Re: [Pana] IESG discussions on draft-ohba-pana-relay

Yoshihiro Ohba <yoshihiro.ohba@toshiba.co.jp> Thu, 23 June 2011 22:44 UTC

Return-Path: <yoshihiro.ohba@toshiba.co.jp>
X-Original-To: pana@ietfa.amsl.com
Delivered-To: pana@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 76C3711E8084 for <pana@ietfa.amsl.com>; Thu, 23 Jun 2011 15:44:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.089
X-Spam-Level:
X-Spam-Status: No, score=-4.089 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_JP=1.244, HOST_EQ_JP=1.265, RCVD_IN_DNSWL_MED=-4, UNPARSEABLE_RELAY=0.001]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nMba3uBv6p8g for <pana@ietfa.amsl.com>; Thu, 23 Jun 2011 15:44:47 -0700 (PDT)
Received: from imx12.toshiba.co.jp (imx12.toshiba.co.jp [61.202.160.132]) by ietfa.amsl.com (Postfix) with ESMTP id AED5E11E8078 for <pana@ietf.org>; Thu, 23 Jun 2011 15:44:46 -0700 (PDT)
Received: from arc11.toshiba.co.jp ([133.199.90.127]) by imx12.toshiba.co.jp with ESMTP id p5NMiSWQ008261; Fri, 24 Jun 2011 07:44:28 +0900 (JST)
Received: (from root@localhost) by arc11.toshiba.co.jp id p5NMiSmF017927; Fri, 24 Jun 2011 07:44:28 +0900 (JST)
Received: from ovp11.toshiba.co.jp [133.199.90.148] by arc11.toshiba.co.jp with ESMTP id HAA17925; Fri, 24 Jun 2011 07:44:28 +0900
Received: from mx2.toshiba.co.jp (localhost [127.0.0.1]) by ovp11.toshiba.co.jp with ESMTP id p5NMiRFs002581; Fri, 24 Jun 2011 07:44:28 +0900 (JST)
Received: from tsbpoa.po.toshiba.co.jp by toshiba.co.jp id p5NMiR5S020440; Fri, 24 Jun 2011 07:44:27 +0900 (JST)
Received: from [133.196.17.93] by mail.po.toshiba.co.jp (Sun Java System Messaging Server 6.1 HotFix 0.05 (built Oct 21 2004)) with ESMTPA id <0LN900AP9LU36XG0@mail.po.toshiba.co.jp>; Fri, 24 Jun 2011 07:44:27 +0900 (JST)
Date: Fri, 24 Jun 2011 07:44:17 +0900
From: Yoshihiro Ohba <yoshihiro.ohba@toshiba.co.jp>
In-reply-to: <4E0381D0.9090605@gridmerge.com>
To: robert.cragie@gridmerge.com
Message-id: <4E03C1C1.3060701@toshiba.co.jp>
MIME-version: 1.0
Content-type: text/plain; charset=ISO-2022-JP
Content-transfer-encoding: 7bit
References: <4DF04217.3080304@toshiba.co.jp> <6491375641982933760@unknownmsgid> <BANLkTinVZ2Bvd6A+znQTiB7X-P6XXh3Cow@mail.gmail.com> <4E037743.2060602@gridmerge.com> <4E037A9D.8080200@piuha.net> <16D60F43CA0B724F8052D7E9323565D71E66160BE8@EUSAACMS0715.eamcs.ericsson.se> <4E0381D0.9090605@gridmerge.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; ja; rv:1.9.2.18) Gecko/20110616 Thunderbird/3.1.11
Cc: "draft-ohba-pana-relay@tools.ietf.org" <draft-ohba-pana-relay@tools.ietf.org>, Samita Chakrabarti <samita.chakrabarti@ericsson.com>, Stephen Farrell <stephen.farrell@cs.tcd.ie>, "pana@ietf.org" <pana@ietf.org>
Subject: Re: [Pana] IESG discussions on draft-ohba-pana-relay
X-BeenThere: pana@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Protocol for carrying Authentication for Network Access <pana.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pana>, <mailto:pana-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pana>
List-Post: <mailto:pana@ietf.org>
List-Help: <mailto:pana-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pana>, <mailto:pana-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Jun 2011 22:44:47 -0000

+1.

Yoshihiro Ohba

(2011/06/24 3:11), Robert Cragie wrote:
> I have no objection to either the text below or what was agreed with 
> Stephen earlier. On balance, I think the text below is preferable.
> 
> Robert
> 
> On 23/06/2011 6:47 PM, Samita Chakrabarti wrote:
>> As a co-author of the document, I am fine with the suggested text 
>> below.
>>
>> -Samita
>>
>> -----Original Message-----
>> From: Jari Arkko [mailto:jari.arkko@piuha.net]
>> Sent: Thursday, June 23, 2011 10:41 AM
>> To: Yoshihiro Ohba; pana@ietf.org
>> Cc: Stephen Farrell; draft-ohba-pana-relay@tools.ietf.org
>> Subject: IESG discussions on draft-ohba-pana-relay
>>
>> We discussed this draft today. The remaining Discuss was about how 
>> mandatory we should make IPsec. You had discussed about a SHOULD 
>> with Stephen. I suggested that while interoperability is useful and 
>> mandatory-to-implement mechanisms are good for it, we also have to 
>> talk about how much value we bring with a security mechanism. In 
>> this case there are some issues like MITMs able to block PANA 
>> packets. However, some of these vulnerabilities are not helped by 
>> relay - PAA security, as the relay can still do bad things, and 
>> because ARP/ND vulnerabilities between the client and relay in any 
>> case make it possible to become a MITM. Stephen had some suggested 
>> text that I agree with:
>>
>> "PRE/PAA security is OPTIONAL since PANA messages are designed to be 
>> used in untrusted networks, but if cryptographic mechanism is 
>> supported, it SHOULD be IPsec."
>>
>> Jari
>>
>>
>