Re: [HOKEY] [hokey] #8: Another benefit to 3.1.1 is that re-auth can take place when the home AAA is unavailable
Qin Wu <bill.wu@huawei.com> Sat, 08 October 2011 03:28 UTC
Return-Path: <bill.wu@huawei.com>
X-Original-To: hokey@ietfa.amsl.com
Delivered-To: hokey@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AEA6E21F899F for <hokey@ietfa.amsl.com>; Fri, 7 Oct 2011 20:28:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.66
X-Spam-Level:
X-Spam-Status: No, score=-5.66 tagged_above=-999 required=5 tests=[AWL=0.939, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q7bTjZTT4nce for <hokey@ietfa.amsl.com>; Fri, 7 Oct 2011 20:28:03 -0700 (PDT)
Received: from szxga01-in.huawei.com (szxga01-in.huawei.com [119.145.14.64]) by ietfa.amsl.com (Postfix) with ESMTP id 0CA8821F8922 for <hokey@ietf.org>; Fri, 7 Oct 2011 20:28:03 -0700 (PDT)
Received: from huawei.com (szxga05-in [172.24.2.49]) by szxga05-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTP id <0LSQ00ML99P9PP@szxga05-in.huawei.com> for hokey@ietf.org; Sat, 08 Oct 2011 11:29:33 +0800 (CST)
Received: from szxrg02-dlp.huawei.com ([172.24.2.119]) by szxga05-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTP id <0LSQ00HAD9P52F@szxga05-in.huawei.com> for hokey@ietf.org; Sat, 08 Oct 2011 11:29:33 +0800 (CST)
Received: from szxeml203-edg.china.huawei.com ([172.24.2.119]) by szxrg02-dlp.huawei.com (MOS 4.1.9-GA) with ESMTP id AEC65959; Sat, 08 Oct 2011 11:29:32 +0800
Received: from SZXEML411-HUB.china.huawei.com (10.82.67.138) by szxeml203-edg.china.huawei.com (172.24.2.55) with Microsoft SMTP Server (TLS) id 14.1.270.1; Sat, 08 Oct 2011 11:29:24 +0800
Received: from w53375q (10.138.41.130) by szxeml411-hub.china.huawei.com (10.82.67.138) with Microsoft SMTP Server (TLS) id 14.1.270.1; Sat, 08 Oct 2011 11:29:23 +0800
Date: Sat, 08 Oct 2011 11:29:22 +0800
From: Qin Wu <bill.wu@huawei.com>
X-Originating-IP: [10.138.41.130]
To: Glen Zorn <glenzorn@gmail.com>
Message-id: <C5AB1324695F439DB9E5CB407E9525E8@china.huawei.com>
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.6109
X-Mailer: Microsoft Outlook Express 6.00.2900.5931
Content-type: text/plain; charset="UTF-8"
Content-transfer-encoding: 7bit
X-Priority: 3
X-MSMail-priority: Normal
X-CFilter-Loop: Reflected
References: <058.cd54c742dd6c4f2571b621053e9d190a@trac.tools.ietf.org> <067.775d66f7b96a86e93fe002d5199914eb@trac.tools.ietf.org> <CC503C3CE8244F6AA94451F6880237B5@china.huawei.com> <4E82B834.6000507@gmail.com> <841E6BAEC8A84A34A8894CA62E1DE1FA@china.huawei.com> <4E8ADF1F.8000804@gmail.com>
Cc: draft-ietf-hokey-arch-design@tools.ietf.org, hokey@ietf.org
Subject: Re: [HOKEY] [hokey] #8: Another benefit to 3.1.1 is that re-auth can take place when the home AAA is unavailable
X-BeenThere: hokey@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: HOKEY WG Mailing List <hokey.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hokey>, <mailto:hokey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hokey>
List-Post: <mailto:hokey@ietf.org>
List-Help: <mailto:hokey-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hokey>, <mailto:hokey-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 08 Oct 2011 03:28:03 -0000
Hi, ----- Original Message ----- From: "Glen Zorn" <glenzorn@gmail.com> To: "Qin Wu" <bill.wu@huawei.com> Cc: <hokey@ietf.org>; <draft-ietf-hokey-arch-design@tools.ietf.org> Sent: Tuesday, October 04, 2011 6:25 PM Subject: Re: [HOKEY] [hokey] #8: Another benefit to 3.1.1 is that re-auth can take place when the home AAA is unavailable > On 9/28/2011 1:07 PM, Qin Wu wrote: >> ----- Original Message ----- >> From: "Glen Zorn" <glenzorn@gmail.com> >> To: "Qin Wu" <bill.wu@huawei.com> >> Cc: <hokey@ietf.org>; <draft-ietf-hokey-arch-design@tools.ietf.org> >> Sent: Wednesday, September 28, 2011 2:01 PM >> Subject: Re: [HOKEY] [hokey] #8: Another benefit to 3.1.1 is that re-auth can take place when the home AAA is unavailable >> >> >>> On 9/28/2011 10:50 AM, Qin Wu wrote: >>> >>> ... >>> >>>>> #8: Another benefit to 3.1.1 is that re-auth can take place when the home AAA >>>>> is unavailable >>> >>>>> It's not clear to me how this can be integrated into 3.1.1. How about >>>>> adding another "bullet point" section 3.1 and a new section 3.3? >>>> >>>> [Qin]: I think we don't need to take action since this benefit has already been covered by the section 3.1.1. >>> >>> Apparently the person who made the comment didn't think so. ;-) >>> >>>> If additional text is needed, it will be good to add this text into the section 3.1.1, my suggested text is as follows: >>>> OLD TEXT >>>> " >>>> Ideally, a peer should only need to communicate with local servers >>>> and other local entities. >>>> " >>>> NEW TEXT >>>> " >>>> Ideally, a peer should only need to communicate with local servers >>>> and other local entities without home servers involvement. >>>> " >>> >>> OK, but how does his point out the benefit mentioned? >> >> [Qin]: I add addtional text "without home servers involvement" after >> the last sentence >> " >> Ideally, a peer should only need to communicate with local servers >> and other local entities. > > I really think that this is important enough to be listed as a goal, so > I put it in as one; please howl with dispatch, if necessary :-). [Qin]: I have no objection to have a indepdent sub-section to describe this goal if you insist on this. I like to propose the following text as follows: " 3.1.x Enable Re-authentication without home servers When the peer moves out of home domain, there may be a ER server present in the visited domain and the ER server possess the root key for authentication in its local database. In this case, it should be allowed that the Re-auth take place without the home servers involvement or when the home servers are unavailable. This limit communication in the local domain and also avoids unecessary communication with the home domain. " If you have better text, please say. >> " >> >>> .. >
- Re: [HOKEY] [hokey] #8: Another benefit to 3.1.1 … hokey issue tracker
- Re: [HOKEY] [hokey] #8: Another benefit to 3.1.1 … Qin Wu
- Re: [HOKEY] [hokey] #8: Another benefit to 3.1.1 … Glen Zorn
- Re: [HOKEY] [hokey] #8: Another benefit to 3.1.1 … Qin Wu
- Re: [HOKEY] [hokey] #8: Another benefit to 3.1.1 … Glen Zorn
- Re: [HOKEY] [hokey] #8: Another benefit to 3.1.1 … Qin Wu