RE: [netlmm] Issue: Auth Option support

"Sri Gundavelli" <sgundave@cisco.com> Wed, 08 August 2007 01:29 UTC

Return-path: <netlmm-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IIaMa-0003Zw-EI; Tue, 07 Aug 2007 21:29:28 -0400
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IIaMZ-0003Zi-4j for netlmm@ietf.org; Tue, 07 Aug 2007 21:29:27 -0400
Received: from sj-iport-6.cisco.com ([171.71.176.117]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1IIaMY-0007PE-NY for netlmm@ietf.org; Tue, 07 Aug 2007 21:29:27 -0400
Received: from sj-dkim-4.cisco.com ([171.71.179.196]) by sj-iport-6.cisco.com with ESMTP; 07 Aug 2007 18:29:26 -0700
X-IronPort-AV: i="4.19,233,1183359600"; d="scan'208"; a="196122939:sNHT47628180"
Received: from sj-core-5.cisco.com (sj-core-5.cisco.com [171.71.177.238]) by sj-dkim-4.cisco.com (8.12.11/8.12.11) with ESMTP id l781TQmW004545; Tue, 7 Aug 2007 18:29:26 -0700
Received: from xbh-sjc-231.amer.cisco.com (xbh-sjc-231.cisco.com [128.107.191.100]) by sj-core-5.cisco.com (8.12.10/8.12.6) with ESMTP id l781TQiF020617; Wed, 8 Aug 2007 01:29:26 GMT
Received: from xfe-sjc-211.amer.cisco.com ([171.70.151.174]) by xbh-sjc-231.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 7 Aug 2007 18:29:26 -0700
Received: from sgundavewxp ([10.21.66.200]) by xfe-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 7 Aug 2007 18:29:25 -0700
From: Sri Gundavelli <sgundave@cisco.com>
To: 'Alper Yegin' <alper.yegin@yegin.org>, netlmm@ietf.org
References: <Pine.GSO.4.63.0708070000100.13701@irp-view13.cisco.com> <0MKp8S-1IIKcu1WNe-0005rE@mrelay.perfora.net>
Subject: RE: [netlmm] Issue: Auth Option support
Date: Tue, 07 Aug 2007 18:29:22 -0700
Message-ID: <01d301c7d95b$8e18a6a0$c842150a@amer.cisco.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
In-Reply-To: <0MKp8S-1IIKcu1WNe-0005rE@mrelay.perfora.net>
X-Mimeole: Produced By Microsoft MimeOLE V6.00.2900.3138
Thread-Index: AcfYwQ6voKS1c0EASayvJIq8ADkrlQADOAAgACMxseA=
X-OriginalArrivalTime: 08 Aug 2007 01:29:25.0451 (UTC) FILETIME=[8E3619B0:01C7D95B]
DKIM-Signature: v=0.5; a=rsa-sha256; q=dns/txt; l=1687; t=1186536566; x=1187400566; c=relaxed/simple; s=sjdkim4002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=sgundave@cisco.com; z=From:=20=22Sri=20Gundavelli=22=20<sgundave@cisco.com> |Subject:=20RE=3A=20[netlmm]=20Issue=3A=20Auth=20Option=20support |Sender:=20; bh=bephZHMzTtFYBMc1sExt+zRN6DFNbVtUG9N45sdMhnY=; b=BHbiYQOLXJbOCJ9G20VrRYXf+loq13SNMnZPR6FSQLL5qYVjR63AcdPXerILAmfPqXvYiUpW AmgRbZl24zMw3r1RFZGlNVUCWE2MgPhMCJI1Fnc6JKel9uOAoOW7T0ux;
Authentication-Results: sj-dkim-4; header.From=sgundave@cisco.com; dkim=pass ( sig from cisco.com/sjdkim4002 verified; );
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 4d87d2aa806f79fed918a62e834505ca
Cc:
X-BeenThere: netlmm@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: NETLMM working group discussion list <netlmm.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/netlmm>, <mailto:netlmm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/netlmm>
List-Post: <mailto:netlmm@ietf.org>
List-Help: <mailto:netlmm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/netlmm>, <mailto:netlmm-request@ietf.org?subject=subscribe>
Errors-To: netlmm-bounces@ietf.org

Hi Alper,
 

> -----Original Message-----
> From: Alper Yegin [mailto:alper.yegin@yegin.org] 
> Sent: Tuesday, August 07, 2007 1:41 AM
> To: 'Sri Gundavelli'; netlmm@ietf.org
> Subject: RE: [netlmm] Issue: Auth Option support
> 
> > The issue was related to the use of MUST clause in specifying
> > the IPSec requirement for Proxy Mobile IPv6 protocol. Alper
> > was suggesting that we relax that requirement and potentially
> > leave a room for Auth Option support in future.
> 
> Actually, I didn't mean it specifically for Auth Option. It 
> can be anything.
> Given that the security is handled by a separate protocol, 
> why lock it down
> to "IPsec", when some other protocol (Auth Option being one 
> example) cannot
> be used.
> 
> > But, as most people agreed and as supported by Jari, this can
> 
> My understanding was the opposite, especially about Jari's statement.
> 

Ok. May be I misread the conclusion. I will let other clarify the
summary of the discussion on this topic in chicago. 


> > always be changed in future when the support for new security
> > mechanisms such as Auth Option are defined for Proxy Mobile IPv6
> > and that specific document can always modify this requirement.
> > So, no changes will be made to the document on this issue.
> 
> What if Auth Option is good enough as written?
> What if a document in another SDO defines the alternative security
> mechanism?
> 
> For the type of interop we are seeking in IETF, "MUST 
> implement" is good
> enough. "MUST use" is not necessary.
> 

Ok. I'm fine either way. I will let others clarify the consensus
and we will document the same.


Thanks
Sri


_______________________________________________
netlmm mailing list
netlmm@ietf.org
https://www1.ietf.org/mailman/listinfo/netlmm