Re: [Pana] IESG discussions on draft-ohba-pana-relay
"Alper Yegin" <alper.yegin@yegin.org> Fri, 24 June 2011 09:29 UTC
Return-Path: <alper.yegin@yegin.org>
X-Original-To: pana@ietfa.amsl.com
Delivered-To: pana@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EE5EE21F854C for <pana@ietfa.amsl.com>; Fri, 24 Jun 2011 02:29:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.15
X-Spam-Level:
X-Spam-Status: No, score=-101.15 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, MSGID_MULTIPLE_AT=1.449, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7wyysWIEJyC4 for <pana@ietfa.amsl.com>; Fri, 24 Jun 2011 02:29:13 -0700 (PDT)
Received: from mout.perfora.net (mout.perfora.net [74.208.4.194]) by ietfa.amsl.com (Postfix) with ESMTP id 7C07221F854A for <pana@ietf.org>; Fri, 24 Jun 2011 02:29:13 -0700 (PDT)
Received: from ibm (dsl88-247-34762.ttnet.net.tr [88.247.135.202]) by mrelay.perfora.net (node=mrus1) with ESMTP (Nemesis) id 0MPF2u-1QeQPM3aEq-004oeq; Fri, 24 Jun 2011 05:29:08 -0400
From: Alper Yegin <alper.yegin@yegin.org>
To: 'Carsten Bormann' <cabo@tzi.org>
References: <4DF04217.3080304@toshiba.co.jp> <6491375641982933760@unknownmsgid> <BANLkTinVZ2Bvd6A+znQTiB7X-P6XXh3Cow@mail.gmail.com> <4E037743.2060602@gridmerge.com> <4E037A9D.8080200@piuha.net> <021a01cc3246$0b890390$229b0ab0$@yegin@yegin.org> <E42296DA-CE9A-408C-AF9C-D2F5A3AD3AFE@tzi.org>
In-Reply-To: <E42296DA-CE9A-408C-AF9C-D2F5A3AD3AFE@tzi.org>
Date: Fri, 24 Jun 2011 12:28:48 +0300
Message-ID: <027601cc3251$25ba06f0$712e14d0$@yegin>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: AcwyTC69x8mAZjI7RC+CPJltAZf4OAABFcgQ
Content-Language: en-us
X-Provags-ID: V02:K0:IpDFK+FvcbHZK+rwsPIjRywlHCnZXTd03MapoL0pbAn CnTMvV4HuIafYwAYPWCl4zDy35j0fyMg2OFFRs/w6rC9GVwZbh eg6WWT0wxi4jJ6YFiMOHZTbgAXWzNf7y6yzh/2hImEhgjILTCf mbr1YprP97PYTy8TVMyJr78knzGTvt60Wo6pzAh20SOa1pvKjQ R/fRRAJ1hriUxSIJ0M4Gim8EGnVWF8eoIkoxUWUhB0=
Cc: draft-ohba-pana-relay@tools.ietf.org, 'Stephen Farrell' <stephen.farrell@cs.tcd.ie>, pana@ietf.org
Subject: Re: [Pana] IESG discussions on draft-ohba-pana-relay
X-BeenThere: pana@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Protocol for carrying Authentication for Network Access <pana.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pana>, <mailto:pana-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pana>
List-Post: <mailto:pana@ietf.org>
List-Help: <mailto:pana-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pana>, <mailto:pana-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Jun 2011 09:29:14 -0000
Carsten, Section 6. Security Considerations talks about the threats, some of which are already handled by the base EAP/PANA design. Other threats that are relevant to introduction of the PRE, they are described and the PRE-PAA security is pointed accordingly. Alper > -----Original Message----- > From: Carsten Bormann [mailto:cabo@tzi.org] > Sent: Friday, June 24, 2011 11:52 AM > To: Alper Yegin > Cc: 'Jari Arkko'; 'Yoshihiro Ohba'; pana@ietf.org; draft-ohba-pana- > relay@tools.ietf.org; 'Stephen Farrell' > Subject: Re: [Pana] IESG discussions on draft-ohba-pana-relay > > On Jun 24, 2011, at 10:09, Alper Yegin wrote: > > > PRE/PAA security is OPTIONAL since PANA messages are designed to be > > used in untrusted networks, but if cryptographic mechanism is > > supported, it SHOULD be IPsec. When the device characteristics > preclude > > support for IPsec, an alternative mechanism such as DTLS [REF], or > > link-layer cryptographic security, etc. may be used instead. This > section > > describes how IPsec [RFC4301] can be used for securing the PANA relay > > messages. > > It would be useful to be very explicit what the objectives for this > "PRE/PAA security" might be. > Section 6 seems to suggest there is no real need for this at all (but > then nebulously talks about "residual risks"). > So, unless we say what this is good for, it is hard to assess whether > the "PRE/PAA security" is actually meeting those objectives. > (E.g., if the purpose is DoS mitigation, a security scheme that is as > susceptible to DoS attacks as the PAA itself, isn't that useful.) > > Gruesse, Carsten
- [Pana] Fwd: [IANA #454490] Last Call: <draft-ohba… Yoshihiro Ohba
- Re: [Pana] Fwd: [IANA #454490] Last Call: <draft-… Alper Yegin
- Re: [Pana] Fwd: [IANA #454490] Last Call: <draft-… Yoshihiro Ohba
- Re: [Pana] Fwd: [IANA #454490] Last Call: <draft-… Ralph Droms
- Re: [Pana] Fwd: [IANA #454490] Last Call: <draft-… Yoshihiro Ohba
- [Pana] IESG discussions on draft-ohba-pana-relay Jari Arkko
- Re: [Pana] IESG discussions on draft-ohba-pana-re… Yoshihiro Ohba
- Re: [Pana] Fwd: [IANA #454490] Last Call: <draft-… Yoshihiro Ohba
- Re: [Pana] IESG discussions on draft-ohba-pana-re… Glen Zorn
- Re: [Pana] Fwd: [IANA #454490] Last Call: <draft-… Alper Yegin
- Re: [Pana] IESG discussions on draft-ohba-pana-re… Alper Yegin
- Re: [Pana] IESG discussions on draft-ohba-pana-re… Alper Yegin
- Re: [Pana] IESG discussions on draft-ohba-pana-re… Jari Arkko
- Re: [Pana] IESG discussions on draft-ohba-pana-re… Jari Arkko