secondary goals might actually solve the primary
> goal, too.

Could you say a few words about the secondary goals?

                                 Ron

> 
> Any thoughts on these goals, and/or how they translate into technical
> requirements?
> 
> Cheers,
> -Benson
>

Follow-Ups:
- RE: VPN Auth (was VPN authentication/verification and WG re-chartering)
  - From: Schliesser, Benson

References:
- VPN Auth (was VPN authentication/verification and WG re-chartering)
  - From: Schliesser, Benson

Prev by Date: RE: VPN Auth (was VPN authentication/verification and WG re-chartering)
Next by Date: RE: VPN Auth (was VPN authentication/verification and WG re-chartering)
Previous by thread: RE: VPN Auth (was VPN authentication/verification and WG re-chartering)
Next by thread: RE: VPN Auth (was VPN authentication/verification and WG re-chartering)
Index(es):
- Date
- Thread