IETF Logo Mail Archive

Re: [HOKEY] ERX-12 -- Please review changes

Lakshminath Dondeti <ldondeti@qualcomm.com> Tue, 26 February 2008 01:47 UTC

Return-Path: <hokey-bounces@ietf.org>
X-Original-To: ietfarch-hokey-archive@core3.amsl.com
Delivered-To: ietfarch-hokey-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8CE2D28CBEB; Mon, 25 Feb 2008 17:47:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.154
X-Spam-Level:
X-Spam-Status: No, score=-2.154 tagged_above=-999 required=5 tests=[AWL=-1.717, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UtvpeFz190MP; Mon, 25 Feb 2008 17:47:24 -0800 (PST)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AAFCB3A6EC0; Mon, 25 Feb 2008 17:38:37 -0800 (PST)
X-Original-To: hokey@core3.amsl.com
Delivered-To: hokey@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 724A03A6B62 for <hokey@core3.amsl.com>; Mon, 25 Feb 2008 17:38:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VO5yRom5paZz for <hokey@core3.amsl.com>; Mon, 25 Feb 2008 17:38:36 -0800 (PST)
Received: from wolverine01.qualcomm.com (wolverine01.qualcomm.com [199.106.114.254]) by core3.amsl.com (Postfix) with ESMTP id B026728C5E8 for <hokey@ietf.org>; Mon, 25 Feb 2008 17:31:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=qualcomm.com; i=ldondeti@qualcomm.com; q=dns/txt; s=qcdkim; t=1203989472; x=1235525472; h=message-id:date:from:user-agent:mime-version:to:cc: subject:references:in-reply-to:content-type: content-transfer-encoding:x-ironport-av; z=Message-ID:=20<47C36BDC.6010909@qualcomm.com>|Date:=20Mo n,=2025=20Feb=202008=2017:31:08=20-0800|From:=20Lakshmina th=20Dondeti=20<ldondeti@qualcomm.com>|User-Agent:=20Thun derbird=202.0.0.9=20(Windows/20071031)|MIME-Version:=201. 0|To:=20Bernard=20Aboba=20<bernard_aboba@hotmail.com>|CC: =20Jari=20Arkko=20<jari.arkko@piuha.net>,=20Glen=20Zorn =20<gzorn@arubanetworks.com>,=0D=0A=20=20=20=20=20=20=20 =20Sam=20Hartman=20<hartmans-ietf@mit.edu>,=20hokey@ietf. org|Subject:=20Re:=20[HOKEY]=20ERX-12=20--=20Please=20rev iew=20changes|References:=20<47C2945E.9010209@qualcomm.co m>=20<47C2A1AB.1000200@piuha.net>=20<A3DA4C2546E1614D8ACC 896746CDCF29CEC64E@aruba-mx1.arubanetworks.com>=20<47C2F5 29.8060902@qualcomm.com>=20<47C30952.5000200@piuha.net> =20<A3DA4C2546E1614D8ACC896746CDCF29CEC6ED@aruba-mx1.arub anetworks.com>=20<47C31006.60802@piuha.net>=20<A3DA4C2546 E1614D8ACC896746CDCF29CEC757@aruba-mx1.arubanetworks.com> =20<47C32526.2080203@piuha.net>=20<47C32D86.2040204@qualc omm.com>=20<47C32FB2.2080800@piuha.net>=20<BLU137-W3364D3 3E2B6FB4AC6018B593180@phx.gbl>=20<47C33E13.5000404@qualco mm.com>=20<BLU137-W3014B1D52B1475CCBC1D2B93180@phx.gbl> |In-Reply-To:=20<BLU137-W3014B1D52B1475CCBC1D2B93180@phx. gbl>|Content-Type:=20text/plain=3B=20charset=3DISO-8859-1 5=3B=20format=3Dflowed|Content-Transfer-Encoding:=207bit |X-IronPort-AV:=20E=3DMcAfee=3Bi=3D"5200,2160,5237"=3B=20 a=3D"906687"; bh=D3MrnLaa0EqvktH3FjyNAAeJ7sh9wy6IdsrP5Les8KI=; b=OAaHZ7swLc+l92Vn/zXw6RC8gJlPpphqqfYWczHgZkYbml7AwsjGKODG 05XsNiue6LhfIEx8YhExjr+uJSf4+4nyMhwgbtzPLuTcZFbd2JF4/wrbG 7lUh3dySYydH1Nlf8SXunnzjK6jGCGt/MM+bWe8IfviwCab3E+eBDZjuM A=;
X-IronPort-AV: E=McAfee;i="5200,2160,5237"; a="906687"
Received: from pdmz-ns-mip.qualcomm.com (HELO ithilien.qualcomm.com) ([199.106.114.10]) by wolverine01.qualcomm.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 25 Feb 2008 17:31:11 -0800
Received: from msgtransport03.qualcomm.com (msgtransport03.qualcomm.com [129.46.61.154]) by ithilien.qualcomm.com (8.14.2/8.14.2/1.0) with ESMTP id m1Q1VAJj025303 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Mon, 25 Feb 2008 17:31:10 -0800
Received: from [129.46.78.229] (ldondeti.na.qualcomm.com [129.46.78.229]) by msgtransport03.qualcomm.com (8.14.2/8.14.2/1.0) with ESMTP id m1Q1V8nk024422 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Mon, 25 Feb 2008 17:31:09 -0800
Message-ID: <47C36BDC.6010909@qualcomm.com>
Date: Mon, 25 Feb 2008 17:31:08 -0800
From: Lakshminath Dondeti <ldondeti@qualcomm.com>
User-Agent: Thunderbird 2.0.0.9 (Windows/20071031)
MIME-Version: 1.0
To: Bernard Aboba <bernard_aboba@hotmail.com>
References: <47C2945E.9010209@qualcomm.com> <47C2A1AB.1000200@piuha.net> <A3DA4C2546E1614D8ACC896746CDCF29CEC64E@aruba-mx1.arubanetworks.com> <47C2F529.8060902@qualcomm.com> <47C30952.5000200@piuha.net> <A3DA4C2546E1614D8ACC896746CDCF29CEC6ED@aruba-mx1.arubanetworks.com> <47C31006.60802@piuha.net> <A3DA4C2546E1614D8ACC896746CDCF29CEC757@aruba-mx1.arubanetworks.com> <47C32526.2080203@piuha.net> <47C32D86.2040204@qualcomm.com> <47C32FB2.2080800@piuha.net> <BLU137-W3364D33E2B6FB4AC6018B593180@phx.gbl> <47C33E13.5000404@qualcomm.com> <BLU137-W3014B1D52B1475CCBC1D2B93180@phx.gbl>
In-Reply-To: <BLU137-W3014B1D52B1475CCBC1D2B93180@phx.gbl>
Cc: Sam Hartman <hartmans-ietf@mit.edu>, hokey@ietf.org
Subject: Re: [HOKEY] ERX-12 -- Please review changes
X-BeenThere: hokey@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: HOKEY WG Mailing List <hokey.ietf.org>
List-Unsubscribe: <http://www.ietf.org/mailman/listinfo/hokey>, <mailto:hokey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/hokey>
List-Post: <mailto:hokey@ietf.org>
List-Help: <mailto:hokey-request@ietf.org?subject=help>
List-Subscribe: <http://www.ietf.org/mailman/listinfo/hokey>, <mailto:hokey-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: hokey-bounces@ietf.org
Errors-To: hokey-bounces@ietf.org

Hi Bernard,

I have reviewed draft-ohba-eap-kde-01 before and it does not meet fast 
reauthentication goals.  Please see below:

On 2/25/2008 3:24 PM, Bernard Aboba wrote:
> 
> [BA] I've recently seen a draft (from Yoshi, submitted today) that  seems
> to provide similar functionality with no changes to RFC 3748.  Although
> I haven't reviewed the document in depth, it did seem to provide
> method-independent re-authentication without multiple round-trips
> (at least for case of a local ERX server, which is the most important
> one from a performance point of view). 

The number of roundtrips on the access link is 3, if we take connection 
open or an equivalent into account.  With ERP, the peer can start 
sending authenticated data after 1 RT.

> 
> This document will probably be discussed in IEEE 802, which could adopt
> it as their approach to EAP re-authentication going forward.

In other access technologies, the handover latency requirements are more 
stringent and they have already adopted ERP and waiting for publication 
of the ERP RFC.  Without further optimizations, 802.11 with 3 RTs or 
more for connection setup and EAP-KDE and 2 more for the 4-way exchange 
has little to no hope of really achieving low handover latency.

That model does not fit for voice call continuity.

regards,
Lakshminath

> 
> If possible, it would be good to have a single standard for this, as opposed
> to multiple competing ones.

_______________________________________________
HOKEY mailing list
HOKEY@ietf.org
http://www.ietf.org/mailman/listinfo/hokey

v2.23.0 | Report a Bug | By Email