Re: [pcp] Server's auth policy discovery

[Alper Yegin <alper.yegin@yegin.org>]

Sam,

For a client to decide whether it will use auth or not, it needs to know the server policy.
A server that implements auth does not mean that the client must use auth.
Server may still be configured to allow unauth clients.

This is why I have three distinct cases.

And this I'm asking independent of the PANA port-sharing discussion.

As for dealing with discovery for PANA port-sharing, either:
- We agree that it's OK for all clients to start with "no auth", or
- We use a DHCP-based solution (I know you are not happy with this), or
- We use an ANNOUNCE-based auth policy discovery solution

At least one of these would handle the issue.

Alper




On Oct 12, 2012, at 3:09 PM, Sam Hartman wrote:

>>>>>> "Alper" == Alper Yegin <alper.yegin@yegin.org> writes:
> 
>    Alper> Sam,
>    Alper> On Oct 12, 2012, at 2:35 PM, Sam Hartman wrote:
> 
>>>>>>> "Yoshihiro" == Yoshihiro Ohba <yoshihiro.ohba@toshiba.co.jp> writes:
>>> 
>    Yoshihiro> Is discoverying binary policy (auth
>    Yoshihiro> unsupported/supported) is enough, or is discovering
>    Yoshihiro> three-policy (auth unsupported/mandated/optional) needed?
>>> 
>>> I think discovering auth supported is sufficient.
> 
>    Alper> So, you suggest eliminating case 2 below?
> 
>    Alper> 1. auth not used (not supported, or disabled) 2. use of auth
>    Alper> is optional (i.e., PCP Client's decision) 3. auth is
>    Alper> mandatory to use
> 
> No.  I simply think that if you know whether the server supports auth
> then you can avoid sending auth to a server known not to support it,
> which is a problem in the PANA port sharing case.
> 
> I guess what I should have said is that  if clients who want to use auth
> have a way to discover if auth is supported, then I don't think we have
> any concerns.
> 
> --Sam