RE: [Mipshop] Gauging interest in official WG adoption of internetdrafts

["Narayanan, Vidya" <vidyan@qualcomm.com>]

Yoshi,
I don't think Sam's concern is AAA-assisted application keying in
general. If so, RFC 3957 and RFC 4004 (and other such RFCs) should never
have become RFCs. Also, if that argument in fact holds true, there
should be no place for Diameter SIP applications and the like. 

Sam's concern is about using EAP-generated keying material for
applications, since it obviously crosses layers in a manner that EAP was
not intended for. 

If you note, our draft is very much along the lines of MIP-AAA
interactions in Mobile IPv4. This is something that is standards track,
well understood and well proven. 

As Lakshminath pointed out, appendix A is an example of using the
EAP-generated AMSK as the HMK - it was always intended to be a separate
I-D even if it was the right way to do it and hence will be removed from
the draft as the work progresses. 

If more people actually think there is an issue here, I'd be happy to
run it by Sam and Russ. However, I strongly believe that this step is
not required at this time, since we have precedence with approved
standards track documents along very similar lines.  

Thanks,
Vidya 

> -----Original Message-----
> From: Yoshihiro Ohba [mailto:yohba@tari.toshiba.com] 
> Sent: Saturday, March 25, 2006 6:22 PM
> To: Dondeti, Lakshminath
> Cc: mipshop@ietf.org
> Subject: Re: [Mipshop] Gauging interest in official WG 
> adoption of internetdrafts
> 
> As far as I understand, Sam's concern is not only on 
> application keying using AMSK but also AAA-assisted 
> application keying in general.
> So I am not sure if your suggested remedy really addresses 
> the concern.  I'd suggest asking Sam's opinon before moving forward.
> 
> Best regards,
> Yoshihiro Ohba
> 
> On Sat, Mar 25, 2006 at 05:36:46PM -0800, Lakshminath Dondeti wrote:
> > Disclaimer: I work with one of the authors (Vidya) of the 
> > handover-keys-aaa I-D, although didn't contribute to the 
> draft in anyway.
> > 
> > I just read the parts of the I-D that seem to be 
> contentious and note 
> > that the reference to AMSKs is merely an example and the HMK can be 
> > established through other means, say by preprovisioning.
> > 
> > That said, I think it is best to remove Appendix A (I am not sure 
> > about A.1, that probably should stay and resolved later) as it 
> > reproduces a key hierarchy and key derivation process that is still 
> > under active discussion.
> > 
> > regards,
> > Lakshminath
> > 
> > At 04:25 PM 3/25/2006, Yoshihiro Ohba wrote:
> > >I have a reservation on 
> draft-vidya-mipshop-handover-keys-aaa-01.txt.
> > >
> > >The draft describes a AAA-assisted key management protocol to 
> > >generate handover keys for protecting signaling between MN 
> and AR.  I 
> > >am viewing the proposal as an application keying for FMIPv6 and 
> > >possibly other protocols.  However, in the IETF65 hoakey BOF, Sam 
> > >Hartman, a Security AD, raised concern on application 
> keying.  As a 
> > >consequence, the hoakey BOF chairs made a decision to exclude 
> > >application keying from the BOF charter, expecting 
> application keying 
> > >to be discussed in a separate BOF.
> > >
> > >Thus, it might be wiser to hold this draft until there is a clear 
> > >consensus on how to deal with application keying in the IETF.
> > >
> > >Best regards,
> > >Yoshihiro Ohba
> > >
> > >
> > >On Tue, Mar 21, 2006 at 11:49:36PM -0800, gabriel montenegro wrote:
> > >> Folks,
> > >>
> > >> In today's meeting we talked about 4 potential items up for
> > >adoption as official working
> > >> groups. Talking with folks after the meeting, we've decided to
> > >add two more to the list
> > >> of items we'll ask the WG whether we should adopt. This is the
> > >follow-up email to today's
> > >> discussion, to make sure we ask this on the mailing list.
> > >>
> > >> So the question to the WG is: Should we adopt the following
> > >documents as official WG
> > >> items (based on the individual drafts as noted below)?:
> > >>
> > >> 1. draft-ietf-mipshop-fmipv6-rev-XX.txt
> > >> based on draft-koodli-mipshop-rfc4068bis-00.txt
> > >>
> > >> 2. draft-ietf-mipshop-handover-keys-aaa-XX.txt
> > >> based on  draft-vidya-mipshop-handover-keys-aaa-01.txt
> > >>
> > >> 3. draft-ietf-mipshop-handover-key-send-XX.txt
> > >> based on draft-kempf-mobopts-handover-key-01.txt (currently 
> > >> expired)
> > >>
> > >> 4. draft-ietf-mipshop-fh80216e-XX.txt
> > >> based on draft-jang-mipshop-fh80216e-02.txt
> > >>
> > >> 5. draft-ietf-mipshop-3gfh-XX.txt
> > >> based on draft-yokota-mipshop-3gfh-02.txt
> > >>
> > >> 6. draft-ietf-mipshop-cga-cba-XX.txt based on 
> > >> draft-arkko-mipshop-cga-cba-03.txt
> > >>
> > >> Please send comments one way or another through April 4, 2006.
> > >>
> > >> Thanks,
> > >>
> > >> chairs
> > >>
> > >>
> > >> __________________________________________________
> > >> Do You Yahoo!?
> > >> Tired of spam?  Yahoo! Mail has the best spam protection around 
> > >> http://mail.yahoo.com
> > >>
> > >> _______________________________________________
> > >> Mipshop mailing list
> > >> Mipshop@ietf.org
> > >> https://www1.ietf.org/mailman/listinfo/mipshop
> > >>
> > >
> > >_______________________________________________
> > >Mipshop mailing list
> > >Mipshop@ietf.org
> > >https://www1.ietf.org/mailman/listinfo/mipshop
> > 
> > 
> 
> _______________________________________________
> Mipshop mailing list
> Mipshop@ietf.org
> https://www1.ietf.org/mailman/listinfo/mipshop
> 

_______________________________________________
Mipshop mailing list
Mipshop@ietf.org
https://www1.ietf.org/mailman/listinfo/mipshop