Re: [pcp] CONSENSUS CALL on PCP security
Alper Yegin <alper.yegin@yegin.org> Tue, 16 July 2013 09:50 UTC
Return-Path: <alper.yegin@yegin.org>
X-Original-To: pcp@ietfa.amsl.com
Delivered-To: pcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 22D3A11E8276 for <pcp@ietfa.amsl.com>; Tue, 16 Jul 2013 02:50:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.226
X-Spam-Level:
X-Spam-Status: No, score=-102.226 tagged_above=-999 required=5 tests=[AWL=0.373, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ly3q1GnwKZM8 for <pcp@ietfa.amsl.com>; Tue, 16 Jul 2013 02:50:50 -0700 (PDT)
Received: from mout.perfora.net (mout.perfora.net [74.208.4.194]) by ietfa.amsl.com (Postfix) with ESMTP id 3100F11E828E for <pcp@ietf.org>; Tue, 16 Jul 2013 02:50:50 -0700 (PDT)
Received: from [192.168.2.49] (88.247.135.202.static.ttnet.com.tr [88.247.135.202]) by mrelay.perfora.net (node=mrus0) with ESMTP (Nemesis) id 0MeyZt-1UnoY22Var-00OXKr; Tue, 16 Jul 2013 05:50:38 -0400
Mime-Version: 1.0 (Apple Message framework v1283)
Content-Type: text/plain; charset="us-ascii"
From: Alper Yegin <alper.yegin@yegin.org>
In-Reply-To: <674F70E5F2BE564CB06B6901FD3DD78B12D2FA81@tgxml338.toshiba.local>
Date: Tue, 16 Jul 2013 12:50:32 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <CD23C04D-C74D-4D88-8FF1-1AC8D83CA0F4@yegin.org>
References: <c91bb8469abe4b079e46454e022546e6@BY2PR03MB269.namprd03.prod.outlook.com> <913383AAA69FF945B8F946018B75898A14B9AE60@xmb-rcd-x10.cisco.com> <674F70E5F2BE564CB06B6901FD3DD78B12D2FA81@tgxml338.toshiba.local>
To: yoshihiro.ohba@toshiba.co.jp
X-Mailer: Apple Mail (2.1283)
X-Provags-ID: V02:K0:3UleFkDmNCA6JvWCtzSt0c8d8sGrTmOUcaV7MM+zHLh NRQ/Kbk4V83rSJqNKiOzRAa7Rnpyk30CtfDibYie5llzuolwlL 3J/Fk1yj+cGWFL0thQ5XM8EdFcg6/MPkK5MwaJXtj9AtgQcW5E luBJP4fq8NDs+B81nLvVjRd5nQJ416GX5CTglDdFjQlOTa0Cyz ERrr/tOODZzPE4PrbIRdDam9x/ErrkDiPwGPuqs5SWOKsXtwYf leBhn4TyOn4fp7DgBHJtzAVYe2EkXcEJ3+U0W2zcGfOE1ZZ2um nk0iQ8ZV6A2lwQAqZKa0M6NgVc+RnLrF+OaHzul9awtYtkpNvY u32VUxKFainsKU3nqg8+dMwewLT3os2HvHfQgQFA/yUdYwh5ap rT/l5wfVnlRUQ==
Cc: pcp@ietf.org, tireddy@cisco.com
Subject: Re: [pcp] CONSENSUS CALL on PCP security
X-BeenThere: pcp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: PCP wg discussion list <pcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pcp>, <mailto:pcp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pcp>
List-Post: <mailto:pcp@ietf.org>
List-Help: <mailto:pcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pcp>, <mailto:pcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Jul 2013 09:50:55 -0000
Hi Yoshi, > I would note that the two PANA approaches (side-by-side and encapsulation) may have difference in supporting PCP proxy. In the side-by-side approach (draft-ohba-pcp-pana), PANA relay would need to be implemented on PCP proxy to communicate client's IP address to the server since PCP THIRD_PARTY option is carried only in PCP message. In the encapsulation approach (draft-ohba-pcp-pana-encap), PANA relay would not be needed since PCP THIRD_PARTY option can be carried in a PCP message that encapsulates a PANA message. > > Since PANA relay is simple stateless relay, it should not be a problem with the side-by-side approach as long as THIRD_PARTY option is the only PCP option inserted by PCP proxy. However, if PCP proxy inserts other PCP options as well, then I think the encapsulation approach can be better than the side-by-side approach. > I didn't understand why PCP proxy having to insert any PCP options have any impact on the out-of band authentication performed by PANA. Alper > Regards, > Yoshihiro Ohba > > > -----Original Message----- > From: pcp-bounces@ietf.org [mailto:pcp-bounces@ietf.org] On Behalf Of Tirumaleswar Reddy (tireddy) > Sent: Tuesday, July 16, 2013 2:51 PM > To: Dave Thaler; pcp@ietf.org > Subject: Re: [pcp] CONSENSUS CALL on PCP security > > Hi Dave, > > In the poll when you refer to PANA, please clarify the draft you are referring to http://tools.ietf.org/html/draft-ohba-pcp-pana-04 or http://tools.ietf.org/html/draft-ohba-pcp-pana-encap-01 ? > > --Tiru. > >> -----Original Message----- >> From: Dave Thaler [mailto:dthaler@microsoft.com] >> Sent: Monday, July 15, 2013 6:03 AM >> To: pcp@ietf.org >> Subject: [pcp] CONSENSUS CALL on PCP security >> >> The WG has discussed two approaches for using EAP with PCP: >> direct EAP-in-PCP vs using PANA. >> >> At IETF 84, we polled the room and got 5 hands for direct EAP-in-PCP >> and 10 or 11 for PANA. There was significant confusion/disagreement >> around requirements and proposed solutions at that time. >> >> At IETF 85, we again polled the room and got a different result, this >> time 12 hands for direct EAP-in-PCP and 6 for PANA. There was, >> however, still significant confusion/disagreement around requirements >> and proposed solutions. >> >> Since IETF 85, we have made lots of progress on getting agreement on >> the requirements, and draft-reddy-pcp-auth-req now seems to be >> relatively stable without significant areas of disagreement known. >> Discussion may of course continue if new issues are raised but we >> believe any additional changes are unlikely to affect people's >> position on overall solution approach, i.e. direct EAP-in-PCP vs. PANA. >> >> The general sense of the WG also seems to be that either approach >> could be made to fit the requirements, so we believe it is now time >> for us to determine consensus (draft-resnick-on-consensus is a great >> read) on the approach question. We know many folks would just like to >> make a decision and move on. >> >> Hence the chairs would like to ask the WG which solution direction the >> WG should pursue in meeting the requirements. Please state your >> recommendation on this thread, preferably along with your rationale. >> Avoid responding on this thread to others' rationale, use a separate >> thread as needed. >> >> To help us judge consensus, please use the template below and respond >> by SUNDAY JULY 28. >> >> -Dave and Reinaldo >> >> --- >> >> 1) Could you *live with* EAP-in-PCP? If not, state reason you would object. >> >> <NO and state reason, or YES> >> >> 2) Could you *live with* PANA? If not, state reason you would object. >> >> <NO and state reason, or YES> >> >> 3) If you said yes to both 1 and 2, but have a strong preference >> between the two, which approach do you prefer and why? >> >> <EAP-in-PCP, or PANA>. <state reason> >> > > _______________________________________________ > pcp mailing list > pcp@ietf.org > https://www.ietf.org/mailman/listinfo/pcp > _______________________________________________ > pcp mailing list > pcp@ietf.org > https://www.ietf.org/mailman/listinfo/pcp
- [pcp] CONSENSUS CALL on PCP security Dave Thaler
- Re: [pcp] CONSENSUS CALL on PCP security Tirumaleswar Reddy (tireddy)
- Re: [pcp] CONSENSUS CALL on PCP security yoshihiro.ohba
- Re: [pcp] CONSENSUS CALL on PCP security Alper Yegin
- Re: [pcp] CONSENSUS CALL on PCP security yoshihiro.ohba
- Re: [pcp] CONSENSUS CALL on PCP security Alper Yegin
- Re: [pcp] CONSENSUS CALL on PCP security Dave Thaler
- Re: [pcp] CONSENSUS CALL on PCP security Tirumaleswar Reddy (tireddy)
- Re: [pcp] CONSENSUS CALL on PCP security Alper Yegin
- Re: [pcp] CONSENSUS CALL on PCP security Prashanth Patil (praspati)
- [pcp] REQ-14 in PCP Authentication Requirements Tirumaleswar Reddy (tireddy)
- [pcp] Proxy security (was Re: CONSENSUS CALL on P… Alper Yegin
- Re: [pcp] Proxy security (was Re: CONSENSUS CALL … Tirumaleswar Reddy (tireddy)
- Re: [pcp] Proxy security (was Re: CONSENSUS CALL … Prashanth Patil (praspati)
- Re: [pcp] Proxy security (was Re: CONSENSUS CALL … Alper Yegin
- Re: [pcp] Proxy security (was Re: CONSENSUS CALL … Prashanth Patil (praspati)
- Re: [pcp] Proxy security (was Re: CONSENSUS CALL … Alper Yegin
- Re: [pcp] Proxy security (was Re: CONSENSUS CALL … Dan Wing
- Re: [pcp] CONSENSUS CALL on PCP security Ben McCann
- Re: [pcp] Proxy security (was Re: CONSENSUS CALL … Tirumaleswar Reddy (tireddy)
- Re: [pcp] Proxy security (was Re: CONSENSUS CALL … Alper Yegin
- [pcp] PANA misconceptions (was Re: CONSENSUS CALL… Alper Yegin
- Re: [pcp] PANA misconceptions (was Re: CONSENSUS … Rafa Marin Lopez
- Re: [pcp] Proxy security (was Re: CONSENSUS CALL … Tirumaleswar Reddy (tireddy)
- Re: [pcp] Proxy security (was Re: CONSENSUS CALL … yoshihiro.ohba
- Re: [pcp] Proxy security (was Re: CONSENSUS CALL … Alper Yegin
- Re: [pcp] Proxy security (was Re: CONSENSUS CALL … Prashanth Patil (praspati)
- Re: [pcp] Proxy security (was Re: CONSENSUS CALL … yoshihiro.ohba
- Re: [pcp] Proxy security (was Re: CONSENSUS CALL … Tirumaleswar Reddy (tireddy)
- Re: [pcp] Proxy security (was Re: CONSENSUS CALL … Prashanth Patil (praspati)
- Re: [pcp] PANA misconceptions (was Re: CONSENSUS … Ben McCann
- Re: [pcp] Proxy security (was Re: CONSENSUS CALL … yoshihiro.ohba
- Re: [pcp] PANA misconceptions (was Re: CONSENSUS … Rafa Marin Lopez
- Re: [pcp] PANA misconceptions (was Re: CONSENSUS … Ben McCann
- Re: [pcp] Proxy security (was Re: CONSENSUS CALL … Dan Wing
- Re: [pcp] Proxy security (was Re: CONSENSUS CALL … Alper Yegin
- Re: [pcp] Proxy security (was Re: CONSENSUS CALL … Prashanth Patil (praspati)
- Re: [pcp] PANA misconceptions (was Re: CONSENSUS … Alper Yegin
- Re: [pcp] PANA misconceptions (was Re: CONSENSUS … Alper Yegin
- Re: [pcp] PANA misconceptions (was Re: CONSENSUS … Prashanth Patil (praspati)
- Re: [pcp] REQ-14 in PCP Authentication Requiremen… Alper Yegin
- Re: [pcp] Proxy security (was Re: CONSENSUS CALL … yoshihiro.ohba
- Re: [pcp] PANA misconceptions (was Re: CONSENSUS … Rafa Marin Lopez
- Re: [pcp] CONSENSUS CALL on PCP security Tina TSOU
- Re: [pcp] CONSENSUS CALL on PCP security Martija, Ricardo V
- Re: [pcp] CONSENSUS CALL on PCP security Dave Thaler
- Re: [pcp] CONSENSUS CALL on PCP security Margaret Wasserman
- Re: [pcp] CONSENSUS CALL on PCP security Stuart Cheshire
- Re: [pcp] CONSENSUS CALL on PCP security yoshihiro.ohba
- Re: [pcp] CONSENSUS CALL on PCP security Subir Das
- Re: [pcp] CONSENSUS CALL on PCP security Ted Lemon
- Re: [pcp] CONSENSUS CALL on PCP security Alper Yegin
- Re: [pcp] CONSENSUS CALL on PCP security Rafa Marin Lopez
- Re: [pcp] CONSENSUS CALL on PCP security yoshihiro.ohba
- Re: [pcp] CONSENSUS CALL on PCP security Pedro Moreno Sánchez
- Re: [pcp] CONSENSUS CALL on PCP security Ted Lemon
- Re: [pcp] CONSENSUS CALL on PCP security Ted Lemon
- Re: [pcp] CONSENSUS CALL on PCP security Alan DeKok
- Re: [pcp] CONSENSUS CALL on PCP security Alan DeKok
- Re: [pcp] CONSENSUS CALL on PCP security Alan DeKok
- Re: [pcp] CONSENSUS CALL on PCP security Dacheng Zhang
- Re: [pcp] CONSENSUS CALL on PCP security Alper Yegin
- Re: [pcp] CONSENSUS CALL on PCP security Alper Yegin
- Re: [pcp] CONSENSUS CALL on PCP security Alper Yegin
- Re: [pcp] CONSENSUS CALL on PCP security Ted Lemon
- Re: [pcp] CONSENSUS CALL on PCP security Alper Yegin
- Re: [pcp] CONSENSUS CALL on PCP security Margaret Wasserman
- Re: [pcp] CONSENSUS CALL on PCP security Margaret Wasserman
- Re: [pcp] CONSENSUS CALL on PCP security Tassos Chatzithomaoglou
- Re: [pcp] CONSENSUS CALL on PCP security Subir Das
- Re: [pcp] CONSENSUS CALL on PCP security yoshihiro.ohba
- Re: [pcp] CONSENSUS CALL on PCP security Alan DeKok
- Re: [pcp] CONSENSUS CALL on PCP security Alper Yegin
- Re: [pcp] CONSENSUS CALL on PCP security Alper Yegin
- Re: [pcp] CONSENSUS CALL on PCP security Alan DeKok
- Re: [pcp] CONSENSUS CALL on PCP security Alan DeKok
- Re: [pcp] CONSENSUS CALL on PCP security Margaret Wasserman
- Re: [pcp] CONSENSUS CALL on PCP security Margaret Wasserman
- Re: [pcp] CONSENSUS CALL on PCP security Subir Das
- Re: [pcp] CONSENSUS CALL on PCP security Margaret Wasserman
- Re: [pcp] CONSENSUS CALL on PCP security Pedro Moreno Sánchez
- Re: [pcp] CONSENSUS CALL on PCP security Alper Yegin
- Re: [pcp] CONSENSUS CALL on PCP security Alper Yegin
- Re: [pcp] CONSENSUS CALL on PCP security Margaret Wasserman
- Re: [pcp] CONSENSUS CALL on PCP security Tassos Chatzithomaoglou
- Re: [pcp] CONSENSUS CALL on PCP security Alper Yegin
- Re: [pcp] CONSENSUS CALL on PCP security Dave Thaler
- Re: [pcp] CONSENSUS CALL on PCP security Tassos Chatzithomaoglou
- Re: [pcp] CONSENSUS CALL on PCP security Alper Yegin
- Re: [pcp] CONSENSUS CALL on PCP security Alper Yegin
- Re: [pcp] CONSENSUS CALL on PCP security Margaret Wasserman
- Re: [pcp] PANA misconceptions (was Re: CONSENSUS … Ben McCann
- Re: [pcp] PANA misconceptions (was Re: CONSENSUS … yoshihiro.ohba