IETF Logo Mail Archive

Re: [pcp] Comparison of PCP authentication

Yoshihiro Ohba <yoshihiro.ohba@toshiba.co.jp> Thu, 16 August 2012 12:45 UTC

Return-Path: <yoshihiro.ohba@toshiba.co.jp>
X-Original-To: pcp@ietfa.amsl.com
Delivered-To: pcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A5E9921F8576 for <pcp@ietfa.amsl.com>; Thu, 16 Aug 2012 05:45:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.014
X-Spam-Level:
X-Spam-Status: No, score=-5.014 tagged_above=-999 required=5 tests=[AWL=-0.925, BAYES_00=-2.599, HELO_EQ_JP=1.244, HOST_EQ_JP=1.265, RCVD_IN_DNSWL_MED=-4, UNPARSEABLE_RELAY=0.001]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B5+GWWuEdq1J for <pcp@ietfa.amsl.com>; Thu, 16 Aug 2012 05:45:37 -0700 (PDT)
Received: from imx2.toshiba.co.jp (inet-tsb5.toshiba.co.jp [202.33.96.24]) by ietfa.amsl.com (Postfix) with ESMTP id D935421F8570 for <pcp@ietf.org>; Thu, 16 Aug 2012 05:45:36 -0700 (PDT)
Received: from arc1.toshiba.co.jp ([133.199.194.235]) by imx2.toshiba.co.jp with ESMTP id q7GCjX5k018618; Thu, 16 Aug 2012 21:45:33 +0900 (JST)
Received: (from root@localhost) by arc1.toshiba.co.jp id q7GCjXlb022824; Thu, 16 Aug 2012 21:45:33 +0900 (JST)
Received: from unknown [133.199.192.144] by arc1.toshiba.co.jp with ESMTP id XAA22823; Thu, 16 Aug 2012 21:45:33 +0900
Received: from mx2.toshiba.co.jp (localhost [127.0.0.1]) by ovp2.toshiba.co.jp with ESMTP id q7GCjX9K011171; Thu, 16 Aug 2012 21:45:33 +0900 (JST)
Received: from tsbpoa.po.toshiba.co.jp by toshiba.co.jp id q7GCjX7Y011548; Thu, 16 Aug 2012 21:45:33 +0900 (JST)
Received: from [133.199.16.135] by mail.po.toshiba.co.jp (Sun Java System Messaging Server 6.1 HotFix 0.05 (built Oct 21 2004)) with ESMTPA id <0M8U009MNM3VKIG0@mail.po.toshiba.co.jp>; Thu, 16 Aug 2012 21:45:33 +0900 (JST)
Date: Thu, 16 Aug 2012 21:45:33 +0900
From: Yoshihiro Ohba <yoshihiro.ohba@toshiba.co.jp>
In-reply-to: <6F0B4ED8-68F1-44BB-A94B-E5D86E6C7254@lilacglade.org>
To: Margaret Wasserman <margaretw42@gmail.com>
Message-id: <502CEB6D.6040304@toshiba.co.jp>
MIME-version: 1.0
Content-type: text/plain; charset="ISO-2022-JP"
Content-transfer-encoding: 7bit
References: <9B57C850BB53634CACEC56EF4853FF653B6EC381@TK5EX14MBXW604.wingroup.windeploy.ntdev.microsoft.com> <7FE144CF-00E3-4451-8CBE-A6A684DB7CC4@yegin.org> <067d01cd73fd$765a6c50$630f44f0$@com> <D6D2DEED-C35A-45AB-8B72-96195C308DB9@yegin.org> <57FF0F8E-1B86-410F-8B6B-C4893A28222F@lilacglade.org> <BB72B80F-0622-4A5B-A985-79D8AED13E0B@apple.com> <003b01cd7587$a111b760$e3352620$@com> <15990E87-2D59-49B1-845C-2A4CB5A1FBD6@lilacglade.org> <008801cd758f$3fd306e0$bf7914a0$@com> <C72CBD9FE3CA604887B1B3F1D145D05E2CE65225@szxeml528-mbx.china.huawei.com> <028801cd75d6$c5765490$5062fdb0$@com> <tsla9y4gptp.fsf@mit.edu> <04c901cd7658$37a740c0$a6f5c240$@com> <tslboikexlv.fsf@mit.edu> <054001cd765d$54c0f3e0$fe42dba0$@com> <0F259BA1-CEFF-4346-AFE5-3D33BB0CF0CC@lilacglade.org> <C72CBD9FE3CA604887B1B3F1D145D05E2CE756EE@szxeml528-mbs.china.huawei.com> <502C6BF0.3030400@toshiba.co.jp> <6F0B4ED8-68F1-44BB-A94B-E5D86E6C7254@lilacglade.org>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:14.0) Gecko/20120713 Thunderbird/14.0
Cc: pcp@ietf.org
Subject: Re: [pcp] Comparison of PCP authentication
X-BeenThere: pcp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: PCP wg discussion list <pcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pcp>, <mailto:pcp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pcp>
List-Post: <mailto:pcp@ietf.org>
List-Help: <mailto:pcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pcp>, <mailto:pcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Aug 2012 12:45:37 -0000

Hi Margaret,

In my opinion, PANA should be dedicated to PCP authentication in both
cases where PANA runs over PCP port.

In other words, we can say that PANA is used for network access
authentication only when PANA operates over PANA port, regardless of
whether the same or different credentials are used for PCP
authentication and network access authentication.

Yoshihiro Ohba

(2012/08/16 20:41), Margaret Wasserman wrote:
> 
> Hi Yoshi,
> 
> On Aug 15, 2012, at 11:41 PM, Yoshihiro Ohba wrote:
> 
>> Here is a brief comparison on both PANA-based schemes:
>>
>> Encapsulation/tunneling approach:
>> - Pros: No impact on PANA specification
>> - Cons: Encapsulation overhead
>>
>> Demultiplexing/port-sharing approach:
>> - Pros: No encapsulation overhead
>> - Cons: Impact on PANA specification (an Update of RFC 5191 is needed
>> on the use of "Reserved" field.)
> 
> In both cases, I think there is an open question (raised by my regarding your draft) of whether we want to modify PANA so that the server will know that it is performing PCP authentication vs. network access authentication.  I think this could be important, if we want a single PANA server to be able to serve both purposes in a small network.  It is possible that the credentials/criteria used to authenticate a node for PCP will be different than for network access, isn't it?
> 
> Margaret
> 
> 
>

v2.23.0 | Report a Bug | By Email