IETF Logo Mail Archive

Re: [dhcwg] draft-pruss-dhcp-auth-dsl-03

Richard Pruss <ric@cisco.com> Mon, 28 July 2008 09:26 UTC

Return-Path: <dhcwg-bounces@ietf.org>
X-Original-To: dhcwg-archive@megatron.ietf.org
Delivered-To: ietfarch-dhcwg-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 273AD3A68DD; Mon, 28 Jul 2008 02:26:34 -0700 (PDT)
X-Original-To: dhcwg@core3.amsl.com
Delivered-To: dhcwg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C75773A680A for <dhcwg@core3.amsl.com>; Mon, 28 Jul 2008 02:26:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Mf4W6QGAduCj for <dhcwg@core3.amsl.com>; Mon, 28 Jul 2008 02:26:32 -0700 (PDT)
Received: from sj-iport-2.cisco.com (sj-iport-2.cisco.com [171.71.176.71]) by core3.amsl.com (Postfix) with ESMTP id 909473A68FA for <dhcwg@ietf.org>; Mon, 28 Jul 2008 02:26:32 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="4.31,264,1215388800"; d="scan'208";a="69535839"
Received: from sj-dkim-2.cisco.com ([171.71.179.186]) by sj-iport-2.cisco.com with ESMTP; 28 Jul 2008 09:26:41 +0000
Received: from sj-core-5.cisco.com (sj-core-5.cisco.com [171.71.177.238]) by sj-dkim-2.cisco.com (8.12.11/8.12.11) with ESMTP id m6S9QfRb014071; Mon, 28 Jul 2008 02:26:41 -0700
Received: from xbh-sjc-231.amer.cisco.com (xbh-sjc-231.cisco.com [128.107.191.100]) by sj-core-5.cisco.com (8.13.8/8.13.8) with ESMTP id m6S9QfZL012301; Mon, 28 Jul 2008 09:26:41 GMT
Received: from xfe-sjc-211.amer.cisco.com ([171.70.151.174]) by xbh-sjc-231.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 28 Jul 2008 02:26:40 -0700
Received: from [172.16.4.199] ([10.21.85.150]) by xfe-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 28 Jul 2008 02:26:39 -0700
Message-Id: <1B47BE88-187A-4B10-B318-D26FEE5B825D@cisco.com>
From: Richard Pruss <ric@cisco.com>
To: Alan Kavanagh <alan.kavanagh@ericsson.com>
In-Reply-To: <35815C929B41D2479A224FE098A272270603C841@ecamlmw720.eamcs.ericsson.se>
Mime-Version: 1.0 (Apple Message framework v928.1)
Date: Mon, 28 Jul 2008 10:26:36 +0100
References: <7EF5D845-4CA3-4100-AC40-5D760F8FCB40@cisco.com><20080727091906.GN1338@steelhead.localdomain> <52CF1BCD-9BEF-4A01-869B-F20A2C72B4C6@cisco.com> <35815C929B41D2479A224FE098A272270603C841@ecamlmw720.eamcs.ericsson.se>
X-Mailer: Apple Mail (2.928.1)
X-OriginalArrivalTime: 28 Jul 2008 09:26:40.0151 (UTC) FILETIME=[0A77D270:01C8F094]
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=4376; t=1217237201; x=1218101201; c=relaxed/simple; s=sjdkim2002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=ric@cisco.com; z=From:=20Richard=20Pruss=20<ric@cisco.com> |Subject:=20Re=3A=20[dhcwg]=20draft-pruss-dhcp-auth-dsl-03 |Sender:=20; bh=SZnuVO9wLy+8E6JtF39fWJ1J0o8r2fQCyqGW2RbHNS0=; b=zUqTgmM+qapSVUCqr+VLBw0aQqBD+zSyvSsJS28+xB1xhCI4aEbPWZedWM Ng6XcbaL7N2In5WrGEPOkkjKHnW7VFTe2jMvAFl4Joz72zrg6T6O0YcQuX2C XpLoyFYS8k;
Authentication-Results: sj-dkim-2; header.From=ric@cisco.com; dkim=pass ( sig from cisco.com/sjdkim2002 verified; );
Cc: dhcwg@ietf.org, Yoshihiro Ohba <yohba@tari.toshiba.com>
Subject: Re: [dhcwg] draft-pruss-dhcp-auth-dsl-03
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://www.ietf.org/mailman/private/dhcwg>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"; DelSp="yes"
Sender: dhcwg-bounces@ietf.org
Errors-To: dhcwg-bounces@ietf.org

I certainly  would be concerned with trying to drive deployed DSL  
Forum architectures to somehow authentication sessions behind the  
residential gateway, with a bridge it is all simple, but when you have  
a gateway with NAT then things become complicated.

In DSL we have no equivalent of the tight coupled Media Access Control  
layer in the cable model in the RG. So whenever the home network  
becomes part of the authentication discussion and ideas start to take  
flight about coupling ALG's in NAT with authentication in the RG, I  
run a mile.

- Ric


On 28/07/2008, at 6:06 AM, Alan Kavanagh wrote:

> I agree with what Yoshihiro has pointed out, in that there is no way  
> to
> indicate how a EAP Failure would be indicated to the client in
> DHCP_Auth.
>
> Similarly, im a little bit worried here about how we would use  
> DHCP_Auth
> to authenticate individual IP Sessions behind the same subscriber  
> line?
>
> Alan K
>
> -----Original Message-----
> From: dhcwg-bounces@ietf.org [mailto:dhcwg-bounces@ietf.org] On Behalf
> Of Richard Pruss
> Sent: July 27, 2008 7:47 AM
> To: Yoshihiro Ohba
> Cc: dhcwg@ietf.org
> Subject: Re: [dhcwg] draft-pruss-dhcp-auth-dsl-03
>
> Thanks for your comments,
>
> On 27/07/2008, at 10:19 AM, Yoshihiro Ohba wrote:
>
>> I have a couple of comments on new dhcp-auth I-D.
>>
>> - It still does not seem to address the issue of the difference in
>> retransmission directions.  Especially I am not sure how dhcp-auth
>> works when EAP-Success/Failure gets lost.
>>
>> - Comment on fragmentation.  The current draft says that there is  
>> over
>
>> 200-octet space available more than the EAP MTU of 1020 octets.
>> However, I am not sure that if over 200-octet space is really
>> sufficient for 1500-octet MTU considering that DHCP relay agent
>> information option can be inserted by DHCP relay agent as well as
>> there can be 'shim' layers below IP.
>
> Relay's typically add only port information so I think we can be quiet
> safe with our 200 bytes also considering the real world EAP packet
> sizes.
>
> - Ric
>
>
>>
>>
>> - DHCP EAP request response message can be more confusing,  
>> considering
>
>> the new extension to EAP such as ERX (draft-ietf-hokey-erx) where two
>> new messages are defined that are neither request nor response.
>> Considering ERX, I would strongly discourage combining DHCP and EAP
>> because ERX can make integration of DHCP and EAP even more difficult.
>> It is best if we separate IP address configuration from network  
>> access
>
>> authentication.
>>
>> Regards,
>> Yoshihiro Ohba
>>
>> On Fri, Jul 25, 2008 at 08:41:44AM +1000, Richard Pruss wrote:
>>> Hi,
>>>
>>> To help the discussion next week I was prompted to put out a summary
>>> of changes.
>>> http://tools.ietf.org/html/draft-pruss-dhcp-auth-dsl-03
>>>
>>> We have tried in this version to address concerns raised in IETF 70.
>>> Jari and Ralph's preso may remind you of those:
>>> http://www.ietf.org/proceedings/07dec/slides/intarea-2/sld1.htm
>>>
>>> We have added a first draft proposal for DHCPv6 messages for a
>>> limited set of IPv6 deployments.
>>> http://tools.ietf.org/html/draft-pruss-dhcp-auth-dsl-03#section-5.2
>>>
>>> We now have added a DHCP relay model to the DHCP proxy/server model
>>> that was the document model.
>>> (DHCP proxy is a term used in the DSL architectures, where the BRAS
>>> acts as a server to the client.)
>>>
>>> We have added a section on fragmentation.
>>> http://tools.ietf.org/html/draft-pruss-dhcp-auth-dsl-03#section-8
>>>
>>> The DHCP EAP request response messages are now separate messages to
>>> possibly make the flow clearer and hopefully make the discussion
>>> around DHCP vs EAP retransmission responsibility easier for people  
>>> to
>
>>> understand.
>>>
>>> There is a section on backwards compatibility and a number of cases
>>> considered, no updates to that but it addresses one of the bullets  
>>> on
>
>>> the slides in IETF-70.
>>>
>>> - Ric
>>>
>>> _______________________________________________
>>> dhcwg mailing list
>>> dhcwg@ietf.org
>>> https://www.ietf.org/mailman/listinfo/dhcwg
>>>
>
> _______________________________________________
> dhcwg mailing list
> dhcwg@ietf.org
> https://www.ietf.org/mailman/listinfo/dhcwg

_______________________________________________
dhcwg mailing list
dhcwg@ietf.org
https://www.ietf.org/mailman/listinfo/dhcwg

v2.23.0 | Report a Bug | By Email