[e2e] on local ethernet throughput?
Vernon Schryver
vjs at calcite.rhyolite.com
Wed Oct 24 16:08:34 PDT 2001
> From: "Andrew Smith" <ah_smith at acm.org>
> You're missing my point: for every new link technology, you do need two
> forms of interaction between the control plane and the data plane in the
> device that is situated at the point where you want to control access, in
> order to a) extract the authentication information from the data stream and
> b) to enforce the authentication decision (or, to be precise, the
> authorisation decision). That is all that 802.1X specifies, for 802-like
> link technologies. You are correct that there is no need to re-invent the
> authentication protocols themselves for each link technology (802.1X does
> not touch that).
I don't think I missed that point.
If you mean that if DSL were going to use some kind of 802 framing
like 802.3, then 802.1X would have been right, then I'd agree.
What you may have missed is that there was no need to get any 802
anything involved. Fancy jargon about planes does not make a
fundamentally simply and long ago solved problem complicated.
80.21X may be wonderful for 802.11 and other links that have nothing
to do with PPP (or necessarily to do with IP).
As long as they are using PPP with PPP's authentication mechanisms,
jamming Ethernet between PPP and the DSL framing was just plain silly.
> The issue of whether PPP needed new authentication protocols is an entirely
> separate question that is link-technology-independent - many in IETF
> believed that there was a need for something to decouple the operational
> issues around continuously upgrading PPP authentication in the dial-up
> servers (RASs): they came up with EAP (which is really just a framework)
> which makes things easier in that regard (not perfect of course, but
> better).
Don't tell people in the PPPEXT WG, but I'm not the only WG participant
that considers EAP a typical case of what's wrong with the IETF.
EAP would nothing to stop upgrading PPP authentication code in dial-up
servers, if there were any real need to upgrade PPP authentication
code in dial-up servers except to fix bugs, of which there would be
more for EAP if EAP were widely implemented. All that EAP does
or can do on that front is cause more upgrading of RAS firmware.
EAP does nothing to solve the real problem in PPP authentication,
which is the fact that it happens after LCP instead of during. EAP
might have been the better way to do AUTH, but given AUTH, EAP just
gilds the sows ear with not really useful extensibility that does not
make a silk purse.
Vernon Schryver vjs at rhyolite.com
More information about the end2end-interest
mailing list