IETF Logo Mail Archive

Re: [paws] need for DB initialization message

"Rosen, Brian" <Brian.Rosen@neustar.biz> Fri, 10 August 2012 00:14 UTC

Return-Path: <brian.rosen@neustar.biz>
X-Original-To: paws@ietfa.amsl.com
Delivered-To: paws@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8D4CC11E8099 for <paws@ietfa.amsl.com>; Thu, 9 Aug 2012 17:14:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.351
X-Spam-Level:
X-Spam-Status: No, score=-6.351 tagged_above=-999 required=5 tests=[AWL=0.247, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e9eoLzLgXSa9 for <paws@ietfa.amsl.com>; Thu, 9 Aug 2012 17:14:55 -0700 (PDT)
Received: from neustar.com (mx2.neustar.com [156.154.25.104]) by ietfa.amsl.com (Postfix) with ESMTP id 33ACD11E808A for <paws@ietf.org>; Thu, 9 Aug 2012 17:14:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=neustar.biz; s=neustarbiz; t=1344557453; x=1659909986; q=dns/txt; h=From:Date:Subject:Message-ID:Content-Language: Content-Type; bh=Y5Pys2+JcGA5ieVNEGLsutgTtb7/c1JN0XMSuw+V/4c=; b=WjgOeBET8XWhc/cw0rPjDgwop4PZnDxCisp5qFQ+g/ygxM7LvSg5vcU1agnlFM JXUzfoT7gr2dFaSKiQvfI5CA==
Received: from ([10.31.13.242]) by chihiron2.nc.neustar.com with ESMTP with TLS id J041123125.9703077; Thu, 09 Aug 2012 20:10:51 -0400
Received: from STNTEXCH01.cis.neustar.com ([fe80::31b6:4d09:2ada:e6c0]) by STNTEXCHHT03.cis.neustar.com ([::1]) with mapi; Thu, 9 Aug 2012 20:14:51 -0400
From: "Rosen, Brian" <Brian.Rosen@neustar.biz>
Date: Thu, 09 Aug 2012 20:14:50 -0400
Thread-Topic: [paws] need for DB initialization message
Thread-Index: Ac12jSjIPSE3Q7O2SZWEcurTAtBH8w==
Message-ID: <7EE3F6BC-E8AB-4C28-B221-1D6E64324D0A@neustar.biz>
References: <1ECAFF543A2FED4EA2BEB6CACE08E47601FAFF1F@008-AM1MPN1-006.mgdnok.nokia.com>
In-Reply-To: <1ECAFF543A2FED4EA2BEB6CACE08E47601FAFF1F@008-AM1MPN1-006.mgdnok.nokia.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
x-ems-proccessed: R64IxjzeHPwwd+efoj3ZcA==
x-ems-stamp: /zeQfDztaOXienRtyf8hbw==
Content-Type: multipart/alternative; boundary="_000_7EE3F6BCE8AB4C28B2211D6E64324D0Aneustarbiz_"
MIME-Version: 1.0
To: "<gabor.bajko@nokia.com>" <gabor.bajko@nokia.com>
Cc: "paws@ietf.org" <paws@ietf.org>
Subject: Re: [paws] need for DB initialization message
X-BeenThere: paws@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Protocol to Access White Space database \(PAWS\)" <paws.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/paws>, <mailto:paws-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/paws>
List-Post: <mailto:paws@ietf.org>
List-Help: <mailto:paws-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/paws>, <mailto:paws-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Aug 2012 00:14:56 -0000

<as individual>
I'm not so sure you need something separate for domain.  ISTM that the DB discovery could return it (possibly as a parameter on the DB URI).  OTOH, you might very well want to receive from the DB some kind of data specification (that is, what is required to be provided in the registration), rather than having it totally wired in to domain.  That means, to me, that the registration is a 4 way message exchange:
1. Device to DB: Authenticate me please
2. DB to device: Authentication accepted, send me this data
3. Device to DB: Here is my registration data
4. DB to device: Registration succeeded.

Now, having said that, you might just get authentication out of the TLS session establishment, this not needing step 1.

Brian

On Aug 9, 2012, at 8:02 PM, <Gabor.Bajko@nokia.com<mailto:Gabor.Bajko@nokia.com>> wrote:

Folks,

During the Vancouver F2F discussions we had some good discussions, but no agreement on whether an initialization message, as proposed in draft-das is necessary or not.
You may check the minutes to see what was said at the mike: http://www.ietf.org/proceedings/84/minutes/minutes-84-paws

People spoke mostly in favor, but there were people who also said that this message is redundant with registration message.

Question#1: need for an initialization message
Unfortunately we did not have time to discuss the DB discovery aspect, and that may be related to this topic. The only DB discovery document available currently, http://www.ietf.org/id/draft-probasco-paws-discovery-01.txt, proposes, that the master device contacts a pre-provisioned discovery server and provides its location, and in return the discovery server returns the URI of the DB for that regulatory domain. At this point, the master device knows which DB to contact, but it does not necessarily know what regulatory domain that DB belongs to. Thus, it doesn’t know what are the operating rules, whether it has to authenticate, or register, etc.
Thus, it seems logical to me that the master device first queries the DB to find out the regulatory domain. We even have such a requirement in the requirement draft, requirement:
“P.3:   The protocol MUST support determination of regulatory             domain governing its current location.”
The information about the regulatory domain may be cached, and the master device may not need to place that query every time, but this message exchange may be necessary in certain cases. Any comments to this point?

Question#2
Then, it is a slightly separate issue, if this message exchange has to take place, then what additional information the DB returns. draft-das proposes that regulatory domain specific information be returned to the master device.

Question#3
Yet another separate point is that draft-das proposes to use this initialization message also to initiate client authentication (putting shared secret vs cert issue aside for the time being). In cases when the master device does not know the regulatory domain it is in, then it does not know whether authentication is required in that regulatory domain or not; so why would initiate authentication then? Similar comment applies to draft-wei, where it is proposed that after DB discovery the master device authenticates at TLS layer and performs registration; how does it know that it has to authenticate and register, if it doesn’t know the regulatory domain?

In my opinion (chair hat off), the sequence of events should be sg like this:

1.       DB discovery (may be skipped if cached information available)
2.       Regulatory domain query (may be skipped if cached information available)
3.       Authentication (if required)
4.       Registration (if required)
5.       Channel availability query (may be combined with registration?)

Comments are welcome and expected.

-          Gabor



_______________________________________________
paws mailing list
paws@ietf.org<mailto:paws@ietf.org>
https://www.ietf.org/mailman/listinfo/paws

v2.23.0 | Report a Bug | By Email