[e2e] on local ethernet throughput?

Andrew Smith ah_smith at acm.org
Wed Oct 24 16:03:11 PDT 2001


Vern,

You're missing my point: for every new link technology, you do need two
forms of interaction between the control plane and the data plane in the
device that is situated at the point where you want to control access, in
order to a) extract the authentication information from the data stream and
b) to enforce the authentication decision (or, to be precise, the
authorisation decision). That is all that 802.1X specifies, for 802-like
link technologies. You are correct that there is no need to re-invent the
authentication protocols themselves for each link technology (802.1X does
not touch that).

The issue of whether PPP needed new authentication protocols is an entirely
separate question that is link-technology-independent - many in IETF
believed that there was a need for something to decouple the operational
issues around continuously upgrading PPP authentication in the dial-up
servers (RASs): they came up with EAP (which is really just a framework)
which makes things easier in that regard (not perfect of course, but
better).

Andrew

-----Original Message-----
From: end2end-interest-admin at postel.org
[mailto:end2end-interest-admin at postel.org]On Behalf Of Vernon Schryver
Sent: Wednesday, October 24, 2001 3:25 PM
To: end2end-interest at postel.org
Subject: RE: [e2e] on local ethernet throughput?

...
> At 01:23 PM 10/24/2001 -0700, Andrew Smith wrote:
> >There are plenty of other possibilities that involve "user"
authentication
> >in the control plane that don't need to touch the data plane packet
> >encapsulation. One example is what we did for IEEE 802.1X - an on/off
switch
> ...

What does IEEE 802.anything have to do with the problem?
Why re-invent the wheel?




More information about the end2end-interest mailing list