Re: [Pana] I-D Action: draft-yegin-pana-unspecified-addr-05.txt

Yasuyuki Tanaka <yatch@isl.rdc.toshiba.co.jp> Thu, 09 February 2012 05:44 UTC

Return-Path: <yatch@isl.rdc.toshiba.co.jp>
X-Original-To: pana@ietfa.amsl.com
Delivered-To: pana@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC89211E8094 for <pana@ietfa.amsl.com>; Wed, 8 Feb 2012 21:44:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.089
X-Spam-Level:
X-Spam-Status: No, score=-4.089 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_JP=1.244, HOST_EQ_JP=1.265, RCVD_IN_DNSWL_MED=-4, UNPARSEABLE_RELAY=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3hPb6tKn9sYW for <pana@ietfa.amsl.com>; Wed, 8 Feb 2012 21:44:40 -0800 (PST)
Received: from imx2.toshiba.co.jp (inet-tsb5.toshiba.co.jp [202.33.96.24]) by ietfa.amsl.com (Postfix) with ESMTP id 3808911E808D for <pana@ietf.org>; Wed, 8 Feb 2012 21:44:39 -0800 (PST)
Received: from arc1.toshiba.co.jp ([133.199.194.235]) by imx2.toshiba.co.jp with ESMTP id q195icts018077 for <pana@ietf.org>; Thu, 9 Feb 2012 14:44:38 +0900 (JST)
Received: (from root@localhost) by arc1.toshiba.co.jp id q195icBG001701 for pana@ietf.org; Thu, 9 Feb 2012 14:44:38 +0900 (JST)
Received: from unknown [133.199.192.144] by arc1.toshiba.co.jp with ESMTP id QAA01700; Thu, 9 Feb 2012 14:44:38 +0900
Received: from mx.toshiba.co.jp (localhost [127.0.0.1]) by ovp2.toshiba.co.jp with ESMTP id q195icw2022123 for <pana@ietf.org>; Thu, 9 Feb 2012 14:44:38 +0900 (JST)
Received: from spiffy21.isl.rdc.toshiba.co.jp by toshiba.co.jp id q195iU5G028815; Thu, 9 Feb 2012 14:44:30 +0900 (JST)
Received: from [133.196.16.71] (ncg-dhcp71.isl.rdc.toshiba.co.jp [133.196.16.71]) by spiffy21.isl.rdc.toshiba.co.jp (Postfix) with ESMTPS id 9071C97CA6; Thu, 9 Feb 2012 14:44:37 +0900 (JST)
Message-ID: <4F335D45.7040404@isl.rdc.toshiba.co.jp>
Date: Thu, 09 Feb 2012 14:44:37 +0900
From: Yasuyuki Tanaka <yatch@isl.rdc.toshiba.co.jp>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:9.0) Gecko/20111222 Thunderbird/9.0.1
MIME-Version: 1.0
To: pana@ietf.org
References: <20111216133844.32034.20748.idtracker@ietfa.amsl.com> <35748338-4BE5-40AD-96C4-EAE501162372@yegin.org> <DB9259A8-E3E1-4A92-805D-1C8A21D03D44@um.es> <4025A151-3A1E-431F-8DB9-798EE717E2FA@yegin.org> <B0A66B63-E291-4704-9BE4-1B4345BC475C@um.es>
In-Reply-To: <B0A66B63-E291-4704-9BE4-1B4345BC475C@um.es>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [Pana] I-D Action: draft-yegin-pana-unspecified-addr-05.txt
X-BeenThere: pana@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Protocol for carrying Authentication for Network Access <pana.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pana>, <mailto:pana-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pana>
List-Post: <mailto:pana@ietf.org>
List-Help: <mailto:pana-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pana>, <mailto:pana-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Feb 2012 05:44:41 -0000

Hi all,

I have four comments about the draft. I put them at the bottom of
this mail. Please see them.

Best,
Yasuyuki Tanaka

---------------------------------------------------------------------

(1) Page 4, Paragraph 1
It would be helpful to add text about the source port number and the
destination port number of the PCI as below.

[edited]
   Step 1: The PaC initiates PANA by sending a broadcasted PCI carrying
   a Token AVP that contains a random value generated by the PaC.

! The source IPv4 address of the PCI is set to 0.0.0.0. The source
! port number is chosen by the PaC. The destination IPv4 address is
! set to 255.255.255.255. The destination port number is the PANA port
! number (716).

[original]
   Step 1: The PaC initiates PANA by sending a broadcasted PCI carrying
   a Token AVP that contains a random value generated by the PaC.

   The source IPv4 address of the PCI is set to 0.0.0.0.  The
   destination IPv4 address is set to 255.255.255.255.

---------------------------------------------------------------------

(2) Figure 1, Page 4

If the PAA want to initiate re-authentication, PAA have to know PaC's
IPv4 address which is configured by DHCP.

It would be better that Figure 1 has messages related to "PaC Updating
Its IP Address" described in Section 5.6, RFC 5191.

[Section 5.6. in RFC 5191]
   After the PaC has changed its IP address used for PANA, it MUST send
   any valid PANA message.  If the message that carries the new PaC IP
   address in the Source Address field of the IP header is valid, the
   PAA MUST update the PANA session with the new PaC address.  If there
   is an established PANA SA, the message MUST be protected with an
   AUTH AVP.
---------------------------------------------------------------------

(3) Page 6, Paragraph 3

I have no idea which PAR should have 'I' bit. Every PAR sent by
PAA should have 'I' bit? Or, only a PAR with 'C' bit should have
'I' bit? (I think the latter is preferable.)

I've referred to RFC 5191, but I've not found the answer.

[original]
   The PAA SHALL set the 'I' (IP Reconfiguration) bit of PAR messages
   in authentication and authorization phase so that the PaC proceeds
   to IP address configuration.

---------------------------------------------------------------------

(4) Page 6, Paragraph 7
I don't think that the description about the size of the largest PANA
is correct. This is because the initial PAR could have multiple
Integrity-Algorithm AVPs and PRF-Algorithm AVPs. This specification is
described in Section 4.1, RFC 5191.

[Section 4.1. in RFC 5191]
    the PAA sends the initial PANA-Auth-Request carrying one or more
    PRF-Algorithm AVPs and one or more Integrity-Algorithm AVPs for the
    PRF and integrity algorithms supported by it, respectively.

In my understanding, it is sufficient to consider a PANA Message which
has only one EAP-Payload AVP for "Message Size Considerations". In
other words, the minimum PANA MTU size is equivalent to the size of a
PANA message which has only one EAP-Payload AVP.

---------------------------------------------------------------------