Re: [Dime] DiME ERP: new Application ID or not ? (non-roaming case)
"Hannes Tschofenig" <Hannes.Tschofenig@gmx.net> Tue, 10 March 2009 15:05 UTC
Return-Path: <Hannes.Tschofenig@gmx.net>
X-Original-To: dime@core3.amsl.com
Delivered-To: dime@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 995033A699D for <dime@core3.amsl.com>; Tue, 10 Mar 2009 08:05:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.334
X-Spam-Level:
X-Spam-Status: No, score=-2.334 tagged_above=-999 required=5 tests=[AWL=0.265, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Kp40Vsd3auoQ for <dime@core3.amsl.com>; Tue, 10 Mar 2009 08:05:57 -0700 (PDT)
Received: from mail.gmx.net (mail.gmx.net [213.165.64.20]) by core3.amsl.com (Postfix) with SMTP id 138063A6946 for <dime@ietf.org>; Tue, 10 Mar 2009 08:05:56 -0700 (PDT)
Received: (qmail invoked by alias); 10 Mar 2009 15:06:31 -0000
Received: from a91-154-108-144.elisa-laajakaista.fi (EHLO 4FIL42860) [91.154.108.144] by mail.gmx.net (mp065) with SMTP; 10 Mar 2009 16:06:31 +0100
X-Authenticated: #29516787
X-Provags-ID: V01U2FsdGVkX18azoglgm8awuUm/bFSjkdMZAwaHA+TMmyOLp7yvS OGvCOAyyT3dywY
From: Hannes Tschofenig <Hannes.Tschofenig@gmx.net>
To: 'Julien Bournelle' <julien.bournelle@gmail.com>
References: <5e2406980903032305k48ad83b7r1015e61c6ed983ae@mail.gmail.com> <020e01c99ca1$3b704150$2fb4b70a@nsnintra.net> <5e2406980903040203i26ab161bs3f221dc4ac03ed7@mail.gmail.com> <021601c99f18$ee622250$0201a8c0@nsnintra.net> <5e2406980903100314ycaf2a26mebff07d6e8ad395a@mail.gmail.com>
Date: Tue, 10 Mar 2009 17:07:37 +0200
Message-ID: <07bc01c9a191$f31c2e50$0201a8c0@nsnintra.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Office Outlook 11
In-Reply-To: <5e2406980903100314ycaf2a26mebff07d6e8ad395a@mail.gmail.com>
Thread-Index: AcmhaPcIlcqzYb4FTD+11cMc8vn4qQAKGjOw
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3350
X-Y-GMX-Trusted: 0
X-FuHaFi: 0.5
Cc: dime@ietf.org
Subject: Re: [Dime] DiME ERP: new Application ID or not ? (non-roaming case)
X-BeenThere: dime@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Diameter Maintanence and Extentions Working Group <dime.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dime>, <mailto:dime-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dime>
List-Post: <mailto:dime@ietf.org>
List-Help: <mailto:dime-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dime>, <mailto:dime-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Mar 2009 15:05:58 -0000
Hi Julien >Hi hannes, > >On Sat, Mar 7, 2009 at 12:36 PM, Hannes Tschofenig ><Hannes.Tschofenig@gmx.net> wrote: >> I also have to add ... >> >> If you define a new Diameter Application ID then you have to decide >> which application to use as a baseline. If you look at >Section 5.1 of >> >http://www.ietf.org/internet-drafts/draft-ietf-dime-mip6-split-16.txt >> then you see that the Mobile IPv6 specific AVPs are optional in the >> Command Code ABNF. Hence, building on EAP is probably not >such a bad idea. > > Not sure to understand your comment. If we define a new >App-Id we won't build the application on Diameter EAP. It will >be orthogonal. >What do you mean ? When you register a new Diameter Application ID then you need to decide * what Command Codes are needed * what AVPs are carried inside these Command Codes. Many past Diameter application designs have answered that question in way that they said: I re-use an existing application and extend it. This is essentially what I am suggesting here. You could build your new application on top of Diameter Mobile IPv6 IKE (which is Diameter EAP + Mobility AVPs) + your own ERP AVPs. >> >> There is also the question how much you want to say about >Mobile IPv6 >> bootstrapping in the ERP document. > > Yes, Diameter ERP could be used along with Diameter EAP or >Diameter Mobile IPv6. Ciao Hannes > > Regards, > > Julien > > > >> >> Ciao >> Hannes >> >>>-----Original Message----- >>>From: Julien Bournelle [mailto:julien.bournelle@gmail.com] >>>Sent: 04 March, 2009 12:03 >>>To: Hannes Tschofenig >>>Cc: dime@ietf.org >>>Subject: Re: [Dime] DiME ERP: new Application ID or not ? >>>(non-roaming case) >>> >>>hi hannes, >>> >>> see inline, >>> >>>On Wed, Mar 4, 2009 at 9:14 AM, Hannes Tschofenig >>><Hannes.Tschofenig@gmx.net> wrote: >>>> Hi Julien, >>>> >>>> When we discussed this at the phone conference call (and the >>>> discussion is also captured in the meeting minutes) then I thought >>>> that the conclusion was to define a new Diameter application >>>for this exchange: >>>> >>>> >>>> Peer Authenticator Server >>>> ==== ============= ====== >>>> >>>> [<-- EAP-Initiate/ ----- >>>> Re-auth-Start] >>>> [<-- EAP-Request/ ------ >>>> Identity] >>>> >>>> >>>> ---- EAP-Initiate/ ----> ----AAA(EAP-Initiate/ ----------> >>>> Re-auth/ Re-auth/ >>>> [Bootstrap] [Bootstrap]) >>>> >>>> <--- EAP-Finish/ ------> <---AAA(rMSK,EAP-Finish/--------- >>>> Re-auth/ Re-auth/ >>>> [Bootstrap] [Bootstrap]) >>>> >>>> Note: [] brackets indicate optionality. >>>> >>>> Figure 2: ERP Exchange >>>> >>>> (The server in the figure above is the HOKEY server, a dedicated >>>> entity.) >>>> >>>> >>>> The initial EAP authentication is left untouched and, as Glen >>>> explained us, there is the assumption that the AAA entities work >>>> together with the HOKEY servers in a non-standardized way. >>>To me that sounded like a good plan. >>>> >>>> Does this make any sense? >>> >>> Taking into accounts that we have one app-id for Diameter EAP (I >>>would say NASREQ-EAP) AND soon another app-id for Diameter >>>MIP6 (which also use EAP for authentication). It certainly >make sense >>>to not reuse the same App-ID for ERP if we want to use ERP for the >>>mip6 case. >>> >>> Let's see if others have opinion. >>> >>> Regards, >>> >>> Julien >>> >>>> >>>> >>>> The non-HOKEY expert >>>> Hannes >>>> >>>> PS: I never said that this is specific document is going to >>>be trivial >>>> :-) >>>> >>>>>-----Original Message----- >>>>>From: dime-bounces@ietf.org [mailto:dime-bounces@ietf.org] >On Behalf >>>>>Of Julien Bournelle >>>>>Sent: 04 March, 2009 09:05 >>>>>To: dime@ietf.org >>>>>Subject: [Dime] DiME ERP: new Application ID or not ? >>>>>(non-roaming case) >>>>> >>>>>Hi all, >>>>> >>>>> we try to solve the issue concerning the need for a new >>>App-Id or not. >>>>> >>>>> The ERP protocol (RFC 5296) is to be used along with EAP. It >>>>>basically defines two new EAP codes and uses keying >material derived >>>>>from a first EAP authentication. >>>>> >>>>> To start the discussion, let's take the non-roaming case. >>>>> >>>>> In non-roaming, we have first an EAP authentication using >Diameter >>>>>EAP. >>>>> Then, for reauthentication using ERP, we have two messages >>>>>(Request/Response) between NAS and the AAA/ERP server >carrying EAP >>>>>packets >>>>> >>>>> See (http://tools.ietf.org/html/rfc5296#page-6) >>>>> >>>>> So, either we reuse the Diameter EAP Application (DER/DEA) or we >>>>>define a new Diameter Application. >>>>> >>>>> If we use a new Diameter Application, a new Diameter >>>session will be >>>>>created and eventually a new Diameter server will be reached. What >>>>>bothers me in this case is that we basically perform a >>>>>reauthentication for the same session which is primarly >>>handled at the >>>>>AAA/EAP server. So, i'm wondering what happens concerning >>>>>Authorization Lifetime session etc.. >>>>> >>>>> Note that I still don't have strong opinion and I'll be >>>glad to hear >>>>>opinions from others. >>>>> >>>>> Regards, >>>>> >>>>> Julien >>>>>_______________________________________________ >>>>>DiME mailing list >>>>>DiME@ietf.org >>>>>https://www.ietf.org/mailman/listinfo/dime >>>>> >>>> >>>> >>> >> >> >
- [Dime] DiME ERP: new Application ID or not ? (non… Julien Bournelle
- Re: [Dime] DiME ERP: new Application ID or not ? … Hannes Tschofenig
- Re: [Dime] DiME ERP: new Application ID or not ? … Julien Bournelle
- Re: [Dime] DiME ERP: new Application ID or not ? … Tschofenig, Hannes (NSN - FI/Espoo)
- Re: [Dime] DiME ERP: new Application ID or not ? … Hannes Tschofenig
- Re: [Dime] DiME ERP: new Application ID or not ? … Julien Bournelle
- Re: [Dime] DiME ERP: new Application ID or not ? … Hannes Tschofenig
- Re: [Dime] DiME ERP: new Application ID or not ? … Glen Zorn
- Re: [Dime] [HOKEY] DiME ERP: new Application ID o… Hannes Tschofenig
- Re: [Dime] [HOKEY] DiME ERP: new Application ID o… Qin Wu
- Re: [Dime] [HOKEY] DiME ERP: new Application ID o… Julien Bournelle
- Re: [Dime] [HOKEY] DiME ERP: new Application ID o… Hannes Tschofenig
- Re: [Dime] [HOKEY] DiME ERP: new Application ID o… Qin Wu
- Re: [Dime] [HOKEY] DiME ERP: new Application ID o… Julien Bournelle
- Re: [Dime] [HOKEY] DiME ERP: new Application ID o… Julien Bournelle
- Re: [Dime] [HOKEY] DiME ERP: new Application ID o… Julien Bournelle
- Re: [Dime] [HOKEY] DiME ERP: new Application ID o… Qin Wu
- Re: [Dime] [HOKEY] DiME ERP: new Application ID o… Hannes Tschofenig
- Re: [Dime] [HOKEY] DiME ERP: new Application ID o… Hannes Tschofenig
- [Dime] DiME ERP - Getting the message flows right Hannes Tschofenig
- Re: [Dime] [HOKEY] DiME ERP: new Application ID o… Qin Wu
- Re: [Dime] [HOKEY] DiME ERP: new Application ID o… Qin Wu
- Re: [Dime] DiME ERP - Getting the message flows r… Sebastien Decugis
- Re: [Dime] [HOKEY] DiME ERP: new Application ID o… Sebastien Decugis
- Re: [Dime] DiME ERP - Getting the message flows r… Qin Wu
- Re: [Dime] DiME ERP - Getting the message flows r… Hannes Tschofenig
- Re: [Dime] DiME ERP - Getting the message flows r… Hannes Tschofenig
- Re: [Dime] [HOKEY] DiME ERP: new Application ID o… Qin Wu
- Re: [Dime] DiME ERP - Getting the message flows r… Behcet Sarikaya
- Re: [Dime] DiME ERP - Getting the message flows r… Hannes Tschofenig
- Re: [Dime] [HOKEY] DiME ERP: new Application ID o… Sebastien Decugis
- Re: [Dime] DiME ERP - Getting the message flows r… Sebastien Decugis
- Re: [Dime] DiME ERP - Getting the message flows r… Sebastien Decugis
- Re: [Dime] DiME ERP - Getting the message flows r… Tschofenig, Hannes (NSN - FI/Espoo)
- Re: [Dime] [HOKEY] DiME ERP: new Application ID o… Qin Wu