IETF Logo Mail Archive

Re: [Mipshop] Gauging interest in official WG adoption of internet drafts

Lakshminath Dondeti <ldondeti@qualcomm.com> Sun, 26 March 2006 10:32 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FNSXm-0002Uk-HP; Sun, 26 Mar 2006 05:32:22 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FNSXl-0002Uf-PX for mipshop@ietf.org; Sun, 26 Mar 2006 05:32:21 -0500
Received: from ithilien.qualcomm.com ([129.46.51.59]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FNSXl-0001wb-0b for mipshop@ietf.org; Sun, 26 Mar 2006 05:32:21 -0500
Received: from magus.qualcomm.com (magus.qualcomm.com [129.46.61.148]) by ithilien.qualcomm.com (8.13.6/8.12.5/1.0) with ESMTP id k2QAWJh7022152 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Sun, 26 Mar 2006 02:32:19 -0800
Received: from LDONDETI.qualcomm.com (qconnect-10-50-68-59.qualcomm.com [10.50.68.59]) by magus.qualcomm.com (8.13.5/8.12.5/1.0) with ESMTP id k2QAWGBY019869 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Sun, 26 Mar 2006 02:32:18 -0800 (PST)
Message-Id: <6.2.5.6.2.20060326022414.03d581d8@qualcomm.com>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.5.6
Date: Sun, 26 Mar 2006 02:32:18 -0800
To: Yoshihiro Ohba <yohba@tari.toshiba.com>
From: Lakshminath Dondeti <ldondeti@qualcomm.com>
Subject: Re: [Mipshop] Gauging interest in official WG adoption of internet drafts
In-Reply-To: <20060326062152.GF17967@steelhead>
References: <20060322074936.65932.qmail@web81910.mail.mud.yahoo.com> <20060326002555.GC17967@steelhead> <6.2.5.6.2.20060325172313.04096678@qualcomm.com> <20060326022201.GD17967@steelhead> <6.2.5.6.2.20060325202804.040b6e20@qualcomm.com> <20060326062152.GF17967@steelhead>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 7e439b86d3292ef5adf93b694a43a576
Cc: mipshop@ietf.org
X-BeenThere: mipshop@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: mipshop.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/mipshop>, <mailto:mipshop-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:mipshop@ietf.org>
List-Help: <mailto:mipshop-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/mipshop>, <mailto:mipshop-request@ietf.org?subject=subscribe>
Errors-To: mipshop-bounces@ietf.org

Probably my final email on this.

Sec 1.2 hints on where the protocol might be used.  My guess is those 
notes are merely guidelines for potential reuse.

On the single sign-on vs. maintaining a shared secret at a AAA server 
per application, that is a bigger and more importantly orthogonal 
problem, isn't it?  We don't expect this draft to address that 
problem.  If you think about it, it is not a bad idea for 
applications to define their keying requirements, in parallel to 
solving the problem of scalable key provisioning.  In fact, that is 
what I had in mind for suggesting to the authors to list the 
desirable properties on the HMK in this draft.

Hope that helps clarify how I see things.

best wishes,
Lakshminath

At 10:21 PM 3/25/2006, Yoshihiro Ohba wrote:
>I had such an impression because Sam used the term "single sing-on"
>and he seems to like to see wider aspect of bootstrapping multiple
>applications in a separate BOF not just bootstrapping them from EAP or
>AAA.  If the intent of the draft is bootstrapping multiple
>applications not just FMIPv6 (there is text in Sectionn 1.2: "Although
>this document is focused on FMIPv6, it is applicable to other
>protocols as well."), then I believe this could be covered by such a
>BOF.  On the other hand, if the intent of the draft is bootstrapping
>*FMIPv6 only*, it would be OK, but then I don't see much usefulness of
>the draft because I don't believe a sceanario where a AAA server needs
>to maintain a shared secret for each application.
>
>In any case, earlier contact to security AD would be much better to
>avoid the risk of last minute surprise.
>
>Best regards,
>Yoshihiro Ohba
>
>
>
>On Sat, Mar 25, 2006 at 08:36:06PM -0800, Lakshminath Dondeti wrote:
> > Hi,
> >
> > I wonder what gave you that impression.  My understanding of Sam's
> > take is (from the HOAKEY BoF and elsewhere going back to ISMS work
> > etc) that EAP applicability statement has something to say about the
> > use of keying material from EAP for things other than access
> > authentication.  (I'll also note that that discussion/debate continues).
> >
> > That aside, there is no objection to AAA-assisted keying from him.
> >
> > In addition to what I wrote earlier, I suggest to Vidya et. al., to
> > describe desirable properties of the HMK, key length, lifetime, so
> > that any mechanism that bootstraps that key can take those properties
> > into consideration.
> >
> > best regards,
> > Lakshminath
> >
> > At 06:22 PM 3/25/2006, Yoshihiro Ohba wrote:
> > >As far as I understand, Sam's concern is not only on application
> > >keying using AMSK but also AAA-assisted application keying in general.
> > >So I am not sure if your suggested remedy really addresses the
> > >concern.  I'd suggest asking Sam's opinon before moving forward.
> > >
> > >Best regards,
> > >Yoshihiro Ohba
> > >
> > >On Sat, Mar 25, 2006 at 05:36:46PM -0800, Lakshminath Dondeti wrote:
> > >> Disclaimer: I work with one of the authors (Vidya) of the
> > >> handover-keys-aaa I-D, although didn't contribute to the draft 
> in anyway.
> > >>
> > >> I just read the parts of the I-D that seem to be contentious and note
> > >> that the reference to AMSKs is merely an example and the HMK can be
> > >> established through other means, say by preprovisioning.
> > >>
> > >> That said, I think it is best to remove Appendix A (I am not sure
> > >> about A.1, that probably should stay and resolved later) as it
> > >> reproduces a key hierarchy and key derivation process that is still
> > >> under active discussion.
> > >>
> > >> regards,
> > >> Lakshminath
> > >>
> > >> At 04:25 PM 3/25/2006, Yoshihiro Ohba wrote:
> > >> >I have a reservation on draft-vidya-mipshop-handover-keys-aaa-01.txt.
> > >> >
> > >> >The draft describes a AAA-assisted key management protocol to generate
> > >> >handover keys for protecting signaling between MN and AR.  I am
> > >> >viewing the proposal as an application keying for FMIPv6 and possibly
> > >> >other protocols.  However, in the IETF65 hoakey BOF, Sam Hartman, a
> > >> >Security AD, raised concern on application keying.  As a consequence,
> > >> >the hoakey BOF chairs made a decision to exclude application keying
> > >> >from the BOF charter, expecting application keying to be discussed in
> > >> >a separate BOF.
> > >> >
> > >> >Thus, it might be wiser to hold this draft until there is a clear
> > >> >consensus on how to deal with application keying in the IETF.
> > >> >
> > >> >Best regards,
> > >> >Yoshihiro Ohba
> > >> >
> > >> >
> > >> >On Tue, Mar 21, 2006 at 11:49:36PM -0800, gabriel montenegro wrote:
> > >> >> Folks,
> > >> >>
> > >> >> In today's meeting we talked about 4 potential items up for
> > >> >adoption as official working
> > >> >> groups. Talking with folks after the meeting, we've decided to
> > >> >add two more to the list
> > >> >> of items we'll ask the WG whether we should adopt. This is the
> > >> >follow-up email to today's
> > >> >> discussion, to make sure we ask this on the mailing list.
> > >> >>
> > >> >> So the question to the WG is: Should we adopt the following
> > >> >documents as official WG
> > >> >> items (based on the individual drafts as noted below)?:
> > >> >>
> > >> >> 1. draft-ietf-mipshop-fmipv6-rev-XX.txt
> > >> >> based on draft-koodli-mipshop-rfc4068bis-00.txt
> > >> >>
> > >> >> 2. draft-ietf-mipshop-handover-keys-aaa-XX.txt
> > >> >> based on  draft-vidya-mipshop-handover-keys-aaa-01.txt
> > >> >>
> > >> >> 3. draft-ietf-mipshop-handover-key-send-XX.txt
> > >> >> based on draft-kempf-mobopts-handover-key-01.txt (currently expired)
> > >> >>
> > >> >> 4. draft-ietf-mipshop-fh80216e-XX.txt
> > >> >> based on draft-jang-mipshop-fh80216e-02.txt
> > >> >>
> > >> >> 5. draft-ietf-mipshop-3gfh-XX.txt
> > >> >> based on draft-yokota-mipshop-3gfh-02.txt
> > >> >>
> > >> >> 6. draft-ietf-mipshop-cga-cba-XX.txt
> > >> >> based on draft-arkko-mipshop-cga-cba-03.txt
> > >> >>
> > >> >> Please send comments one way or another through April 4, 2006.
> > >> >>
> > >> >> Thanks,
> > >> >>
> > >> >> chairs
> > >> >>
> > >> >>
> > >> >> __________________________________________________
> > >> >> Do You Yahoo!?
> > >> >> Tired of spam?  Yahoo! Mail has the best spam protection around
> > >> >> http://mail.yahoo.com
> > >> >>
> > >> >> _______________________________________________
> > >> >> Mipshop mailing list
> > >> >> Mipshop@ietf.org
> > >> >> https://www1.ietf.org/mailman/listinfo/mipshop
> > >> >>
> > >> >
> > >> >_______________________________________________
> > >> >Mipshop mailing list
> > >> >Mipshop@ietf.org
> > >> >https://www1.ietf.org/mailman/listinfo/mipshop
> > >>
> > >>
> >
> >


_______________________________________________
Mipshop mailing list
Mipshop@ietf.org
https://www1.ietf.org/mailman/listinfo/mipshop

v2.23.0 | Report a Bug | By Email