Re: [Pana] I-D Action: draft-yegin-pana-unspecified-addr-05.txt
Alper Yegin <alper.yegin@yegin.org> Fri, 10 February 2012 06:34 UTC
Return-Path: <alper.yegin@yegin.org>
X-Original-To: pana@ietfa.amsl.com
Delivered-To: pana@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CDBA911E8088 for <pana@ietfa.amsl.com>; Thu, 9 Feb 2012 22:34:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.366
X-Spam-Level:
X-Spam-Status: No, score=-102.366 tagged_above=-999 required=5 tests=[AWL=0.233, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SGDx83j2XWNu for <pana@ietfa.amsl.com>; Thu, 9 Feb 2012 22:34:14 -0800 (PST)
Received: from mout.perfora.net (mout.perfora.net [74.208.4.194]) by ietfa.amsl.com (Postfix) with ESMTP id D4F4511E8075 for <pana@ietf.org>; Thu, 9 Feb 2012 22:34:13 -0800 (PST)
Received: from [192.168.2.3] (88.247.135.202.static.ttnet.com.tr [88.247.135.202]) by mrelay.perfora.net (node=mrus4) with ESMTP (Nemesis) id 0ML6iX-1Rw1Am0ZA9-000urr; Fri, 10 Feb 2012 01:34:12 -0500
Mime-Version: 1.0 (Apple Message framework v1257)
Content-Type: text/plain; charset="us-ascii"
From: Alper Yegin <alper.yegin@yegin.org>
In-Reply-To: <4F340FE0.2090308@toshiba.co.jp>
Date: Fri, 10 Feb 2012 08:34:08 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <60E5034E-55F4-473C-801E-F9174771C7C7@yegin.org>
References: <20111216133844.32034.20748.idtracker@ietfa.amsl.com> <35748338-4BE5-40AD-96C4-EAE501162372@yegin.org> <DB9259A8-E3E1-4A92-805D-1C8A21D03D44@um.es> <4025A151-3A1E-431F-8DB9-798EE717E2FA@yegin.org> <B0A66B63-E291-4704-9BE4-1B4345BC475C@um.es> <4F335D45.7040404@isl.rdc.toshiba.co.jp> <3882200C-6C19-4775-9BFA-E3ADC9CC2829@yegin.org> <4F33B1F5.2010607@isl.rdc.toshiba.co.jp> <2A30F62A-241D-4261-8BFD-572F6714A52A@yegin.org> <4F340FE0.2090308@toshiba.co.jp>
To: Yoshihiro Ohba <yoshihiro.ohba@toshiba.co.jp>
X-Mailer: Apple Mail (2.1257)
X-Provags-ID: V02:K0:g5oxYtk8vxLIgsJF6WaKAObPPQRiM8C3yB9qRas1tRh Pfnfpgh66BK3DWJbCM1Ehox3U4mbekxph3X8sNUPIlTScTGNBy bKtY2XOyE1Q2vPYDCDOx7kpUNGlBA4OuEBy1jBRId8ZZoHhTb8 anDlrrVZ0t6+e7Us533zHTcFyvGJp1ZwhzVfED44nU6v3aFFkY 660QbP0sVo1zTbEYrdCeYBYtjUZ0Oge3Kt2IICbbJNV5U8xRdm EylbF1qc/dhuafMmSWLdhdMiRrU69FLLAC0V8pCeJuAh3X+v3N 7ROFPCWnyKDdwDwrNTYHu+44w4YWbBqKIg9vmNrRK10YrzJl9R 4lpZ2L0oJr8wa/sqAd02os55NmbJMYmsIm0JhPKUSFWvQEC7Rz Vs17PRTqZ0+FQ==
Cc: pana@ietf.org
Subject: Re: [Pana] I-D Action: draft-yegin-pana-unspecified-addr-05.txt
X-BeenThere: pana@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Protocol for carrying Authentication for Network Access <pana.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pana>, <mailto:pana-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pana>
List-Post: <mailto:pana@ietf.org>
List-Help: <mailto:pana-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pana>, <mailto:pana-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Feb 2012 06:34:14 -0000
>> Right. >> >> Nevertheless, the max message would be reached with the EAP-carrying PAR messages, like you say. >> >> Even though there is not limit on the number of *-Algorithms, it'd be a reasonable number not to cause the message going beyond an EAP-carrying PAR message in size. >> > > > In that logic, the max message would be a PAR in re-authentication > phase where an EAP-Paylaod AVP carrying an EAP method and additionally > an AUTH AVP. > I think you are right. Alper > Yoshihiro Ohba > >> Alper >> >> >> >>> [Figure 4, RFC 5191] >>> The table uses the following symbols: >>> >>> 0 The AVP MUST NOT be present in the message. >>> >>> 0-1 Zero or one instance of the AVP MAY be present in the message. >>> It is considered an error if there is more than one instance of >>> the AVP. >>> >>> 1 One instance of the AVP MUST be present in the message. >>> >>> 0+ Zero or more instances of the AVP MAY be present in the >>> message. >>> >>> +---------------------------+ >>> | Message Type | >>> +---+---+---+---+---+---+---+ >>> Attribute Name |PCI|PAR|PAN|PTR|PTA|PNR|PNA| >>> ----------------------+---+---+---+---+---+---+---+ >>> AUTH | 0 |0-1|0-1|0-1|0-1|0-1|0-1| >>> EAP-Payload | 0 |0-1|0-1| 0 | 0 | 0 | 0 | >>> Integrity-Algorithm | 0 |0+ |0-1| 0 | 0 | 0 | 0 | >>> Key-Id | 0 |0-1|0-1| 0 | 0 | 0 | 0 | >>> Nonce | 0 |0-1|0-1| 0 | 0 | 0 | 0 | >>> PRF-Algorithm | 0 |0+ |0-1| 0 | 0 | 0 | 0 | >>> Result-Code | 0 |0-1| 0 | 0 | 0 | 0 | 0 | >>> Session-Lifetime | 0 |0-1| 0 | 0 | 0 | 0 | 0 | >>> Termination-Cause | 0 | 0 | 0 | 1 | 0 | 0 | 0 | >>> ----------------------+---+---+---+---+---+---+---+ >>> >>> Figure 4: AVP Occurrence Table >>> >>> Best, >>> Yasuyuki Tanaka >>> >>> (2012/02/09 18:11), Alper Yegin wrote: >>>> Hello, >>>> >>>> Thank you for the review and feedback. >>>> >>>> On Feb 9, 2012, at 7:44 AM, Yasuyuki Tanaka wrote: >>>> >>>>> Hi all, >>>>> >>>>> I have four comments about the draft. I put them at the bottom of >>>>> this mail. Please see them. >>>>> >>>>> Best, >>>>> Yasuyuki Tanaka >>>>> >>>>> --------------------------------------------------------------------- >>>>> >>>>> (1) Page 4, Paragraph 1 >>>>> It would be helpful to add text about the source port number and the >>>>> destination port number of the PCI as below. >>>>> >>>>> [edited] >>>>> Step 1: The PaC initiates PANA by sending a broadcasted PCI carrying >>>>> a Token AVP that contains a random value generated by the PaC. >>>>> >>>>> ! The source IPv4 address of the PCI is set to 0.0.0.0. The source >>>>> ! port number is chosen by the PaC. The destination IPv4 address is >>>>> ! set to 255.255.255.255. The destination port number is the PANA port >>>>> ! number (716). >>>>> >>>>> [original] >>>>> Step 1: The PaC initiates PANA by sending a broadcasted PCI carrying >>>>> a Token AVP that contains a random value generated by the PaC. >>>>> >>>>> The source IPv4 address of the PCI is set to 0.0.0.0. The >>>>> destination IPv4 address is set to 255.255.255.255. >>>>> >>>> >>>> >>>> OK. >>>> >>>>> --------------------------------------------------------------------- >>>>> >>>>> (2) Figure 1, Page 4 >>>>> >>>>> If the PAA want to initiate re-authentication, PAA have to know PaC's >>>>> IPv4 address which is configured by DHCP. >>>>> >>>>> It would be better that Figure 1 has messages related to "PaC Updating >>>>> Its IP Address" described in Section 5.6, RFC 5191. >>>>> >>>>> [Section 5.6. in RFC 5191] >>>>> After the PaC has changed its IP address used for PANA, it MUST send >>>>> any valid PANA message. If the message that carries the new PaC IP >>>>> address in the Source Address field of the IP header is valid, the >>>>> PAA MUST update the PANA session with the new PaC address. If there >>>>> is an established PANA SA, the message MUST be protected with an >>>>> AUTH AVP. >>>> >>>> >>>> Let us consider that. >>>> >>>>> --------------------------------------------------------------------- >>>>> >>>>> (3) Page 6, Paragraph 3 >>>>> >>>>> I have no idea which PAR should have 'I' bit. Every PAR sent by >>>>> PAA should have 'I' bit? Or, only a PAR with 'C' bit should have >>>>> 'I' bit? (I think the latter is preferable.) >>>>> >>>>> I've referred to RFC 5191, but I've not found the answer. >>>>> >>>> >>>> I think this is an ambiguity with the RFC 5191. PAR with 'C' bit makes sense. >>>> >>>> >>>>> [original] >>>>> The PAA SHALL set the 'I' (IP Reconfiguration) bit of PAR messages >>>>> in authentication and authorization phase so that the PaC proceeds >>>>> to IP address configuration. >>>>> >>>>> --------------------------------------------------------------------- >>>>> >>>>> (4) Page 6, Paragraph 7 >>>>> I don't think that the description about the size of the largest PANA >>>>> is correct. This is because the initial PAR could have multiple >>>>> Integrity-Algorithm AVPs and PRF-Algorithm AVPs. This specification is >>>>> described in Section 4.1, RFC 5191. >>>>> >>>>> [Section 4.1. in RFC 5191] >>>>> the PAA sends the initial PANA-Auth-Request carrying one or more >>>>> PRF-Algorithm AVPs and one or more Integrity-Algorithm AVPs for the >>>>> PRF and integrity algorithms supported by it, respectively. >>>>> >>>>> In my understanding, it is sufficient to consider a PANA Message which >>>>> has only one EAP-Payload AVP for "Message Size Considerations". In >>>>> other words, the minimum PANA MTU size is equivalent to the size of a >>>>> PANA message which has only one EAP-Payload AVP. >>>>> >>>> >>>> >>>> We are trying to find the the size of the largest PANA message. >>>> The largest PANA message is possibly not the very first PAR from the PAA (unlike the current draft states). >>>> Such a PAR can be carrying a EAP-Request/Identity, hence not really be caring a minimum EAP MTU size. >>>> A subsequent PAR can be carrying that (and it'd not have the Integrity-Algorithm, PRF-Algorithm, and Token AVPs). >>>> >>>> Are you using the same reasoning for your above suggestion? >>>> >>>> Alper >>>> >>>> >>>> >>>>> --------------------------------------------------------------------- >>>>> >>>>> >>>>> _______________________________________________ >>>>> Pana mailing list >>>>> Pana@ietf.org >>>>> https://www.ietf.org/mailman/listinfo/pana >>>> >>> >> >> _______________________________________________ >> Pana mailing list >> Pana@ietf.org >> https://www.ietf.org/mailman/listinfo/pana >> > > _______________________________________________ > Pana mailing list > Pana@ietf.org > https://www.ietf.org/mailman/listinfo/pana
- [Pana] Fwd: I-D Action: draft-yegin-pana-unspecif… Alper Yegin
- Re: [Pana] I-D Action: draft-yegin-pana-unspecifi… Rafa Marin Lopez
- Re: [Pana] I-D Action: draft-yegin-pana-unspecifi… Alper Yegin
- Re: [Pana] I-D Action: draft-yegin-pana-unspecifi… Rafa Marin Lopez
- Re: [Pana] I-D Action: draft-yegin-pana-unspecifi… Yasuyuki Tanaka
- Re: [Pana] I-D Action: draft-yegin-pana-unspecifi… Alper Yegin
- Re: [Pana] I-D Action: draft-yegin-pana-unspecifi… Yasuyuki Tanaka
- Re: [Pana] I-D Action: draft-yegin-pana-unspecifi… Alper Yegin
- Re: [Pana] I-D Action: draft-yegin-pana-unspecifi… Yoshihiro Ohba
- Re: [Pana] I-D Action: draft-yegin-pana-unspecifi… Alper Yegin
- Re: [Pana] I-D Action: draft-yegin-pana-unspecifi… Yoshihiro Ohba
- [Pana] Fwd: Re: I-D Action: draft-yegin-pana-unsp… Yoshihiro Ohba
- Re: [Pana] Fwd: Re: I-D Action: draft-yegin-pana-… Yoshihiro Ohba
- Re: [Pana] I-D Action: draft-yegin-pana-unspecifi… Alper Yegin