IETF Logo Mail Archive

Re: [HOKEY] ERX-12 -- Please review changes

Lakshminath Dondeti <ldondeti@qualcomm.com> Tue, 26 February 2008 18:15 UTC

Return-Path: <hokey-bounces@ietf.org>
X-Original-To: ietfarch-hokey-archive@core3.amsl.com
Delivered-To: ietfarch-hokey-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 350D228C453; Tue, 26 Feb 2008 10:15:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.779
X-Spam-Level:
X-Spam-Status: No, score=-1.779 tagged_above=-999 required=5 tests=[AWL=-1.942, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, J_CHICKENPOX_33=0.6, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bA5+MbIUha5f; Tue, 26 Feb 2008 10:15:35 -0800 (PST)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8395C3A6BE5; Tue, 26 Feb 2008 10:15:35 -0800 (PST)
X-Original-To: hokey@core3.amsl.com
Delivered-To: hokey@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1FAF13A67F8 for <hokey@core3.amsl.com>; Tue, 26 Feb 2008 10:15:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Rd08Za9HdXNo for <hokey@core3.amsl.com>; Tue, 26 Feb 2008 10:15:33 -0800 (PST)
Received: from wolverine01.qualcomm.com (wolverine01.qualcomm.com [199.106.114.254]) by core3.amsl.com (Postfix) with ESMTP id 2537A3A6BDD for <hokey@ietf.org>; Tue, 26 Feb 2008 10:15:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=qualcomm.com; i=ldondeti@qualcomm.com; q=dns/txt; s=qcdkim; t=1204049727; x=1235585727; h=message-id:date:from:user-agent:mime-version:to:cc: subject:references:in-reply-to:content-type: content-transfer-encoding:x-ironport-av; z=Message-ID:=20<47C4573A.1030100@qualcomm.com>|Date:=20Tu e,=2026=20Feb=202008=2010:15:22=20-0800|From:=20Lakshmina th=20Dondeti=20<ldondeti@qualcomm.com>|User-Agent:=20Thun derbird=202.0.0.9=20(Windows/20071031)|MIME-Version:=201. 0|To:=20Rafa=20Marin=20Lopez=20<rafa@um.es>|CC:=20Bernard =20Aboba=20<bernard_aboba@hotmail.com>,=0D=0A=20=20=20=20 =20=20=20=20Sam=20Hartman=20<hartmans-ietf@mit.edu>,=20ho key@ietf.org|Subject:=20Re:=20[HOKEY]=20ERX-12=20--=20Ple ase=20review=20changes|References:=20<47C2945E.9010209@qu alcomm.com>=20<47C2A1AB.1000200@piuha.net>=09<A3DA4C2546E 1614D8ACC896746CDCF29CEC64E@aruba-mx1.arubanetworks.com> =09<47C2F529.8060902@qualcomm.com>=20<47C30952.5000200@pi uha.net>=09<A3DA4C2546E1614D8ACC896746CDCF29CEC6ED@aruba- mx1.arubanetworks.com>=09<47C31006.60802@piuha.net>=09<A3 DA4C2546E1614D8ACC896746CDCF29CEC757@aruba-mx1.arubanetwo rks.com>=09<47C32526.2080203@piuha.net>=20<47C32D86.20402 04@qualcomm.com>=09<47C32FB2.2080800@piuha.net>=09<BLU137 -W3364D33E2B6FB4AC6018B593180@phx.gbl>=09<47C33E13.500040 4@qualcomm.com>=09<BLU137-W3014B1D52B1475CCBC1D2B93180@ph x.gbl>=20<47C36BDC.6010909@qualcomm.com>=20<47C3F976.6060 403@um.es>|In-Reply-To:=20<47C3F976.6060403@um.es> |Content-Type:=20text/plain=3B=20charset=3DISO-8859-15=3B =20format=3Dflowed|Content-Transfer-Encoding:=207bit |X-IronPort-AV:=20E=3DMcAfee=3Bi=3D"5200,2160,5238"=3B=20 a=3D"919436"; bh=s6Zi1A8OQ80/Ol433k1qEI5WM+NzbI+SjLxSWIHnw7I=; b=n8o/HF/TVWf2ytUPv3G0a4xGQjiBzFBaSC4TsHnEhR8IQVLiqp0TrihB l9KeJFC1U3wOdoEYmvkye4XDM6U8eWGg3mJZHZ8K3h386cEME2t6buJA8 dSjamepAg2JNv0hAl8w2KyC0spMqNThjuu9YQDRnLzL8ZU16Qa1HGWyR7 8=;
X-IronPort-AV: E=McAfee;i="5200,2160,5238"; a="919436"
Received: from pdmz-ns-mip.qualcomm.com (HELO ithilien.qualcomm.com) ([199.106.114.10]) by wolverine01.qualcomm.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 26 Feb 2008 10:15:27 -0800
Received: from msgtransport02.qualcomm.com (msgtransport02.qualcomm.com [129.46.61.151]) by ithilien.qualcomm.com (8.14.2/8.14.2/1.0) with ESMTP id m1QIFQU0027870 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Tue, 26 Feb 2008 10:15:26 -0800
Received: from [129.46.78.229] (ldondeti.na.qualcomm.com [129.46.78.229]) by msgtransport02.qualcomm.com (8.14.2/8.14.2/1.0) with ESMTP id m1QIFPpt029121 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Tue, 26 Feb 2008 10:15:25 -0800
Message-ID: <47C4573A.1030100@qualcomm.com>
Date: Tue, 26 Feb 2008 10:15:22 -0800
From: Lakshminath Dondeti <ldondeti@qualcomm.com>
User-Agent: Thunderbird 2.0.0.9 (Windows/20071031)
MIME-Version: 1.0
To: Rafa Marin Lopez <rafa@um.es>
References: <47C2945E.9010209@qualcomm.com> <47C2A1AB.1000200@piuha.net> <A3DA4C2546E1614D8ACC896746CDCF29CEC64E@aruba-mx1.arubanetworks.com> <47C2F529.8060902@qualcomm.com> <47C30952.5000200@piuha.net> <A3DA4C2546E1614D8ACC896746CDCF29CEC6ED@aruba-mx1.arubanetworks.com> <47C31006.60802@piuha.net> <A3DA4C2546E1614D8ACC896746CDCF29CEC757@aruba-mx1.arubanetworks.com> <47C32526.2080203@piuha.net> <47C32D86.2040204@qualcomm.com> <47C32FB2.2080800@piuha.net> <BLU137-W3364D33E2B6FB4AC6018B593180@phx.gbl> <47C33E13.5000404@qualcomm.com> <BLU137-W3014B1D52B1475CCBC1D2B93180@phx.gbl> <47C36BDC.6010909@qualcomm.com> <47C3F976.6060403@um.es>
In-Reply-To: <47C3F976.6060403@um.es>
Cc: Bernard Aboba <bernard_aboba@hotmail.com>, Sam Hartman <hartmans-ietf@mit.edu>, hokey@ietf.org
Subject: Re: [HOKEY] ERX-12 -- Please review changes
X-BeenThere: hokey@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: HOKEY WG Mailing List <hokey.ietf.org>
List-Unsubscribe: <http://www.ietf.org/mailman/listinfo/hokey>, <mailto:hokey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/hokey>
List-Post: <mailto:hokey@ietf.org>
List-Help: <mailto:hokey-request@ietf.org?subject=help>
List-Subscribe: <http://www.ietf.org/mailman/listinfo/hokey>, <mailto:hokey-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: hokey-bounces@ietf.org
Errors-To: hokey-bounces@ietf.org

On 2/26/2008 3:35 AM, Rafa Marin Lopez wrote:
> Hi Lakshminath,
> 
> Lakshminath Dondeti wrote:
>> Hi Bernard,
>>
>> I have reviewed draft-ohba-eap-kde-01 before and it does not meet fast 
>> reauthentication goals. 
> Please see my comments inline.
> 
>>  Please see below:
>>
>> On 2/25/2008 3:24 PM, Bernard Aboba wrote:
>>> [BA] I've recently seen a draft (from Yoshi, submitted today) that  
>>> seems
>>> to provide similar functionality with no changes to RFC 3748.  Although
>>> I haven't reviewed the document in depth, it did seem to provide
>>> method-independent re-authentication without multiple round-trips
>>> (at least for case of a local ERX server, which is the most important
>>> one from a performance point of view). 
>>
>> The number of roundtrips on the access link is 3,
>>  if we take connection open or an equivalent into account.  With ERP, 
>> the peer can start sending authenticated data after 1 RT.
>>
>>> This document will probably be discussed in IEEE 802, which could adopt
>>> it as their approach to EAP re-authentication going forward.
>>
>> In other access technologies, the handover latency requirements are 
>> more stringent and they have already adopted ERP and waiting for 
>> publication of the ERP RFC.  Without further optimizations, 802.11 
>> with 3 RTs or more for connection setup and EAP-KDE and 2 more for the 
>> 4-way exchange has little to no hope of really achieving low handover 
>> latency.
> 
> The reality is EAP-KDE is only adding a roundtrip in the ACCESS LINK 
> (between peer and authenticator) with respect to ERP,
> and NOT between authenticator and server, which is actually the bottleneck.

Hi Rafa,

Not according to people who design fast handover schemes.  I understand 
the issues with the backhaul, but in addition to that if the idea is to 
provide voice call continuity and if we want to budget for less than 
favorable radio conditions, cell density etc., we don't have the luxury 
of as many round trips as we want even in the access link.


> 
> EAP-KDE:
> 
> <-- EAP-Request/KDE{KDE0}
> --> EAP-Response/KDE{KDE1}   --> AAA{KDE2}
> <-- EAP-Request/KDE{KDE4}    <-- AAA{KDE3, authorization data}
> --> EAP-Response/KDE{}
> <-- EAP-Success
> 
> ERP:
> 
> <-- EAP Initiate/Re-auth-Start
> --> EAP Initiate/Re-auth --> AAA{EAP Initiate/Re-auth}
> <-- EAP Finish/Re-auth <-- AAA{EAP Finish/Re-auth}
> 
> 
> As you may observe, this additional roundtrip is exchanged between peer 
> and authenticator. Furthermore, EAP-Response/KDE{} and EAP Success are 
> very simple messages, so i would expect a really low processing time. So 
> my question is how many ms do you expect in that exchange in order to 
> affirm it does not meet a fast re-authentication goal?.

Simple is good, but not sufficient; how soon can the data packets be 
transmitted after handover is the issue.  It helps me to think about 
voice call continuity.

> 
> Furthermore, as Yoshi mentioned pre-authentication is also possible 
> (e.g. based on EAP-KDE) and that time would not affect at all.
> 
> In any case, the situation is that ERP would require modifications in 
> EAP-layer and existing EAP lower-layers to operate, but EAP-KDE avoids 
> those modifications (at the cost of an additional single roundtrip in 
> the access link which, to me, it should not be a major problem).

It turns out modifications to authenticators was the issue and EAP-KDE 
would also require modifications to the authenticators.  As I noted 
elsewhere, any modifications to lower layers are quite minimal.

Finally, if a link layer is to provide fast reauthentication, they need 
to do some work; EAP is just one aspect.  So, the idea that somehow we 
can drop in a new IETF protocol would be everything that needs to be 
done for fast reauthentication is somewhat sophomoric.  Last I checked, 
the 11r specification has more than 100 pages.

regards,
Lakshminath

> 
> 
>> -- 
>> ------------------------------------------------------
>> Rafael Marin Lopez
>> Dept. Information and Communications Engineering (DIIC)
>> Faculty of Computer Science-University of Murcia
>> 30100 Murcia - Spain
>> Telf: +34968398501    e-mail: rafa@um.es
>> ------------------------------------------------------
>>   
> 
_______________________________________________
HOKEY mailing list
HOKEY@ietf.org
http://www.ietf.org/mailman/listinfo/hokey

v2.23.0 | Report a Bug | By Email