as spelled out by others already, we need to separate the aspects here.
So the 'unauthenticated' draft intends to cover
1) the VSP/ASP related part
2) the access/ISP part.
3) unauthenticated access (no credentials)
4) unauthorized cases like empty prepaid account, roaming not allowed
etc, where credentials are available but do not allow regular access.
Considerations for 3) and 4) are different between the VSP/ASP and
access/ISP cases. For the VSP/ASP part, we probably do not need to care
a lot about 4), but for access/ISP this is different. And unfortunately
regulatory requirements for 4) are pretty different from the
Now, regarding EAP:
Up to now, IETF does not provide any recommendation for 3) and 4). This
made different organizations come up with different incompatible ways to
solve the problem.
The idea behind adding the EAP considerations to our draft was to
discuss whether IETF is able to recommend a common way. Any such
recommendation needs to cover both 3) and 4) (not just unauthenticated).
> -----Original Message-----
> From: ecrit-bounces@xxxxxxxx [mailto:ecrit-bounces@xxxxxxxx]
> On Behalf Of ext Brian Rosen
> Sent: Tuesday, March 23, 2010 10:29 PM
> To: Thomson, Martin; Richard Barnes; Bernard Aboba
> Cc: emu@xxxxxxxx; ecrit@xxxxxxxx
> Subject: Re: [Ecrit] emergency access and EAP-TLS (and denial
> of serviceattacks on the emergency.com domain)
> I think the relevant part of this is 'it's not a high
> priority'. That is
> policy of the work group, which we do have control over.
> If we have nothing else more important to do, then by all
> means, let's waste
> a ton of time on unauthenticated access. If we have other work to do,
> perhaps we could defer this.
> I am not the chair, but in general, anyone can discuss
> anything, regardless
> of "priority" on the list. However, when it comes to
> adopting work group
> items, I think this should be way down our list.
> I might also suggest that unauthenticated access really isn't
> within the
> charter of the work group. It may be that the reason
> unauthenticated access
> may be needed is for emergency calling, but that means we may
> need to ask some other work group to do work for a
> requirement we generate.
> It would seem that dealing with EAP is not within the domain
> of this work
> On 3/23/10 5:14 PM, "Thomson, Martin"
> <Martin.Thomson@xxxxxxxxxx> wrote:
> >> A large percentage (in fact an overwhelming percentage) of
> PSAPs DON'T
> >> WANT
> >> unauthenticated access. Their position is that they have lots of
> >> relevant
> >> experience, and its all bad (tens of thousands of calls
> with no good
> >> ones in
> >> some cases).
> >> However, there are some PSAPs who want it, and there are some
> >> regulatory
> >> environments where there are some lawyers who think it's
> required to
> >> support
> >> it in some environments.
> > The good thing is: we don't set policy here. I'm not
> seeing sufficient
> > evidence that _everyone_ doesn't want this, only that some
> don't want this.
> > I can't comment on priority. That would be policy too.
> > --Martin
> Ecrit mailing list
Ecrit mailing list