Re: [Nea] Consensus check on EAP-based PT
Joe Salowey <jsalowey@cisco.com> Wed, 03 August 2011 20:57 UTC
Return-Path: <jsalowey@cisco.com>
X-Original-To: nea@ietfa.amsl.com
Delivered-To: nea@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4DE7211E8092 for <nea@ietfa.amsl.com>; Wed, 3 Aug 2011 13:57:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -104.417
X-Spam-Level:
X-Spam-Status: No, score=-104.417 tagged_above=-999 required=5 tests=[AWL=-1.818, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HXsRfemUBSIQ for <nea@ietfa.amsl.com>; Wed, 3 Aug 2011 13:57:00 -0700 (PDT)
Received: from rcdn-iport-2.cisco.com (rcdn-iport-2.cisco.com [173.37.86.73]) by ietfa.amsl.com (Postfix) with ESMTP id 7301911E807C for <nea@ietf.org>; Wed, 3 Aug 2011 13:57:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=jsalowey@cisco.com; l=3615; q=dns/txt; s=iport; t=1312405033; x=1313614633; h=subject:mime-version:from:in-reply-to:date:cc: content-transfer-encoding:message-id:references:to; bh=Pvft8cCs0eTp+3Lz+zN9wSk0G2Z4Oxyal92o03haZ5I=; b=jyk2LPfcTPhua6KtzwDlecEkZgTKwYAf3loW4uO/bWHRXmZgxUCPMlt8 yezcvkYtD5o8FT4/W2l2BcI4Csdhzl5sDlNES7IFPrtDIZH2EXMrBxARA LTPEfQ9lqSrjcF5kbNQ1Ab6lP997cPf1yr34akqU9hiExRcq4+yjOxMWd s=;
X-IronPort-AV: E=Sophos;i="4.67,312,1309737600"; d="scan'208";a="9409283"
Received: from mtv-core-2.cisco.com ([171.68.58.7]) by rcdn-iport-2.cisco.com with ESMTP; 03 Aug 2011 20:57:13 +0000
Received: from [10.33.249.202] ([10.33.249.202]) by mtv-core-2.cisco.com (8.14.3/8.14.3) with ESMTP id p73KvCrh023577; Wed, 3 Aug 2011 20:57:12 GMT
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset="us-ascii"
From: Joe Salowey <jsalowey@cisco.com>
In-Reply-To: <6065F7697E427240893C1B5CF41828967EF7D4@XMB-RCD-111.cisco.com>
Date: Wed, 03 Aug 2011 13:57:06 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <694CBCE8-01AA-4350-8D9C-6A6DE9F3C35B@cisco.com>
References: <6065F7697E427240893C1B5CF41828967EF7D4@XMB-RCD-111.cisco.com>
To: Susan Thomson <sethomso@cisco.com>
X-Mailer: Apple Mail (2.1084)
Cc: nea@ietf.org
Subject: Re: [Nea] Consensus check on EAP-based PT
X-BeenThere: nea@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Network Endpoint Assessment discussion list <nea.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nea>, <mailto:nea-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/nea>
List-Post: <mailto:nea@ietf.org>
List-Help: <mailto:nea-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nea>, <mailto:nea-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Aug 2011 20:57:01 -0000
I prefer the TLV based approach. The EAP based approach creates an anomalous EAP method whose behavior must be accommodated for in EAP and AAA implementations as a special case. While much of the complexity can be hidden within a tunnel method, the tunnel method itself will need to deal with the oddities resulting from trying to fit a method whose goal is not authentication into an authentication framework. It addition, it seems there is an intention to expose PT-EAP outside the tunnel method, which exposes the special case treatment outside of the tunnel method. The fact that implementations have worked around some of these issues does not justify creating a standard around these exceptions to the architecture. If we do go down the path of PT-EAP then the exceptions to the EAP framework need to be documented, the method should only be allowed within a tunnel method and I think there should be a recommendation against creating more special case EAP methods for other purposes. The later should also be part of the EAP applicability statement update. Cheers, Joe On Aug 2, 2011, at 2:04 PM, Susan Thomson (sethomso) wrote: > At IETF81 and several prior IETF meetings, as well as on the mailing > list, the WG has evaluated the pros and cons of 2 architectural > approaches to carrying posture within an EAP tunnel method: > > - EAP method > http://www.ietf.org/internet-drafts/draft-hanna-nea-pt-eap-01.txt > > - EAP TLV. > http://www.ietf.org/internet-drafts/draft-cam-winget-eap-tlv-03.txt > > So far, there has been no WG consensus to adopt one architecture versus > the other. (At the recent F2F meeting in Quebec City, the consensus > check at the meeting showed an equal number in favor of each approach.) > > This email is a final call to determine WG consensus on the L2 PT > approach. > > The consensus check is to choose one of the following 3 options: > 1) PT-EAP approach > 2) NEA-TLV approach > 3) Neither (please state the reason if you choose this option) > > Please respond to the above question by Tues Aug 16 at 5pm PT. Please do > so even if you have already expressed your opinion, either at a WG > meeting or on the mailing list. The answer can be as brief as selecting > option 1), 2) or 3). If you would like to add your reasons for your > choice, that would be appreciated too, especially if you choose option > 3). > > If we have consensus on the mailing list, we will adopt the selected > approach. > > If we still do not have consensus, the WG chairs and AD (Stephen > Farrell) have agreed that the AD will make a decision. The proponents of > both approaches have agreed to abide by this decision. This resolution > plan was discussed at the F2F meeting at IETF81. This plan was also > communicated to the list in an email on Jun 30, 2011. No objections have > been received. > > In either case, the individual submission corresponding to the selected > approach will be adopted as a -00 NEA WG I-D, and we will proceed with > the normal process of editing the document within the WG. > > Thanks > Susan > > ------------------ > References: > IETF81 audio session (start at approx 44 mins into session): > http://www.ietf.org/audio/ietf81/ietf81-2103-20110727-1256-pm.mp3 > > IETF81 draft meeting minutes: > http://tools.ietf.org/wg/nea/minutes > > _______________________________________________ > Nea mailing list > Nea@ietf.org > https://www.ietf.org/mailman/listinfo/nea
- [Nea] Consensus check on EAP-based PT Susan Thomson (sethomso)
- Re: [Nea] Consensus check on EAP-based PT Ira McDonald
- Re: [Nea] Consensus check on EAP-based PT Stephen Hanna
- Re: [Nea] Consensus check on EAP-based PT Sanchez, Mauricio (HP Networking)
- Re: [Nea] Consensus check on EAP-based PT Hao Zhou
- Re: [Nea] Consensus check on EAP-based PT Frank Yeh Jr
- Re: [Nea] Consensus check on EAP-based PT Alan DeKok
- Re: [Nea] Consensus check on EAP-based PT Andreas Steffen
- Re: [Nea] Consensus check on EAP-based PT Joe Salowey
- Re: [Nea] Consensus check on EAP-based PT Klaas Wierenga
- Re: [Nea] Consensus check on EAP-based PT Lisa Lorenzin
- Re: [Nea] Consensus check on EAP-based PT Marc Linsner
- [Nea] Protecting L2 PT when proxying Stephen Hanna
- Re: [Nea] Consensus check on EAP-based PT Mike Fratto
- Re: [Nea] Consensus check on EAP-based PT john.willis
- Re: [Nea] Protecting L2 PT when proxying Joe Salowey
- Re: [Nea] Consensus check on EAP-based PT Joe Salowey
- Re: [Nea] Consensus check on EAP-based PT Jouni Malinen
- Re: [Nea] Protecting L2 PT when proxying Stephen Hanna
- Re: [Nea] Consensus check on EAP-based PT Nancy Cam-Winget
- Re: [Nea] Protecting L2 PT when proxying Joe Salowey
- Re: [Nea] Consensus check on EAP-based PT latze@angry-red-pla.net
- Re: [Nea] Protecting L2 PT when proxying Stephen Hanna
- Re: [Nea] Protecting L2 PT when proxying Mike Fratto
- Re: [Nea] Protecting L2 PT when proxying Joe Salowey
- Re: [Nea] Consensus check on EAP-based PT kaushik narayan
- Re: [Nea] Consensus check on EAP-based PT Paul Sangster
- Re: [Nea] Consensus check on EAP-based PT Stephen McCann