A couple of questions on the requirements: > IPAuth-7 Must support revoking authentication
How is this performed in a DHCP solution? > IPAuth-10 Must be independent of medium type (eg Fixed Ethernet, > Legacy ATM, PON, WiFi, WiMax, etc) Some of thee have their own native network access mechanisms, e.g., 802.1x/11i, 802.16e EAP authentication, etc. I'm not sure its reasonable to suggest that based on DSL Forum requirements, these other access networks would suddenly start doing something else. So what does this requirement really mean? Also, some of the suggested solutions appear to be very architecture dependent. For instance, DHCP-only based authentication scheme would be inadequate in a network that employs stateless address autoconfiguration. > IPAuth-16 At an absolute minimum, must provide equivalent or better > security than PPP CHAP/MD5 does today. Must include the ability to > move to more secure authentication methods over time. Is binding of the authentication exchange to the actual address allocation exchange a requirement? E.g., RFC 3118 authentication in DHCP after an EAP run vs. simply doing EAP and then DHCP in the usual unprotected manner? Will cryptographic protection of the data packets ever be needed in any environment? Jari _______________________________________________ Int-area mailing list [email protected] https://www1.ietf.org/mailman/listinfo/int-area
