A few thoughts on [Re: Invitation to Network Providers]

Robert E. Seastrom rs at intercon.com
Thu Mar 10 04:26:12 UTC 1994

>         The software program will also obtain, or alternatively ask 
> for, the name of the network provider and/or the brand of the 
> communications server used at the network provider's POP (typically 
> CISCO, Livingston, Emulex, or other hardware).  This will enable 
> CSI's program to construct the brief but critical connect-time 
> SLIP/PPP negotiation macro used for initializing the network 
> connection and in some cases, for obtaining the user's dynamic IP 
> address assigned at connect time by some network providers. 

Handwaving this is inviting trouble.  A macro language for writing chat 
scripts (such as Apple's ARA CCL, which sucks but works) needs to be 
specified, and the scripts should be delivered in human-readable/editable 
(eg. text file, not compiled) format so that they can be tweaked to fit any 
local weirdnesses for a particular provider or have hacks installed by a 
savvy user to get around local problems like a cranky PBX (ie, don't let the 
desire to be user-friendly eclipse the need to be easily reconfigurable by a 
knowledgable person).  Moreover, hooks for more parameters than just UserID, 
Password, IPAddress, PhoneNumber, and MaxSpeed need to be provided to support 
things like secondary passwords, callback, etc.

DefaultGatewayIP is superfluous in the case of the single leaf node connected 
to a terminal server running PPP.  Since nothing else here addresses the 
complexities of routing to a subnet, I conclude that this proposal only 
addresses the former case.  You may as well just dike that field out.

For POP3, NNTP, and SMTP, you need to specify return addresses and full-
names.  These will not necessarily be the same as the username in the 
terminal emulator or PPP session, for obvious reasons.

  I like the idea of a configuration language that hides the nuts and bolts 
of PPP from Joe and Jane Luddite with their 486-PC-running-Windows <grin> but 
I think it needs lots more thought before it is viable in the wide variety of 
circumstances it will find itself in out there in real world.

Oh yeah, I don't think it's such a hot idea to promulgate a new standard in 
which (a) passwords are stored online in cleartext, and (b) reusable 
passwords are passed back and forth over the net in cleartext.  Better by far 
to specify Kerberos or a session key handshake for user authentication, and 
maybe even encrypt the entire session...

Just my two cents worth...


More information about the NANOG mailing list