Re: [Emu] FW: New Version Notification for draft-cam-winget-eap-tlv-00
ncamwing <ncamwing@cisco.com> Tue, 16 March 2010 18:49 UTC
Return-Path: <ncamwing@cisco.com>
X-Original-To: emu@core3.amsl.com
Delivered-To: emu@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 429ED3A67A8 for <emu@core3.amsl.com>; Tue, 16 Mar 2010 11:49:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.834
X-Spam-Level:
X-Spam-Status: No, score=-7.834 tagged_above=-999 required=5 tests=[AWL=-0.698, BAYES_00=-2.599, MIME_QP_LONG_LINE=1.396, RCVD_IN_DNSWL_HI=-8, RCVD_NUMERIC_HELO=2.067]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kBsww7C5UB5a for <emu@core3.amsl.com>; Tue, 16 Mar 2010 11:49:53 -0700 (PDT)
Received: from sj-iport-5.cisco.com (sj-iport-5.cisco.com [171.68.10.87]) by core3.amsl.com (Postfix) with ESMTP id 1A4853A6A9B for <emu@ietf.org>; Tue, 16 Mar 2010 11:49:53 -0700 (PDT)
Authentication-Results: sj-iport-5.cisco.com; dkim=neutral (message not signed) header.i=none
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AiIFAPJvn0urR7Ht/2dsb2JhbACaJlwCc6IomHuEeASDGogQ
X-IronPort-AV: E=Sophos;i="4.49,651,1262563200"; d="scan'208";a="167183699"
Received: from sj-core-1.cisco.com ([171.71.177.237]) by sj-iport-5.cisco.com with ESMTP; 16 Mar 2010 18:50:02 +0000
Received: from xbh-sjc-231.amer.cisco.com (xbh-sjc-231.cisco.com [128.107.191.100]) by sj-core-1.cisco.com (8.13.8/8.14.3) with ESMTP id o2GInmX2005814; Tue, 16 Mar 2010 18:49:59 GMT
Received: from xmb-sjc-21e.amer.cisco.com ([171.70.151.156]) by xbh-sjc-231.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.3959); Tue, 16 Mar 2010 11:49:58 -0700
Received: from 171.69.152.56 ([171.69.152.56]) by xmb-sjc-21e.amer.cisco.com ([171.70.151.156]) with Microsoft Exchange Server HTTP-DAV ; Tue, 16 Mar 2010 18:49:58 +0000
User-Agent: Microsoft-Entourage/12.24.0.100205
Date: Tue, 16 Mar 2010 11:49:56 -0700
From: ncamwing <ncamwing@cisco.com>
To: Stephen McCann <mccann.stephen@googlemail.com>, emu@ietf.org
Message-ID: <C7C520E4.1ACB1%ncamwing@cisco.com>
Thread-Topic: [Emu] FW: New Version Notification for draft-cam-winget-eap-tlv-00
Thread-Index: AcrFOXiQI9tUOC4b4E2NsIEe3wn5Vw==
In-Reply-To: <a8dcb8d81001250242j230570a1uf899b01b7c7c60bd@mail.gmail.com>
Mime-version: 1.0
Content-type: text/plain; charset="ISO-8859-1"
Content-transfer-encoding: quoted-printable
X-OriginalArrivalTime: 16 Mar 2010 18:49:58.0427 (UTC) FILETIME=[7A0276B0:01CAC539]
Subject: Re: [Emu] FW: New Version Notification for draft-cam-winget-eap-tlv-00
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/emu>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Mar 2010 18:49:54 -0000
Hi Stephen, Thank you for the review and feedback (and apologies for the delayed response!). Since we'll be at the IETF next week, perhaps we can meet live so that we can clarify how to clarify NAK vs. Error TLVs for the next version of the draft? Please see inline for answers/comments: On 1/25/10 2:42 AM, "Stephen McCann" <mccann.stephen@googlemail.com> wrote: > Nancy, > I've reviewed > http://www.ietf.org/id/draft-cam-winget-eap-tlv-00.txt and have the > following comments: > > 1) Is the intention to make the TLV types administered by IANA? > Doesn¹t there have to be a request in this draft? (I¹m not sure, but I > just wanted to know?) [NCW] Yes, that is the intent and we can clarify that in the IANA section if it not so.... > > 2) I don¹t think you really need a result TLV. In my opinion, it would > be better to minimize the TLV¹s defined in this draft and leave > ³result² or other functionality to the RFC that defines the additional > TLV types. That way this simply focuses on using EAP to transport > these TLV¹s. [NCW] That is fine, I think we meant to leave it out as we do not explicitly define one in the draft, though text does suggest the use of one. I think one of the issues to consider is the state machine of the tunnel method and whether the state machine needs to know when to "conclude" (as well as allowing for a "protected" EAP success) which is why there is the suggestion for the need of some such explicit TLV....but we can consider alternate ways in which to proceed other that a result TLV. > > 3) Do you really need Error TLV? Or could you combine NAK and Error > TLV? Take the example of an EAP-Request containing 2 vendor-specific > TLV¹s. Let¹s say one can be processed and the other cannot. How do I > use the ³error TLV²? It might be better to define error fields within > the TLV and use NAK as an error type. [NCW] I think the subtle difference is NAK is more of negotiation(?) status to signal which TLVs were not supported vs Error is used for interpretation of the TLVs themselves that could affect the overall EAP state machine. So, in your example above, NAK would be used to specify which TLV was not supported but not affect the flow or EAP state machine, whereas the Error TLV may. >From the current draft, the Error TLV only provides an Error code whereas NAK includes a list of TLVs....but I am open to suggestions in how to merge these. Would be happy to meet face to face next week so we can resolve this one. > > 4) Do the TLV frames have a maximum length? [NCW] They are inherently limited based on the TLV length field (2bytes) so the TLV can only be a max of 2^16 > > 5) What are Result TLVs? Is this a typo? [NCW] Yes, that is a typo and will fix in the next revision. > > Kind regards > > Stephen > > > 2010/1/20 ncamwing <ncamwing@cisco.com>: >> Dear Colleagues, >> >> As there have been discussions on how to carry data (such as crypto-binding, >> channel data, result indication and posture assessment >> as defined by the NEA group) beyond authentication methods inside an EAP >> tunnel, we have submitted a proposal for using a TLV container to type and >> transport such data; the draft is referenced below. >> >> We would appreciate all comments. >> >> Thanks, >> Nancy. >> >> >> >> >> >> ------ Forwarded Message >> From: IETF I-D Submission Tool <idsubmission@ietf.org> >> Date: Mon, 4 Jan 2010 15:04:12 -0800 (PST) >> To: Hao Zhou <hzhou@cisco.com> >> Cc: Nancy Cam-Winget <ncamwing@cisco.com> >> Subject: New Version Notification for draft-cam-winget-eap-tlv-00 >> >> >> A new version of I-D, draft-cam-winget-eap-tlv-00.txt has been successfuly >> submitted by Hao Zhou and posted to the IETF repository. >> >> Filename: draft-cam-winget-eap-tlv >> Revision: 00 >> Title: EAP Type-Length-Value Container >> Creation_date: 2010-01-05 >> WG ID: Independent Submission >> Number_of_pages: 11 >> >> Abstract: >> The Extensible Authentication Protocol (EAP), defined in RFC 3748, >> facilitates multiple authentication methods that are widely deployed >> today. As tunnel mechanisms become more prevalent, there has been >> interest in carrying other types of data between the EAP Peer and the >> EAP server. Existing tunnel EAP methods have already defined generic >> data structures to carry such information. >> >> This document defines a generic TLV "container" that can be used >> within an EAP method. >> >> Status of this Memo >> >> This Internet-Draft is submitted to IETF in full conformance with the >> provisions of BCP 78 and BCP 79. >> >> Internet-Drafts are working documents of the Internet Engineering >> Task Force (IETF), its areas, and its working groups. Note that >> other groups may also distribute working documents as Internet- >> Drafts. >> >> Internet-Drafts are draft documents valid for a maximum of six months >> and may be updated, replaced, or obsoleted by other documents at any >> time. It is inappropriate to use Internet-Drafts as reference >> material or to cite them other than as "work in progress." >> >> The list of current Internet-Drafts can be accessed at >> http://www.ietf.org/ietf/1id-abstracts.txt. >> >> The list of Internet-Draft Shadow Directories can be accessed at >> http://www.ietf.org/shadow.html. >> >> This Internet-Draft will expire on July 9, 2010. >> >> Copyright Notice >> >> Copyright (c) 2010 IETF Trust and the persons identified as the >> document authors. All rights reserved. >> This document is subject to BCP 78 and the IETF Trust's Legal >> Provisions Relating to IETF Documents >> (http://trustee.ietf.org/license-info) in effect on the date of >> publication of this document. Please review these documents >> carefully, as they describe your rights and restrictions with respect >> to this document. Code Components extracted from this document must >> include Simplified BSD License text as described in Section 4.e of >> the Trust Legal Provisions and are provided without warranty as >> described in the BSD License. >> >> >> >> The IETF Secretariat. >> >> >> >> ------ End of Forwarded Message >> >> _______________________________________________ >> Emu mailing list >> Emu@ietf.org >> https://www.ietf.org/mailman/listinfo/emu >> --