Re: [dhcwg] Comments on draft-ietf-dhc-pktc-kerb-tckt-00.txt
Sam Hartman <hartmans@mit.edu> Sun, 09 March 2003 14:16 UTC
Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA21605; Sun, 9 Mar 2003 09:16:46 -0500 (EST)
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h29ESxO15535; Sun, 9 Mar 2003 09:28:59 -0500
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h28KtrO03240 for <dhcwg@optimus.ietf.org>; Sat, 8 Mar 2003 15:55:53 -0500
Received: from konishi-polis.mit.edu (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA04478 for <dhcwg@ietf.org>; Sat, 8 Mar 2003 15:43:13 -0500 (EST)
Received: by konishi-polis.mit.edu (Postfix, from userid 8042) id 9F037151F11; Sat, 8 Mar 2003 15:45:19 -0500 (EST)
To: Paul Duffy <paduffy@cisco.com>
Cc: dhcwg@ietf.org, Ken Raeburn <raeburn@mit.edu>
Subject: Re: [dhcwg] Comments on draft-ietf-dhc-pktc-kerb-tckt-00.txt
References: <4.3.2.7.2.20030226170700.023e6bd8@funnel.cisco.com>
From: Sam Hartman <hartmans@mit.edu>
Date: Sat, 08 Mar 2003 15:45:19 -0500
In-Reply-To: <4.3.2.7.2.20030226170700.023e6bd8@funnel.cisco.com> (Paul Duffy's message of "Wed, 26 Feb 2003 17:17:13 -0500")
Message-ID: <tsl8yvp8u5c.fsf@konishi-polis.mit.edu>
User-Agent: Gnus/5.090008 (Oort Gnus v0.08) Emacs/21.2 (i386-debian-linux-gnu)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: dhcwg-admin@ietf.org
Errors-To: dhcwg-admin@ietf.org
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Id: <dhcwg.ietf.org>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
>>>>> "Paul" == Paul Duffy <paduffy@cisco.com> writes: Paul> I sense that your main objection to this draft is that it Paul> implies that PacketCable Security is not 100% RFC 1510 Paul> compliant. Will one or two lines clarifying this, along Paul> with a ref to the PacketCable Security spec, suffice? That's my only objection to the existence of the draft yes. AS you point out the IESG has already decided they disagree with me, so this objection should be ignored. Paul> Something along the line of... Paul> "Note that the PacketCable Security Specification differs Paul> from RFC 1510, see [ref] for full technical details of Paul> PacketCable's Kerberos implementation". Looks good. Paul> Agreed. Service authorization is a bogus/incorrect Paul> argument. The text... Paul> "The service provider requires this capability to support Paul> operational functions such as disabling a subscriber's Paul> service, forcing re- establishment of security associations, Paul> or for testing and remote diagnostic of CCDs. " Paul> ...needs to be changed to something like... Paul> "The service provider requires this capability to support Paul> operational functions such as forcing re-establishment of Paul> security associations or for testing and remote diagnostic Paul> of CCDs. " Sounds reasonable. Paul> I share Kens concerns re: forcing all tickets to expire. Paul> Public key ops are expensive and we try to avoid them when Paul> possible (for scaling reasons, avalanche restart conditions, Paul> etc.). But you should only need a PKI op for the TGT not for each service ticket. _______________________________________________ dhcwg mailing list dhcwg@ietf.org https://www1.ietf.org/mailman/listinfo/dhcwg
- [dhcwg] Comments on draft-ietf-dhc-pktc-kerb-tckt… Sam Hartman
- [dhcwg] Re: Comments on draft-ietf-dhc-pktc-kerb-… Ken Raeburn
- Re: [dhcwg] Comments on draft-ietf-dhc-pktc-kerb-… Paul Duffy
- Re: [dhcwg] Comments on draft-ietf-dhc-pktc-kerb-… Sam Hartman