> > I'm not aware, either. > > In other uses of AAA (such as with WiFi, WiMAX, 3GPP2, etc.) I know > that > > the > > subscriber ID is hidden from the NAS. There are even specific methods > > deployed for that purpose. So, disclosing that ID would not be > acceptable > > there. I'm just not sure if the same privacy concerns apply to the > VPN > > deployments. > > It's not "hidden" it's just unavailable because there is no way to > get it (see above) and, in the case of WiFi (and I suspect WiMAX) it's > just a binary decision anyway. > > The notion that there could be some privacy concerns does not sound > serious. You're going to give the NAS the power to impersonate the > client, > inspect all the client's packets, forge packets to and from the client, > tamper with all the client's packets in an undetectable manner, yet for > "privacy concerns" the NAS can't be told the real identity of the > client? > That's sort of like someone eating 4 chocolate cakes but washing it all > down with a diet soda because of "weight concerns".
:-) Mobile/wireless networks support roaming, and one operator's subscriber may visit a NAS that belongs to another operator (or even a WiFi AP in a coffee shop). Subscribers are concerned about location privacy, and they don't want to leave a trace at every location they visit (which can get into the wrong hands). Secondly, the operators don't want their roaming partners to know the ID of their subscribers (especially if it is also an email address), because that can be used for switching (luring) customers. Alper > > regards, > > Dan. > > > _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
