Re: [dhcwg] draft-ietf-dhc-packetcable-03.txt

Paul Duffy <paduffy@cisco.com> Wed, 23 October 2002 02:45 UTC

Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id WAA13224 for <dhcwg-archive@odin.ietf.org>; Tue, 22 Oct 2002 22:45:18 -0400 (EDT)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id g9N2lCR23009 for dhcwg-archive@odin.ietf.org; Tue, 22 Oct 2002 22:47:12 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id g9N2lCv23006 for <dhcwg-web-archive@optimus.ietf.org>; Tue, 22 Oct 2002 22:47:12 -0400
Received: from www1.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id WAA13217 for <dhcwg-web-archive@ietf.org>; Tue, 22 Oct 2002 22:44:47 -0400 (EDT)
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id g9N2j5v22948; Tue, 22 Oct 2002 22:45:05 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id g9N2iEv22891 for <dhcwg@optimus.ietf.org>; Tue, 22 Oct 2002 22:44:14 -0400
Received: from funnel.cisco.com (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id WAA13106 for <dhcwg@ietf.org>; Tue, 22 Oct 2002 22:41:48 -0400 (EDT)
Received: from paduffy-w2k.cisco.com (che-vpn1-42.cisco.com [10.86.240.42]) by funnel.cisco.com (8.8.5-Cisco.1/8.6.5) with ESMTP id WAA13239; Tue, 22 Oct 2002 22:43:59 -0400 (EDT)
Message-Id: <4.3.2.7.2.20021022180633.04fd38a8@funnel.cisco.com>
X-Sender: paduffy@funnel.cisco.com
X-Mailer: QUALCOMM Windows Eudora Version 4.3.2
Date: Tue, 22 Oct 2002 22:43:58 -0400
To: Thomas Narten <narten@us.ibm.com>
From: Paul Duffy <paduffy@cisco.com>
Subject: Re: [dhcwg] draft-ietf-dhc-packetcable-03.txt
Cc: dhcwg@ietf.org
In-Reply-To: <200210221615.g9MGFR831663@rotala.raleigh.ibm.com>
References: <Message from Paul Duffy <paduffy@cisco.com> <4.3.2.7.2.20021016112408.02a0a348@funnel.cisco.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: dhcwg-admin@ietf.org
Errors-To: dhcwg-admin@ietf.org
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Id: <dhcwg.ietf.org>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>

Thomas,

Inline please...

> > >Should this document add a normative references to
> > >draft-ietf-dhc-concat-05.txt (which has been approved by the IESG, so
> > >referencing it shouldn't be a problem)? Seems like that would make
> > >sense.
>
> > If you feel inclusion of this draft is a hard requirement, PacketCable 
> will
> > have to open this issue with the manufacturers...further delaying the
> > progress of this draft (not good for us).  I'm also going to need an RFC #
> > for the ref ?
>
>Note: dhc-concat has been approved by the IESG, so this document
>doesn't need to wait for it.
>
>The question is, should this document require the other as well? Seems
>to me like that might be useful. Hence, I asked.

I assume you mean "should the CCC option require concat".  We're discussing 
this at PacketCable.


> > >The CCC options for configuring Kerberos parameters seems odd to me
> > >(what kerberos document talks about the need for tuning these
> > >parameters?). The IESG may want this reviewed by someone with kerberos
> > >clue. (I'm just saying this so that there are no surprises should this
> > >issue come up later.)
>
> > This is a specific need of a PacketCable MTA.  It does not present any
> > issues with the Kerberos RFCs.  The CCC option is, by definition, 
> Cablelabs
> > specific, so PacketCable does not see this causing any issues with non
> > Cablelabs devices.
>
>If there are no issues with the kerberos RFCs, why do you need an
>option to tune how they behave?

Several comments from various PacketCable team members:

"Kerberos-5 protocol (RFC-1510) does not define any specific backoff and 
retry algorithm. Consequently, all specifics of the backoff and retry 
mechanism for AS- and AP-exchange are defined by the PacketCable security 
spec, and involves the parameters supplied by the DHCP Server to 
parameterize the Kerberos Authentication for Provisioning Service."

Further...

"None of the subsequent IETF drafts such as Kerberos clarifications define 
it either - I don't think that a specific retry mechanism was ever 
considered to be in scope of the Kerberos IETF working group."

Thus the need for the sub-options.


>In terms of how to proceed, you might consider posting proposed text
>for each of the items prior to reissuing the draft.

Cheers,


--

Paul Duffy
Cisco Systems, Inc.
paduffy@cisco.com


_______________________________________________
dhcwg mailing list
dhcwg@ietf.org
https://www1.ietf.org/mailman/listinfo/dhcwg