Re: [HOKEY] [Dime] DiME ERP: new Application ID or not ? (non-roaming case)
"Glen Zorn" <glenzorn@comcast.net> Tue, 10 March 2009 16:38 UTC
Return-Path: <glenzorn@comcast.net>
X-Original-To: hokey@core3.amsl.com
Delivered-To: hokey@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B97AC3A69B8 for <hokey@core3.amsl.com>; Tue, 10 Mar 2009 09:38:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.323
X-Spam-Level:
X-Spam-Status: No, score=-2.323 tagged_above=-999 required=5 tests=[AWL=0.276, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xy1pNFv0iM0F for <hokey@core3.amsl.com>; Tue, 10 Mar 2009 09:38:52 -0700 (PDT)
Received: from QMTA01.emeryville.ca.mail.comcast.net (qmta01.emeryville.ca.mail.comcast.net [76.96.30.16]) by core3.amsl.com (Postfix) with ESMTP id A67203A67C0 for <hokey@ietf.org>; Tue, 10 Mar 2009 09:38:52 -0700 (PDT)
Received: from OMTA03.emeryville.ca.mail.comcast.net ([76.96.30.27]) by QMTA01.emeryville.ca.mail.comcast.net with comcast id RPEa1b0010b6N64A1UfN6Z; Tue, 10 Mar 2009 16:39:22 +0000
Received: from gwzPC ([206.191.100.200]) by OMTA03.emeryville.ca.mail.comcast.net with comcast id RUfE1b01L4KR1eN8PUfGPY; Tue, 10 Mar 2009 16:39:26 +0000
From: Glen Zorn <glenzorn@comcast.net>
To: 'Julien Bournelle' <julien.bournelle@gmail.com>, 'Hannes Tschofenig' <Hannes.Tschofenig@gmx.net>
References: <5e2406980903032305k48ad83b7r1015e61c6ed983ae@mail.gmail.com> <020e01c99ca1$3b704150$2fb4b70a@nsnintra.net> <5e2406980903040203i26ab161bs3f221dc4ac03ed7@mail.gmail.com> <021601c99f18$ee622250$0201a8c0@nsnintra.net> <5e2406980903100314ycaf2a26mebff07d6e8ad395a@mail.gmail.com>
In-Reply-To: <5e2406980903100314ycaf2a26mebff07d6e8ad395a@mail.gmail.com>
Date: Tue, 10 Mar 2009 09:38:26 -0700
Message-ID: <006b01c9a19e$aa68cf30$ff3a6d90$@net>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: AcmhaPs1FWHACGiOTtqkh/c2rKtnWQANYvLg
Content-Language: en-us
Cc: dime@ietf.org, hokey@ietf.org
Subject: Re: [HOKEY] [Dime] DiME ERP: new Application ID or not ? (non-roaming case)
X-BeenThere: hokey@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: HOKEY WG Mailing List <hokey.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hokey>, <mailto:hokey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hokey>
List-Post: <mailto:hokey@ietf.org>
List-Help: <mailto:hokey-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hokey>, <mailto:hokey-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Mar 2009 16:38:56 -0000
Can we include the hokey WG in this discussion, please? > -----Original Message----- > From: dime-bounces@ietf.org [mailto:dime-bounces@ietf.org] On Behalf Of > Julien Bournelle > Sent: Tuesday, March 10, 2009 3:14 AM > To: Hannes Tschofenig > Cc: dime@ietf.org > Subject: Re: [Dime] DiME ERP: new Application ID or not ? (non-roaming > case) > > Hi hannes, > > On Sat, Mar 7, 2009 at 12:36 PM, Hannes Tschofenig > <Hannes.Tschofenig@gmx.net> wrote: > > I also have to add ... > > > > If you define a new Diameter Application ID then you have to decide > which > > application to use as a baseline. If you look at Section 5.1 of > > http://www.ietf.org/internet-drafts/draft-ietf-dime-mip6-split-16.txt > then > > you see that the Mobile IPv6 specific AVPs are optional in the > Command Code > > ABNF. Hence, building on EAP is probably not such a bad idea. > > Not sure to understand your comment. If we define a new App-Id we > won't build the application on Diameter EAP. It will be orthogonal. > What do you mean ? > > > > There is also the question how much you want to say about Mobile IPv6 > > bootstrapping in the ERP document. > > Yes, Diameter ERP could be used along with Diameter EAP or Diameter > Mobile IPv6. > > Regards, > > Julien > > > > > > > Ciao > > Hannes > > > >>-----Original Message----- > >>From: Julien Bournelle [mailto:julien.bournelle@gmail.com] > >>Sent: 04 March, 2009 12:03 > >>To: Hannes Tschofenig > >>Cc: dime@ietf.org > >>Subject: Re: [Dime] DiME ERP: new Application ID or not ? > >>(non-roaming case) > >> > >>hi hannes, > >> > >> see inline, > >> > >>On Wed, Mar 4, 2009 at 9:14 AM, Hannes Tschofenig > >><Hannes.Tschofenig@gmx.net> wrote: > >>> Hi Julien, > >>> > >>> When we discussed this at the phone conference call (and the > >>> discussion is also captured in the meeting minutes) then I thought > >>> that the conclusion was to define a new Diameter application > >>for this exchange: > >>> > >>> > >>> Peer Authenticator Server > >>> ==== ============= ====== > >>> > >>> [<-- EAP-Initiate/ ----- > >>> Re-auth-Start] > >>> [<-- EAP-Request/ ------ > >>> Identity] > >>> > >>> > >>> ---- EAP-Initiate/ ----> ----AAA(EAP-Initiate/ ----------> > >>> Re-auth/ Re-auth/ > >>> [Bootstrap] [Bootstrap]) > >>> > >>> <--- EAP-Finish/ ------> <---AAA(rMSK,EAP-Finish/--------- > >>> Re-auth/ Re-auth/ > >>> [Bootstrap] [Bootstrap]) > >>> > >>> Note: [] brackets indicate optionality. > >>> > >>> Figure 2: ERP Exchange > >>> > >>> (The server in the figure above is the HOKEY server, a dedicated > >>> entity.) > >>> > >>> > >>> The initial EAP authentication is left untouched and, as Glen > >>> explained us, there is the assumption that the AAA entities work > >>> together with the HOKEY servers in a non-standardized way. > >>To me that sounded like a good plan. > >>> > >>> Does this make any sense? > >> > >> Taking into accounts that we have one app-id for Diameter EAP > >>(I would say NASREQ-EAP) AND soon another app-id for Diameter > >>MIP6 (which also use EAP for authentication). It certainly > >>make sense to not reuse the same App-ID for ERP if we want to > >>use ERP for the mip6 case. > >> > >> Let's see if others have opinion. > >> > >> Regards, > >> > >> Julien > >> > >>> > >>> > >>> The non-HOKEY expert > >>> Hannes > >>> > >>> PS: I never said that this is specific document is going to > >>be trivial > >>> :-) > >>> > >>>>-----Original Message----- > >>>>From: dime-bounces@ietf.org [mailto:dime-bounces@ietf.org] On > Behalf > >>>>Of Julien Bournelle > >>>>Sent: 04 March, 2009 09:05 > >>>>To: dime@ietf.org > >>>>Subject: [Dime] DiME ERP: new Application ID or not ? > >>>>(non-roaming case) > >>>> > >>>>Hi all, > >>>> > >>>> we try to solve the issue concerning the need for a new > >>App-Id or not. > >>>> > >>>> The ERP protocol (RFC 5296) is to be used along with EAP. It > >>>>basically defines two new EAP codes and uses keying material > derived > >>>>from a first EAP authentication. > >>>> > >>>> To start the discussion, let's take the non-roaming case. > >>>> > >>>> In non-roaming, we have first an EAP authentication using Diameter > >>>>EAP. > >>>> Then, for reauthentication using ERP, we have two messages > >>>>(Request/Response) between NAS and the AAA/ERP server carrying EAP > >>>>packets > >>>> > >>>> See (http://tools.ietf.org/html/rfc5296#page-6) > >>>> > >>>> So, either we reuse the Diameter EAP Application (DER/DEA) or we > >>>>define a new Diameter Application. > >>>> > >>>> If we use a new Diameter Application, a new Diameter > >>session will be > >>>>created and eventually a new Diameter server will be reached. What > >>>>bothers me in this case is that we basically perform a > >>>>reauthentication for the same session which is primarly > >>handled at the > >>>>AAA/EAP server. So, i'm wondering what happens concerning > >>>>Authorization Lifetime session etc.. > >>>> > >>>> Note that I still don't have strong opinion and I'll be > >>glad to hear > >>>>opinions from others. > >>>> > >>>> Regards, > >>>> > >>>> Julien > >>>>_______________________________________________ > >>>>DiME mailing list > >>>>DiME@ietf.org > >>>>https://www.ietf.org/mailman/listinfo/dime > >>>> > >>> > >>> > >> > > > > > _______________________________________________ > DiME mailing list > DiME@ietf.org > https://www.ietf.org/mailman/listinfo/dime
- Re: [HOKEY] [Dime] DiME ERP: new Application ID o… Glen Zorn
- Re: [HOKEY] [Dime] DiME ERP: new Application ID o… Hannes Tschofenig
- Re: [HOKEY] [Dime] DiME ERP: new Application ID o… Qin Wu
- Re: [HOKEY] [Dime] DiME ERP: new Application ID o… Julien Bournelle
- Re: [HOKEY] [Dime] DiME ERP: new Application ID o… Hannes Tschofenig
- Re: [HOKEY] [Dime] DiME ERP: new Application ID o… Qin Wu
- Re: [HOKEY] [Dime] DiME ERP: new Application ID o… Julien Bournelle
- Re: [HOKEY] [Dime] DiME ERP: new Application ID o… Julien Bournelle
- Re: [HOKEY] [Dime] DiME ERP: new Application ID o… Julien Bournelle
- Re: [HOKEY] [Dime] DiME ERP: new Application ID o… Qin Wu
- Re: [HOKEY] [Dime] DiME ERP: new Application ID o… Hannes Tschofenig
- Re: [HOKEY] [Dime] DiME ERP: new Application ID o… Hannes Tschofenig
- [HOKEY] DiME ERP - Getting the message flows right Hannes Tschofenig
- Re: [HOKEY] [Dime] DiME ERP: new Application ID o… Qin Wu
- Re: [HOKEY] [Dime] DiME ERP: new Application ID o… Qin Wu
- Re: [HOKEY] DiME ERP - Getting the message flows … Qin Wu
- Re: [HOKEY] [Dime] DiME ERP - Getting the message… Hannes Tschofenig
- Re: [HOKEY] DiME ERP - Getting the message flows … Hannes Tschofenig
- Re: [HOKEY] [Dime] DiME ERP: new Application ID o… Qin Wu
- Re: [HOKEY] [Dime] DiME ERP - Getting the message… Behcet Sarikaya
- Re: [HOKEY] [Dime] DiME ERP - Getting the message… Hannes Tschofenig
- Re: [HOKEY] [Dime] DiME ERP - Getting the message… Tschofenig, Hannes (NSN - FI/Espoo)
- Re: [HOKEY] [Dime] DiME ERP: new Application ID o… Qin Wu