Re: [Dime] DiME ERP: new Application ID or not ? (non-roaming case)
"Hannes Tschofenig" <Hannes.Tschofenig@gmx.net> Sat, 07 March 2009 11:34 UTC
Return-Path: <Hannes.Tschofenig@gmx.net>
X-Original-To: dime@core3.amsl.com
Delivered-To: dime@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9CD843A6885 for <dime@core3.amsl.com>; Sat, 7 Mar 2009 03:34:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.345
X-Spam-Level:
X-Spam-Status: No, score=-2.345 tagged_above=-999 required=5 tests=[AWL=0.254, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B5PKsuo2IbkJ for <dime@core3.amsl.com>; Sat, 7 Mar 2009 03:34:43 -0800 (PST)
Received: from mail.gmx.net (mail.gmx.net [213.165.64.20]) by core3.amsl.com (Postfix) with SMTP id 3BFB23A699D for <dime@ietf.org>; Sat, 7 Mar 2009 03:34:42 -0800 (PST)
Received: (qmail invoked by alias); 07 Mar 2009 11:35:13 -0000
Received: from a91-154-108-144.elisa-laajakaista.fi (EHLO 4FIL42860) [91.154.108.144] by mail.gmx.net (mp015) with SMTP; 07 Mar 2009 12:35:13 +0100
X-Authenticated: #29516787
X-Provags-ID: V01U2FsdGVkX19RUqdlRCVRIrrXCBZnx+6P1sSS4JAA4+c/uJNph1 8F4fRgdOBiPj2h
From: Hannes Tschofenig <Hannes.Tschofenig@gmx.net>
To: 'Julien Bournelle' <julien.bournelle@gmail.com>
References: <5e2406980903032305k48ad83b7r1015e61c6ed983ae@mail.gmail.com> <020e01c99ca1$3b704150$2fb4b70a@nsnintra.net> <5e2406980903040203i26ab161bs3f221dc4ac03ed7@mail.gmail.com>
Date: Sat, 07 Mar 2009 13:36:17 +0200
Message-ID: <021601c99f18$ee622250$0201a8c0@nsnintra.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Office Outlook 11
Thread-Index: AcmcsHizGa06V29eRmCTub5khVECOQCZiQ9g
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3350
In-Reply-To: <5e2406980903040203i26ab161bs3f221dc4ac03ed7@mail.gmail.com>
X-Y-GMX-Trusted: 0
X-FuHaFi: 0.5
Cc: dime@ietf.org
Subject: Re: [Dime] DiME ERP: new Application ID or not ? (non-roaming case)
X-BeenThere: dime@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Diameter Maintanence and Extentions Working Group <dime.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dime>, <mailto:dime-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dime>
List-Post: <mailto:dime@ietf.org>
List-Help: <mailto:dime-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dime>, <mailto:dime-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 07 Mar 2009 11:34:44 -0000
I also have to add ... If you define a new Diameter Application ID then you have to decide which application to use as a baseline. If you look at Section 5.1 of http://www.ietf.org/internet-drafts/draft-ietf-dime-mip6-split-16.txt then you see that the Mobile IPv6 specific AVPs are optional in the Command Code ABNF. Hence, building on EAP is probably not such a bad idea. There is also the question how much you want to say about Mobile IPv6 bootstrapping in the ERP document. Ciao Hannes >-----Original Message----- >From: Julien Bournelle [mailto:julien.bournelle@gmail.com] >Sent: 04 March, 2009 12:03 >To: Hannes Tschofenig >Cc: dime@ietf.org >Subject: Re: [Dime] DiME ERP: new Application ID or not ? >(non-roaming case) > >hi hannes, > > see inline, > >On Wed, Mar 4, 2009 at 9:14 AM, Hannes Tschofenig ><Hannes.Tschofenig@gmx.net> wrote: >> Hi Julien, >> >> When we discussed this at the phone conference call (and the >> discussion is also captured in the meeting minutes) then I thought >> that the conclusion was to define a new Diameter application >for this exchange: >> >> >> Peer Authenticator Server >> ==== ============= ====== >> >> [<-- EAP-Initiate/ ----- >> Re-auth-Start] >> [<-- EAP-Request/ ------ >> Identity] >> >> >> ---- EAP-Initiate/ ----> ----AAA(EAP-Initiate/ ----------> >> Re-auth/ Re-auth/ >> [Bootstrap] [Bootstrap]) >> >> <--- EAP-Finish/ ------> <---AAA(rMSK,EAP-Finish/--------- >> Re-auth/ Re-auth/ >> [Bootstrap] [Bootstrap]) >> >> Note: [] brackets indicate optionality. >> >> Figure 2: ERP Exchange >> >> (The server in the figure above is the HOKEY server, a dedicated >> entity.) >> >> >> The initial EAP authentication is left untouched and, as Glen >> explained us, there is the assumption that the AAA entities work >> together with the HOKEY servers in a non-standardized way. >To me that sounded like a good plan. >> >> Does this make any sense? > > Taking into accounts that we have one app-id for Diameter EAP >(I would say NASREQ-EAP) AND soon another app-id for Diameter >MIP6 (which also use EAP for authentication). It certainly >make sense to not reuse the same App-ID for ERP if we want to >use ERP for the mip6 case. > > Let's see if others have opinion. > > Regards, > > Julien > >> >> >> The non-HOKEY expert >> Hannes >> >> PS: I never said that this is specific document is going to >be trivial >> :-) >> >>>-----Original Message----- >>>From: dime-bounces@ietf.org [mailto:dime-bounces@ietf.org] On Behalf >>>Of Julien Bournelle >>>Sent: 04 March, 2009 09:05 >>>To: dime@ietf.org >>>Subject: [Dime] DiME ERP: new Application ID or not ? >>>(non-roaming case) >>> >>>Hi all, >>> >>> we try to solve the issue concerning the need for a new >App-Id or not. >>> >>> The ERP protocol (RFC 5296) is to be used along with EAP. It >>>basically defines two new EAP codes and uses keying material derived >>>from a first EAP authentication. >>> >>> To start the discussion, let's take the non-roaming case. >>> >>> In non-roaming, we have first an EAP authentication using Diameter >>>EAP. >>> Then, for reauthentication using ERP, we have two messages >>>(Request/Response) between NAS and the AAA/ERP server carrying EAP >>>packets >>> >>> See (http://tools.ietf.org/html/rfc5296#page-6) >>> >>> So, either we reuse the Diameter EAP Application (DER/DEA) or we >>>define a new Diameter Application. >>> >>> If we use a new Diameter Application, a new Diameter >session will be >>>created and eventually a new Diameter server will be reached. What >>>bothers me in this case is that we basically perform a >>>reauthentication for the same session which is primarly >handled at the >>>AAA/EAP server. So, i'm wondering what happens concerning >>>Authorization Lifetime session etc.. >>> >>> Note that I still don't have strong opinion and I'll be >glad to hear >>>opinions from others. >>> >>> Regards, >>> >>> Julien >>>_______________________________________________ >>>DiME mailing list >>>DiME@ietf.org >>>https://www.ietf.org/mailman/listinfo/dime >>> >> >> >
- [Dime] DiME ERP: new Application ID or not ? (non… Julien Bournelle
- Re: [Dime] DiME ERP: new Application ID or not ? … Hannes Tschofenig
- Re: [Dime] DiME ERP: new Application ID or not ? … Julien Bournelle
- Re: [Dime] DiME ERP: new Application ID or not ? … Tschofenig, Hannes (NSN - FI/Espoo)
- Re: [Dime] DiME ERP: new Application ID or not ? … Hannes Tschofenig
- Re: [Dime] DiME ERP: new Application ID or not ? … Julien Bournelle
- Re: [Dime] DiME ERP: new Application ID or not ? … Hannes Tschofenig
- Re: [Dime] DiME ERP: new Application ID or not ? … Glen Zorn
- Re: [Dime] [HOKEY] DiME ERP: new Application ID o… Hannes Tschofenig
- Re: [Dime] [HOKEY] DiME ERP: new Application ID o… Qin Wu
- Re: [Dime] [HOKEY] DiME ERP: new Application ID o… Julien Bournelle
- Re: [Dime] [HOKEY] DiME ERP: new Application ID o… Hannes Tschofenig
- Re: [Dime] [HOKEY] DiME ERP: new Application ID o… Qin Wu
- Re: [Dime] [HOKEY] DiME ERP: new Application ID o… Julien Bournelle
- Re: [Dime] [HOKEY] DiME ERP: new Application ID o… Julien Bournelle
- Re: [Dime] [HOKEY] DiME ERP: new Application ID o… Julien Bournelle
- Re: [Dime] [HOKEY] DiME ERP: new Application ID o… Qin Wu
- Re: [Dime] [HOKEY] DiME ERP: new Application ID o… Hannes Tschofenig
- Re: [Dime] [HOKEY] DiME ERP: new Application ID o… Hannes Tschofenig
- [Dime] DiME ERP - Getting the message flows right Hannes Tschofenig
- Re: [Dime] [HOKEY] DiME ERP: new Application ID o… Qin Wu
- Re: [Dime] [HOKEY] DiME ERP: new Application ID o… Qin Wu
- Re: [Dime] DiME ERP - Getting the message flows r… Sebastien Decugis
- Re: [Dime] [HOKEY] DiME ERP: new Application ID o… Sebastien Decugis
- Re: [Dime] DiME ERP - Getting the message flows r… Qin Wu
- Re: [Dime] DiME ERP - Getting the message flows r… Hannes Tschofenig
- Re: [Dime] DiME ERP - Getting the message flows r… Hannes Tschofenig
- Re: [Dime] [HOKEY] DiME ERP: new Application ID o… Qin Wu
- Re: [Dime] DiME ERP - Getting the message flows r… Behcet Sarikaya
- Re: [Dime] DiME ERP - Getting the message flows r… Hannes Tschofenig
- Re: [Dime] [HOKEY] DiME ERP: new Application ID o… Sebastien Decugis
- Re: [Dime] DiME ERP - Getting the message flows r… Sebastien Decugis
- Re: [Dime] DiME ERP - Getting the message flows r… Sebastien Decugis
- Re: [Dime] DiME ERP - Getting the message flows r… Tschofenig, Hannes (NSN - FI/Espoo)
- Re: [Dime] [HOKEY] DiME ERP: new Application ID o… Qin Wu