IETF Logo Mail Archive

Re: [pcp] CONSENSUS CALL on PCP security

Alper Yegin <alper.yegin@yegin.org> Tue, 16 July 2013 09:50 UTC

Return-Path: <alper.yegin@yegin.org>
X-Original-To: pcp@ietfa.amsl.com
Delivered-To: pcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 22D3A11E8276 for <pcp@ietfa.amsl.com>; Tue, 16 Jul 2013 02:50:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.226
X-Spam-Level:
X-Spam-Status: No, score=-102.226 tagged_above=-999 required=5 tests=[AWL=0.373, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ly3q1GnwKZM8 for <pcp@ietfa.amsl.com>; Tue, 16 Jul 2013 02:50:50 -0700 (PDT)
Received: from mout.perfora.net (mout.perfora.net [74.208.4.194]) by ietfa.amsl.com (Postfix) with ESMTP id 3100F11E828E for <pcp@ietf.org>; Tue, 16 Jul 2013 02:50:50 -0700 (PDT)
Received: from [192.168.2.49] (88.247.135.202.static.ttnet.com.tr [88.247.135.202]) by mrelay.perfora.net (node=mrus0) with ESMTP (Nemesis) id 0MeyZt-1UnoY22Var-00OXKr; Tue, 16 Jul 2013 05:50:38 -0400
Mime-Version: 1.0 (Apple Message framework v1283)
Content-Type: text/plain; charset="us-ascii"
From: Alper Yegin <alper.yegin@yegin.org>
In-Reply-To: <674F70E5F2BE564CB06B6901FD3DD78B12D2FA81@tgxml338.toshiba.local>
Date: Tue, 16 Jul 2013 12:50:32 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <CD23C04D-C74D-4D88-8FF1-1AC8D83CA0F4@yegin.org>
References: <c91bb8469abe4b079e46454e022546e6@BY2PR03MB269.namprd03.prod.outlook.com> <913383AAA69FF945B8F946018B75898A14B9AE60@xmb-rcd-x10.cisco.com> <674F70E5F2BE564CB06B6901FD3DD78B12D2FA81@tgxml338.toshiba.local>
To: yoshihiro.ohba@toshiba.co.jp
X-Mailer: Apple Mail (2.1283)
X-Provags-ID: V02:K0:3UleFkDmNCA6JvWCtzSt0c8d8sGrTmOUcaV7MM+zHLh NRQ/Kbk4V83rSJqNKiOzRAa7Rnpyk30CtfDibYie5llzuolwlL 3J/Fk1yj+cGWFL0thQ5XM8EdFcg6/MPkK5MwaJXtj9AtgQcW5E luBJP4fq8NDs+B81nLvVjRd5nQJ416GX5CTglDdFjQlOTa0Cyz ERrr/tOODZzPE4PrbIRdDam9x/ErrkDiPwGPuqs5SWOKsXtwYf leBhn4TyOn4fp7DgBHJtzAVYe2EkXcEJ3+U0W2zcGfOE1ZZ2um nk0iQ8ZV6A2lwQAqZKa0M6NgVc+RnLrF+OaHzul9awtYtkpNvY u32VUxKFainsKU3nqg8+dMwewLT3os2HvHfQgQFA/yUdYwh5ap rT/l5wfVnlRUQ==
Cc: pcp@ietf.org, tireddy@cisco.com
Subject: Re: [pcp] CONSENSUS CALL on PCP security
X-BeenThere: pcp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: PCP wg discussion list <pcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pcp>, <mailto:pcp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pcp>
List-Post: <mailto:pcp@ietf.org>
List-Help: <mailto:pcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pcp>, <mailto:pcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Jul 2013 09:50:55 -0000

Hi Yoshi,


> I would note that the two PANA approaches (side-by-side and encapsulation) may have difference in supporting PCP proxy.  In the side-by-side approach (draft-ohba-pcp-pana), PANA relay would need to be implemented on PCP proxy to communicate client's IP address to the server since PCP THIRD_PARTY option is carried only in PCP message.  In the encapsulation approach (draft-ohba-pcp-pana-encap), PANA relay would not be needed since PCP THIRD_PARTY option can be carried in a PCP message that encapsulates a PANA message.
> 
> Since PANA relay is simple stateless relay, it should not be a problem with the side-by-side approach as long as THIRD_PARTY option is the only PCP option inserted by PCP proxy.  However, if PCP proxy inserts other PCP options as well, then I think the encapsulation approach can be better than the side-by-side approach.
> 

I didn't understand why PCP proxy having to insert any PCP options have any impact on the out-of band authentication performed by PANA.

Alper



> Regards,
> Yoshihiro Ohba
> 
> 
> -----Original Message-----
> From: pcp-bounces@ietf.org [mailto:pcp-bounces@ietf.org] On Behalf Of Tirumaleswar Reddy (tireddy)
> Sent: Tuesday, July 16, 2013 2:51 PM
> To: Dave Thaler; pcp@ietf.org
> Subject: Re: [pcp] CONSENSUS CALL on PCP security
> 
> Hi Dave,
> 
> In the poll when you refer to PANA, please clarify the draft you are referring to http://tools.ietf.org/html/draft-ohba-pcp-pana-04 or http://tools.ietf.org/html/draft-ohba-pcp-pana-encap-01 ?
> 
> --Tiru.
> 
>> -----Original Message-----
>> From: Dave Thaler [mailto:dthaler@microsoft.com]
>> Sent: Monday, July 15, 2013 6:03 AM
>> To: pcp@ietf.org
>> Subject: [pcp] CONSENSUS CALL on PCP security
>> 
>> The WG has discussed two approaches for using EAP with PCP:
>> direct EAP-in-PCP vs using PANA.
>> 
>> At IETF 84, we polled the room and got 5 hands for direct EAP-in-PCP 
>> and 10 or 11 for PANA. There was significant confusion/disagreement 
>> around requirements and proposed solutions at that time.
>> 
>> At IETF 85, we again polled the room and got a different result, this 
>> time 12 hands for direct EAP-in-PCP and 6 for PANA. There was, 
>> however, still significant confusion/disagreement around requirements 
>> and proposed solutions.
>> 
>> Since IETF 85, we have made lots of progress on getting agreement on 
>> the requirements, and draft-reddy-pcp-auth-req now seems to be 
>> relatively stable without significant areas of disagreement known.
>> Discussion may of course continue if new issues are raised but we 
>> believe any additional changes are unlikely to affect people's 
>> position on overall solution approach, i.e. direct EAP-in-PCP vs. PANA.
>> 
>> The general sense of the WG also seems to be that either approach 
>> could be made to fit the requirements, so we believe it is now time 
>> for us to determine consensus (draft-resnick-on-consensus is a great 
>> read) on the approach question. We know many folks would just like to 
>> make a decision and move on.
>> 
>> Hence the chairs would like to ask the WG which solution direction the 
>> WG should pursue in meeting the requirements. Please state your 
>> recommendation on this thread, preferably along with your rationale.
>> Avoid responding on this thread to others' rationale, use a separate 
>> thread as needed.
>> 
>> To help us judge consensus, please use the template below and respond 
>> by SUNDAY JULY 28.
>> 
>> -Dave and Reinaldo
>> 
>> ---
>> 
>> 1) Could you *live with* EAP-in-PCP? If not, state reason you would object.
>> 
>>     <NO and state reason, or YES>
>> 
>> 2) Could you *live with* PANA? If not, state reason you would object.
>> 
>>     <NO and state reason, or YES>
>> 
>> 3) If you said yes to both 1 and 2, but have a strong preference 
>> between the two, which approach do you prefer and why?
>> 
>>     <EAP-in-PCP, or PANA>.  <state reason>
>> 
> 
> _______________________________________________
> pcp mailing list
> pcp@ietf.org
> https://www.ietf.org/mailman/listinfo/pcp
> _______________________________________________
> pcp mailing list
> pcp@ietf.org
> https://www.ietf.org/mailman/listinfo/pcp

v2.23.0 | Report a Bug | By Email