IETF Logo Mail Archive

Re: [HOKEY] Review of draft-gaonkar-radext-erp-attrs-02.txt

Charles Clancy <clancy@cs.umd.edu> Tue, 05 February 2008 23:23 UTC

Return-Path: <hokey-bounces@ietf.org>
X-Original-To: ietfarch-hokey-archive@core3.amsl.com
Delivered-To: ietfarch-hokey-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9A1683A6CB3; Tue, 5 Feb 2008 15:23:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.534
X-Spam-Level:
X-Spam-Status: No, score=-1.534 tagged_above=-999 required=5 tests=[AWL=0.465, BAYES_00=-2.599, J_CHICKENPOX_21=0.6]
Received: from core3.amsl.com ([127.0.0.1]) by localhost (mail.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bOGCFVStKDNO; Tue, 5 Feb 2008 15:23:56 -0800 (PST)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 48D2A3A70C5; Tue, 5 Feb 2008 15:07:51 -0800 (PST)
X-Original-To: hokey@core3.amsl.com
Delivered-To: hokey@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E1FE43A684E for <hokey@core3.amsl.com>; Tue, 5 Feb 2008 15:07:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from core3.amsl.com ([127.0.0.1]) by localhost (mail.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e8q-+la7FguR for <hokey@core3.amsl.com>; Tue, 5 Feb 2008 15:07:48 -0800 (PST)
Received: from ltsnet.net (mail.ltsnet.net [65.127.220.12]) by core3.amsl.com (Postfix) with ESMTP id 27D3B3A6C76 for <hokey@ietf.org>; Tue, 5 Feb 2008 14:47:29 -0800 (PST)
Received: from [10.45.4.23] (office-nat.ltsnet.net [65.127.220.45]) by ltsnet.net (8.13.8/8.13.5) with ESMTP id m15MJ2M7000455; Tue, 5 Feb 2008 17:19:03 -0500
Message-ID: <47A8E9B6.4050300@cs.umd.edu>
Date: Tue, 05 Feb 2008 17:56:54 -0500
From: Charles Clancy <clancy@cs.umd.edu>
User-Agent: Thunderbird 1.5.0.14pre (X11/20071023)
MIME-Version: 1.0
To: Yoshihiro Ohba <yohba@tari.toshiba.com>
References: <C24CB51D5AA800449982D9BCB9032513C2277D@NAEX13.na.qualcomm.com> <4725.69.12.173.8.1199462106.squirrel@www.trepanning.net> <477E65AE.3090003@qualcomm.com> <2069.69.12.173.8.1199475463.squirrel@www.trepanning.net> <20080105002744.GB15789@steelhead.localdomain> <477ED642.5020607@qualcomm.com> <20080105191359.GB18731@steelhead.localdomain> <477FD901.8050404@qualcomm.com> <20080105233105.GC18731@steelhead.localdomain> <007d01c850b1$bdc99f80$395cde80$@net> <20080106231812.GA22289@steelhead.localdomain>
In-Reply-To: <20080106231812.GA22289@steelhead.localdomain>
Cc: Glen Zorn <glenzorn@comcast.net>, hokey@ietf.org
Subject: Re: [HOKEY] Review of draft-gaonkar-radext-erp-attrs-02.txt
X-BeenThere: hokey@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: HOKEY WG Mailing List <hokey.ietf.org>
List-Unsubscribe: <http://www.ietf.org/mailman/listinfo/hokey>, <mailto:hokey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/hokey>
List-Post: <mailto:hokey@ietf.org>
List-Help: <mailto:hokey-request@ietf.org?subject=help>
List-Subscribe: <http://www.ietf.org/mailman/listinfo/hokey>, <mailto:hokey-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: hokey-bounces@ietf.org
Errors-To: hokey-bounces@ietf.org

I'm cleaning up old emails, and came across this one...

Yoshi, I think this is an interesting idea and could benefit HOKEY, but
is ultimately independent of HOKEY.  A generic AAA protocol based on
Kerberos to do key provisioning for end-to-end security would be useful
to many working groups and many protocols that operate over AAA.

--
t. charles clancy, ph.d.                 eng.umd.edu/~tcc
electrical & computer engineering, university of maryland


Yoshihiro Ohba wrote:
> Let me clarify one thing.  What we have discussed about the usage of
> Kerberos (and the usage was dismissed) is for HOKEY 3-party key
> distribution for a couple of use cases described in
> draft-ietf-hokey-key-mgm (and several use cases would be ruled out
> based on a consensus in the Vancouver meeting [I think such a
> consensus must be confirmed over email]).  On the other hand, I don't
> think we have discussed a Kerberos usage for establishing an SA
> between third-party and server in HOKEY 3-party key distribution, and
> that is what I am trying to bring here.
> 
> Yoshihiro Ohba
> 
> 
> On Sun, Jan 06, 2008 at 02:16:08PM -0800, Glen Zorn wrote:
>> Why just not use inter-realm Kerberos to establish an end-to-end SA
>> between EAP server and DSR-KH, and then do DSRK distribution over the
>> established SA?  Inter-realm Kerberos works with chain of trust and
>> should work with the case where AAA proxies are between EAP server and
>> DSR-KH.  The past proposal about Kerberos over RADIUS indicated by
>> Bernard sounds like a good solution.
>> [gwz] 
>> There is another WG dedicated to the discussion of Kerberos.  We have
>> discussed (and dismissed) the usage of Kerberos in this WG several times
>> already & we're not doing it again. 
>> [/gwz]
>>  
>>
>>
> 
> _______________________________________________
> HOKEY mailing list
> HOKEY@ietf.org
> https://www1.ietf.org/mailman/listinfo/hokey
_______________________________________________
HOKEY mailing list
HOKEY@ietf.org
http://www.ietf.org/mailman/listinfo/hokey

v2.23.0 | Report a Bug | By Email