[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Charter



>I don't think that one needs to swallow the AAA pill in order to get
>"legacy user authentication" benefits.  

I couldn't agree more. 

>Corporations have already dealt with the scalability implications, I
>don't think we introduce any new ones 

It is worth remembering that any changes made to IKE will affect not
only tunnel mode, but also transport mode. This means that there is
the potential for a larger impact than just remote access. 
Mechanisms that can be used many times during a user's
session need to be more scalable than ones which are only
used once. For example, it would be silly for a user to
have to pull out their token card whenever they
wanted to talk to a new destination during a remote access
session.  

>  Indeed there are implications for the server/tunnel endpoint 
>  AS A SYSTEM.

Yes. 

> The only reason that RADIUS appeared in the draft IPSRA charter was as
> an example of a legacy system that is currently in use

Specifically, the charter refers to RADIUS as a type of authentication,
which it is not.