[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Windows 2000 and Cicsco router interoperability





Stephen Kent wrote:

[ snip ]
> 
> The "features that AAA provides?"  AAA is a WG but there are no AAA
> standards yet. In fact, the WG drafts so far focusing only on
> requirements for the protocols that will be standardized, in the
> future. So  a reference to what "AAA provides"  or to "customers who
> are so fond of their AAA infrastructure" appears to be in the future,
> optimistic tense.
> 
> AAA, when it exists, will encompass authentication as well as access
> control. We are focusing on the access control aspect of IPsec.

So, we have all been dialing into our ISPs without any Authentication,
Authorization or Accounting? Wow, the IETF had better hurry up before
people catch on!

Seriously, Stephen, Chinna was referring to current AAA practices. Yes,
they exist, and those who own and operate the networks are quite
concerned about them. 

- Mark


> Global pre-shared keys are an easy way to deploy IKE, but that does
> not make them a good idea.  It is understandable that customers want
> to employ IPsec but also want to minimize the costs of deploying it.
> The desire to make use of an existing user authentication
> infrastructure is also understandable in this context, but is
> separable from the access control mechanisms we are discussing.

[ snip ]


Follow-Ups: References: