Re: [Dime] Review of draft-ietf-dime-local-keytran-03

"Glen Zorn" <gwz@net-zen.net> Thu, 13 May 2010 05:34 UTC

Return-Path: <gwz@net-zen.net>
X-Original-To: dime@core3.amsl.com
Delivered-To: dime@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4488B3A6A63 for <dime@core3.amsl.com>; Wed, 12 May 2010 22:34:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.122
X-Spam-Level:
X-Spam-Status: No, score=-0.122 tagged_above=-999 required=5 tests=[AWL=-0.123, BAYES_50=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vp57D7ru622A for <dime@core3.amsl.com>; Wed, 12 May 2010 22:33:59 -0700 (PDT)
Received: from smtpauth20.prod.mesa1.secureserver.net (smtpauth20.prod.mesa1.secureserver.net [64.202.165.36]) by core3.amsl.com (Postfix) with SMTP id A57963A6830 for <dime@ietf.org>; Wed, 12 May 2010 22:30:25 -0700 (PDT)
Received: (qmail 15754 invoked from network); 13 May 2010 05:29:56 -0000
Received: from unknown (111.84.45.212) by smtpauth20.prod.mesa1.secureserver.net (64.202.165.36) with ESMTP; 13 May 2010 05:29:44 -0000
From: Glen Zorn <gwz@net-zen.net>
To: "'Joseph Salowey (jsalowey)'" <jsalowey@cisco.com>
References: <AC1CFD94F59A264488DC2BEC3E890DE50A43AE83@xmb-sjc-225.amer.cisco.com> <00b701caedc5$92e4d150$b8ae73f0$@net> <AC1CFD94F59A264488DC2BEC3E890DE50A554125@xmb-sjc-225.amer.cisco.com>
In-Reply-To: <AC1CFD94F59A264488DC2BEC3E890DE50A554125@xmb-sjc-225.amer.cisco.com>
Date: Thu, 13 May 2010 12:29:19 +0700
Organization: Network Zen
Message-ID: <000401caf25d$420b7d50$c62277f0$@net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: Acrtl12sPac6N9K9TPSXykaaNEhQSwALJAvAAQtx3wAAGpQIAA==
Content-Language: en-us
Cc: dime@ietf.org
Subject: Re: [Dime] Review of draft-ietf-dime-local-keytran-03
X-BeenThere: dime@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Diameter Maintanence and Extentions Working Group <dime.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dime>, <mailto:dime-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dime>
List-Post: <mailto:dime@ietf.org>
List-Help: <mailto:dime-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dime>, <mailto:dime-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 May 2010 05:34:02 -0000

Joseph Salowey (jsalowey) [mailto:jsalowey@cisco.com] writes:

> > 1.       Key types -  The document lists USRK and DSUSRK as key types.
> > These are a class of keys and do not necessarily refer to a specific
> > application.  How would one represent different USRKs for different
> > usages?  Are rMSK and rRK examples of USRKs?
> >
> > Any recommendations?
> 
> [Joe] Right now key type is representing both a class of key
> (USRK,DSUSRK,etc) and a specific application and usage of key material
> (rMSK and rRK).    For example an rRK may either be a USRK or a DSUSRK.
> There are several ways you could do this differently.
> 
> a) Flatten out the space - get rid of USRK, DSUSRK - include rRK, rMSK,
> MSK, DSRK, IKEv2 PSK.  Add a domain AVP that would be included if the
> key is a DSRK or an instance of a DSUSRK.  This would contain the domain
> that was used in the key derivation (perhaps this is always know, but
> maybe a server can server more than one domain).

Tom Taylor mentioned this as well but I am still puzzled by it: in what
scenario could this occur?  AFAIK all the keys are bound to a particular
session which is itself bound to a particular access point.  What am I
missing?

...

> > 4.       Key-SPI - is there a particular example for a usage of this?
> > How does it differ from key ID?
> >
> > Check
> https://datatracker.ietf.org/doc/draft-ietf-dime-ikev2-psk-diameter/
> > <https://datatracker.ietf.org/doc/draft-ietf-dime-ikev2-psk-diameter/>
> .
> > In fact, this AVP was added in response to a request from the authors
> of
> > that draft, so that they remove the key-related stuff from that
> document
> > (which is, unfortunately, yet to be updated).
> >
> [Joe] The draft should probably include reference to this work.

OK.  BTW, I apparently misspoke: draft-ietf-dime-ikev2-psk-diameter actually
was updated to remove the key-related stuff & reference our draft some time
ago.  Sorry for any confusion!

...