Re: [dhcwg] draft-pruss-dhcp-auth-dsl-03
"Alan Kavanagh" <alan.kavanagh@ericsson.com> Mon, 28 July 2008 23:39 UTC
Return-Path: <dhcwg-bounces@ietf.org>
X-Original-To: dhcwg-archive@megatron.ietf.org
Delivered-To: ietfarch-dhcwg-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EE7A328C108; Mon, 28 Jul 2008 16:39:56 -0700 (PDT)
X-Original-To: dhcwg@core3.amsl.com
Delivered-To: dhcwg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4C8493A6975 for <dhcwg@core3.amsl.com>; Mon, 28 Jul 2008 16:39:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EgxY25q863QZ for <dhcwg@core3.amsl.com>; Mon, 28 Jul 2008 16:39:54 -0700 (PDT)
Received: from imr1.ericy.com (imr1.ericy.com [198.24.6.9]) by core3.amsl.com (Postfix) with ESMTP id 368CD3A6896 for <dhcwg@ietf.org>; Mon, 28 Jul 2008 16:39:54 -0700 (PDT)
Received: from eusrcmw751.eamcs.ericsson.se (eusrcmw751.exu.ericsson.se [138.85.77.51]) by imr1.ericy.com (8.13.1/8.13.1) with ESMTP id m6SNe1mb009212; Mon, 28 Jul 2008 18:40:01 -0500
Received: from ecamlmw720.eamcs.ericsson.se ([142.133.1.72]) by eusrcmw751.eamcs.ericsson.se with Microsoft SMTPSVC(6.0.3790.1830); Mon, 28 Jul 2008 18:40:01 -0500
X-MIMEOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Date: Mon, 28 Jul 2008 19:39:58 -0400
Message-ID: <35815C929B41D2479A224FE098A272270606DC50@ecamlmw720.eamcs.ericsson.se>
In-Reply-To: <1B47BE88-187A-4B10-B318-D26FEE5B825D@cisco.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [dhcwg] draft-pruss-dhcp-auth-dsl-03
thread-index: AcjwlA+4iSCkpONHTXK77BoQ2daysgAdoKhA
References: <7EF5D845-4CA3-4100-AC40-5D760F8FCB40@cisco.com><20080727091906.GN1338@steelhead.localdomain> <52CF1BCD-9BEF-4A01-869B-F20A2C72B4C6@cisco.com> <35815C929B41D2479A224FE098A272270603C841@ecamlmw720.eamcs.ericsson.se> <1B47BE88-187A-4B10-B318-D26FEE5B825D@cisco.com>
From: Alan Kavanagh <alan.kavanagh@ericsson.com>
To: Richard Pruss <ric@cisco.com>
X-OriginalArrivalTime: 28 Jul 2008 23:40:01.0341 (UTC) FILETIME=[40C166D0:01C8F10B]
Cc: dhcwg@ietf.org, Yoshihiro Ohba <yohba@tari.toshiba.com>
Subject: Re: [dhcwg] draft-pruss-dhcp-auth-dsl-03
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://www.ietf.org/mailman/private/dhcwg>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: dhcwg-bounces@ietf.org
Errors-To: dhcwg-bounces@ietf.org
Hmm, im not quite sure on this. To me, a subscriber being attached to a Physical DSL Line would need to have the possibility to authenticate just this subscriber for a given IP Service, this is not tied to NAT or ALG in any way. I agree Richard that for a bridged RGw this is not an issue since the individual subscriber must be authenticated in this case, but for this to work, DHCP_Auth is "Required to be supported by the clients"....and this to me is a burden on the clients, is this something we want to push Richard? This is what im asking. Now this is also similar in the "Routed RGw" case, i dont just want to have line authentication, i "need per subscriber authentication" and looking at the current draft we perhaps need to put some additional use cases to handle these noted above, would you agree? BR Alan K -----Original Message----- From: Richard Pruss [mailto:ric@cisco.com] Sent: July 28, 2008 5:27 AM To: Alan Kavanagh Cc: Yoshihiro Ohba; dhcwg@ietf.org Subject: Re: [dhcwg] draft-pruss-dhcp-auth-dsl-03 I certainly would be concerned with trying to drive deployed DSL Forum architectures to somehow authentication sessions behind the residential gateway, with a bridge it is all simple, but when you have a gateway with NAT then things become complicated. In DSL we have no equivalent of the tight coupled Media Access Control layer in the cable model in the RG. So whenever the home network becomes part of the authentication discussion and ideas start to take flight about coupling ALG's in NAT with authentication in the RG, I run a mile. - Ric On 28/07/2008, at 6:06 AM, Alan Kavanagh wrote: > I agree with what Yoshihiro has pointed out, in that there is no way > to indicate how a EAP Failure would be indicated to the client in > DHCP_Auth. > > Similarly, im a little bit worried here about how we would use > DHCP_Auth to authenticate individual IP Sessions behind the same > subscriber line? > > Alan K > > -----Original Message----- > From: dhcwg-bounces@ietf.org [mailto:dhcwg-bounces@ietf.org] On Behalf > Of Richard Pruss > Sent: July 27, 2008 7:47 AM > To: Yoshihiro Ohba > Cc: dhcwg@ietf.org > Subject: Re: [dhcwg] draft-pruss-dhcp-auth-dsl-03 > > Thanks for your comments, > > On 27/07/2008, at 10:19 AM, Yoshihiro Ohba wrote: > >> I have a couple of comments on new dhcp-auth I-D. >> >> - It still does not seem to address the issue of the difference in >> retransmission directions. Especially I am not sure how dhcp-auth >> works when EAP-Success/Failure gets lost. >> >> - Comment on fragmentation. The current draft says that there is >> over > >> 200-octet space available more than the EAP MTU of 1020 octets. >> However, I am not sure that if over 200-octet space is really >> sufficient for 1500-octet MTU considering that DHCP relay agent >> information option can be inserted by DHCP relay agent as well as >> there can be 'shim' layers below IP. > > Relay's typically add only port information so I think we can be quiet > safe with our 200 bytes also considering the real world EAP packet > sizes. > > - Ric > > >> >> >> - DHCP EAP request response message can be more confusing, >> considering > >> the new extension to EAP such as ERX (draft-ietf-hokey-erx) where two >> new messages are defined that are neither request nor response. >> Considering ERX, I would strongly discourage combining DHCP and EAP >> because ERX can make integration of DHCP and EAP even more difficult. >> It is best if we separate IP address configuration from network >> access > >> authentication. >> >> Regards, >> Yoshihiro Ohba >> >> On Fri, Jul 25, 2008 at 08:41:44AM +1000, Richard Pruss wrote: >>> Hi, >>> >>> To help the discussion next week I was prompted to put out a summary >>> of changes. >>> http://tools.ietf.org/html/draft-pruss-dhcp-auth-dsl-03 >>> >>> We have tried in this version to address concerns raised in IETF 70. >>> Jari and Ralph's preso may remind you of those: >>> http://www.ietf.org/proceedings/07dec/slides/intarea-2/sld1.htm >>> >>> We have added a first draft proposal for DHCPv6 messages for a >>> limited set of IPv6 deployments. >>> http://tools.ietf.org/html/draft-pruss-dhcp-auth-dsl-03#section-5.2 >>> >>> We now have added a DHCP relay model to the DHCP proxy/server model >>> that was the document model. >>> (DHCP proxy is a term used in the DSL architectures, where the BRAS >>> acts as a server to the client.) >>> >>> We have added a section on fragmentation. >>> http://tools.ietf.org/html/draft-pruss-dhcp-auth-dsl-03#section-8 >>> >>> The DHCP EAP request response messages are now separate messages to >>> possibly make the flow clearer and hopefully make the discussion >>> around DHCP vs EAP retransmission responsibility easier for people >>> to > >>> understand. >>> >>> There is a section on backwards compatibility and a number of cases >>> considered, no updates to that but it addresses one of the bullets >>> on > >>> the slides in IETF-70. >>> >>> - Ric >>> >>> _______________________________________________ >>> dhcwg mailing list >>> dhcwg@ietf.org >>> https://www.ietf.org/mailman/listinfo/dhcwg >>> > > _______________________________________________ > dhcwg mailing list > dhcwg@ietf.org > https://www.ietf.org/mailman/listinfo/dhcwg _______________________________________________ dhcwg mailing list dhcwg@ietf.org https://www.ietf.org/mailman/listinfo/dhcwg
- [dhcwg] draft-pruss-dhcp-auth-dsl-03 Richard Pruss
- Re: [dhcwg] draft-pruss-dhcp-auth-dsl-03 Richard Pruss
- Re: [dhcwg] draft-pruss-dhcp-auth-dsl-03 Alan Kavanagh
- Re: [dhcwg] draft-pruss-dhcp-auth-dsl-03 Richard Pruss
- Re: [dhcwg] draft-pruss-dhcp-auth-dsl-03 Templin, Fred L
- Re: [dhcwg] draft-pruss-dhcp-auth-dsl-03 Alan Kavanagh
- Re: [dhcwg] draft-pruss-dhcp-auth-dsl-03 Richard Pruss
- Re: [dhcwg] draft-pruss-dhcp-auth-dsl-03 Templin, Fred L