IETF Logo Mail Archive

Re: [Dime] DiME ERP: new Application ID or not ? (non-roaming case)

Julien Bournelle <julien.bournelle@gmail.com> Tue, 10 March 2009 10:13 UTC

Return-Path: <julien.bournelle@gmail.com>
X-Original-To: dime@core3.amsl.com
Delivered-To: dime@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8977B3A6CED for <dime@core3.amsl.com>; Tue, 10 Mar 2009 03:13:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cqtaXbjOKAWo for <dime@core3.amsl.com>; Tue, 10 Mar 2009 03:13:40 -0700 (PDT)
Received: from mail-gx0-f167.google.com (mail-gx0-f167.google.com [209.85.217.167]) by core3.amsl.com (Postfix) with ESMTP id 5F5663A6905 for <dime@ietf.org>; Tue, 10 Mar 2009 03:13:40 -0700 (PDT)
Received: by gxk11 with SMTP id 11so766451gxk.13 for <dime@ietf.org>; Tue, 10 Mar 2009 03:14:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=lqkaKGzj99Sr89q3+1kjE1yRk0sWCHR+toJbyumrQJo=; b=UI1ihO0aUfAc3paUOb1rFRFXa1pPCRlJR6NG0tTp5jaub1Mqz6uCOatqod3MVgueXf s+yZ04NUsuNom+l6Om1HdrxzsoQz/8IG2XWqM5E/hScUf7b+CZVgOh+zcSc7GMQEC2yv ajsYMGZ3I5CToY41yJCbDwi80796FE/ldAbKQ=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=Y0vDNBWqTFZ51p12JA73G1wiUGhMnsZl8zB+f/T/ZafOMl9ro3j+4m24X8eBmK30E/ RGBUmxM6BG01fJ7zVeJpmOavEm2SPJGWtBYbfU2fv0VlAxFBAX5rPBaiZQZidlCvvTaw LAmuPtcvBaGU4bBOUkDvMIvJhfUtP9l81xNDk=
MIME-Version: 1.0
Received: by 10.220.95.75 with SMTP id c11mr2248626vcn.1.1236680055010; Tue, 10 Mar 2009 03:14:15 -0700 (PDT)
In-Reply-To: <021601c99f18$ee622250$0201a8c0@nsnintra.net>
References: <5e2406980903032305k48ad83b7r1015e61c6ed983ae@mail.gmail.com> <020e01c99ca1$3b704150$2fb4b70a@nsnintra.net> <5e2406980903040203i26ab161bs3f221dc4ac03ed7@mail.gmail.com> <021601c99f18$ee622250$0201a8c0@nsnintra.net>
Date: Tue, 10 Mar 2009 11:14:14 +0100
Message-ID: <5e2406980903100314ycaf2a26mebff07d6e8ad395a@mail.gmail.com>
From: Julien Bournelle <julien.bournelle@gmail.com>
To: Hannes Tschofenig <Hannes.Tschofenig@gmx.net>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: dime@ietf.org
Subject: Re: [Dime] DiME ERP: new Application ID or not ? (non-roaming case)
X-BeenThere: dime@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Diameter Maintanence and Extentions Working Group <dime.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dime>, <mailto:dime-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dime>
List-Post: <mailto:dime@ietf.org>
List-Help: <mailto:dime-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dime>, <mailto:dime-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Mar 2009 10:13:41 -0000

Hi hannes,

On Sat, Mar 7, 2009 at 12:36 PM, Hannes Tschofenig
<Hannes.Tschofenig@gmx.net> wrote:
> I also have to add ...
>
> If you define a new Diameter Application ID then you have to decide which
> application to use as a baseline. If you look at Section 5.1 of
> http://www.ietf.org/internet-drafts/draft-ietf-dime-mip6-split-16.txt then
> you see that the Mobile IPv6 specific AVPs are optional in the Command Code
> ABNF. Hence, building on EAP is probably not such a bad idea.

 Not sure to understand your comment. If we define a new App-Id we
won't build the application on Diameter EAP. It will be orthogonal.
What do you mean ?
>
> There is also the question how much you want to say about Mobile IPv6
> bootstrapping in the ERP document.

 Yes, Diameter ERP could be used along with Diameter EAP or Diameter
Mobile IPv6.

 Regards,

 Julien



>
> Ciao
> Hannes
>
>>-----Original Message-----
>>From: Julien Bournelle [mailto:julien.bournelle@gmail.com]
>>Sent: 04 March, 2009 12:03
>>To: Hannes Tschofenig
>>Cc: dime@ietf.org
>>Subject: Re: [Dime] DiME ERP: new Application ID or not ?
>>(non-roaming case)
>>
>>hi hannes,
>>
>> see inline,
>>
>>On Wed, Mar 4, 2009 at 9:14 AM, Hannes Tschofenig
>><Hannes.Tschofenig@gmx.net> wrote:
>>> Hi Julien,
>>>
>>> When we discussed this at the phone conference call (and the
>>> discussion is also captured in the meeting minutes) then I thought
>>> that the conclusion was to define a new Diameter application
>>for this exchange:
>>>
>>>
>>>   Peer               Authenticator                      Server
>>>   ====               =============                      ======
>>>
>>>    [<-- EAP-Initiate/ -----
>>>        Re-auth-Start]
>>>    [<-- EAP-Request/ ------
>>>        Identity]
>>>
>>>
>>>    ---- EAP-Initiate/ ----> ----AAA(EAP-Initiate/ ---------->
>>>          Re-auth/                  Re-auth/
>>>         [Bootstrap]              [Bootstrap])
>>>
>>>    <--- EAP-Finish/ ------> <---AAA(rMSK,EAP-Finish/---------
>>>          Re-auth/                   Re-auth/
>>>        [Bootstrap]                [Bootstrap])
>>>
>>>   Note: [] brackets indicate optionality.
>>>
>>>                          Figure 2: ERP Exchange
>>>
>>> (The server in the figure above is the HOKEY server, a dedicated
>>> entity.)
>>>
>>>
>>> The initial EAP authentication is left untouched and, as Glen
>>> explained us, there is the assumption that the AAA entities work
>>> together with the HOKEY servers in a non-standardized way.
>>To me that sounded like a good plan.
>>>
>>> Does this make any sense?
>>
>> Taking into accounts that we have one app-id for Diameter EAP
>>(I would say NASREQ-EAP) AND soon another app-id for Diameter
>>MIP6 (which also use EAP for authentication). It certainly
>>make sense to not reuse the same App-ID for ERP if we want to
>>use ERP for the mip6 case.
>>
>> Let's see if others have opinion.
>>
>> Regards,
>>
>> Julien
>>
>>>
>>>
>>> The non-HOKEY expert
>>> Hannes
>>>
>>> PS: I never said that this is specific document is going to
>>be trivial
>>> :-)
>>>
>>>>-----Original Message-----
>>>>From: dime-bounces@ietf.org [mailto:dime-bounces@ietf.org] On Behalf
>>>>Of Julien Bournelle
>>>>Sent: 04 March, 2009 09:05
>>>>To: dime@ietf.org
>>>>Subject: [Dime] DiME ERP: new Application ID or not ?
>>>>(non-roaming case)
>>>>
>>>>Hi all,
>>>>
>>>> we try to solve the issue concerning the need for a new
>>App-Id or not.
>>>>
>>>> The ERP protocol (RFC 5296) is to be used along with EAP. It
>>>>basically defines two new EAP codes and uses keying material derived
>>>>from a first EAP authentication.
>>>>
>>>> To start the discussion, let's take the non-roaming case.
>>>>
>>>> In non-roaming, we have first an EAP authentication using Diameter
>>>>EAP.
>>>> Then, for reauthentication using ERP, we have two messages
>>>>(Request/Response)  between NAS and the AAA/ERP server carrying EAP
>>>>packets
>>>>
>>>> See (http://tools.ietf.org/html/rfc5296#page-6)
>>>>
>>>> So, either we reuse the Diameter EAP Application (DER/DEA) or we
>>>>define a new Diameter Application.
>>>>
>>>> If we use a new Diameter Application, a new Diameter
>>session will be
>>>>created and eventually a new Diameter server will be reached. What
>>>>bothers me in this case is that we basically perform a
>>>>reauthentication for the same session which is primarly
>>handled at the
>>>>AAA/EAP server. So, i'm wondering what happens concerning
>>>>Authorization Lifetime session etc..
>>>>
>>>> Note that I still don't have strong opinion and I'll be
>>glad to hear
>>>>opinions from others.
>>>>
>>>> Regards,
>>>>
>>>> Julien
>>>>_______________________________________________
>>>>DiME mailing list
>>>>DiME@ietf.org
>>>>https://www.ietf.org/mailman/listinfo/dime
>>>>
>>>
>>>
>>
>
>

v2.23.0 | Report a Bug | By Email