Sadly, the internet is no longer a "free for all" and we need to authenticate devices as well as people.... ... and TCP/IP predates and does not conform the ISO seven-layer model (remember its a "model" not a set of rigid rules) no matter how much you try and bash it to fit so you can sell to EU governments who want ISO conformance... .. for example we normally do WiFi authentication some where down in the lower layers, and many switches also authentic at the MAC level to prevent rouge devices...
Dave G4UGM
-----Original Message----- From: 44Net 44net-bounces+dave.g4ugm=gmail.com@mailman.ampr.org On Behalf Of Toussaint OTTAVI via 44Net Sent: 17 February 2021 10:04 To: 44net@mailman.ampr.org Cc: Toussaint OTTAVI t.ottavi@bc-109.com Subject: Re: [44net] ASN # and Network Service Provider (NSP)
Le 16/02/2021 à 14:02, Cliff Sojourner via 44Net a écrit :
User authentication and user authorization belong in application layer,
there is no place for those in any network layer.
I don't know on which layer you could put it, but filtering access by source IP is a commonly used technique in business networks for restricting access.
Of course, it's different from user authentication. But it can be useful as a simple pre-authentication for a group of users : all users coming from a 44net IP are licensed operators. Then, a simple firewall rule can grant them access to the private parts of the network.
73 de TK1BI
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net