IETF Logo Mail Archive

Re: [pcp] Posted auth req slide that was edited during meeting

<yoshihiro.ohba@toshiba.co.jp> Thu, 21 March 2013 16:42 UTC

Return-Path: <yoshihiro.ohba@toshiba.co.jp>
X-Original-To: pcp@ietfa.amsl.com
Delivered-To: pcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6B81F21F8626 for <pcp@ietfa.amsl.com>; Thu, 21 Mar 2013 09:42:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.756
X-Spam-Level:
X-Spam-Status: No, score=-6.756 tagged_above=-999 required=5 tests=[AWL=1.333, BAYES_00=-2.599, HELO_EQ_JP=1.244, HOST_EQ_JP=1.265, RCVD_IN_DNSWL_HI=-8, UNPARSEABLE_RELAY=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AjWjCRYactAq for <pcp@ietfa.amsl.com>; Thu, 21 Mar 2013 09:42:04 -0700 (PDT)
Received: from imx12.toshiba.co.jp (imx12.toshiba.co.jp [61.202.160.132]) by ietfa.amsl.com (Postfix) with ESMTP id 9040221F85DC for <pcp@ietf.org>; Thu, 21 Mar 2013 09:42:01 -0700 (PDT)
Received: from tsbmgw-mgw01.tsbmgw-mgw01.toshiba.co.jp ([133.199.232.103]) by imx12.toshiba.co.jp with ESMTP id r2LGg0Lk013615 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <pcp@ietf.org>; Fri, 22 Mar 2013 01:42:00 +0900 (JST)
Received: from tsbmgw-mgw01 (localhost [127.0.0.1]) by tsbmgw-mgw01.tsbmgw-mgw01.toshiba.co.jp (8.13.8/8.14.5) with ESMTP id r2LGg0eq028056 for <pcp@ietf.org>; Fri, 22 Mar 2013 01:42:00 +0900
Received: from localhost ([127.0.0.1]) by tsbmgw-mgw01 (JAMES SMTP Server 2.3.1) with SMTP ID 492 for <pcp@ietf.org>; Fri, 22 Mar 2013 01:42:00 +0900 (JST)
Received: from arc11.toshiba.co.jp ([133.199.90.127]) by tsbmgw-mgw01.tsbmgw-mgw01.toshiba.co.jp (8.13.8/8.14.5) with ESMTP id r2LGg0Ci028053 for <pcp@ietf.org>; Fri, 22 Mar 2013 01:42:00 +0900
Received: (from root@localhost) by arc11.toshiba.co.jp id r2LGg0jq021641 for pcp@ietf.org; Fri, 22 Mar 2013 01:42:00 +0900 (JST)
Received: from ovp11.toshiba.co.jp [133.199.90.148] by arc11.toshiba.co.jp with ESMTP id BAA21640; Fri, 22 Mar 2013 01:42:00 +0900
Received: from mx2.toshiba.co.jp (localhost [127.0.0.1]) by ovp11.toshiba.co.jp with ESMTP id r2LGfxeT023662 for <pcp@ietf.org>; Fri, 22 Mar 2013 01:41:59 +0900 (JST)
Received: from TGXML330.toshiba.local by toshiba.co.jp id r2LGfxdd027313; Fri, 22 Mar 2013 01:41:59 +0900 (JST)
Received: from TGXML337.toshiba.local ([169.254.3.203]) by TGXML330.toshiba.local ([133.199.60.204]) with mapi id 14.02.0328.009; Fri, 22 Mar 2013 01:41:58 +0900
From: yoshihiro.ohba@toshiba.co.jp
To: pcp@ietf.org
Thread-Topic: [pcp] Posted auth req slide that was edited during meeting
Thread-Index: AQHOI+DTZVo7fOcKTKW7xX5uXeSScpirfAWwgATfK/A=
Date: Thu, 21 Mar 2013 16:41:58 +0000
Message-ID: <674F70E5F2BE564CB06B6901FD3DD78B12CDEA18@tgxml337.toshiba.local>
References: <341064315C6D0D498193B256F238CF9747C9C9@TK5EX14MBXW603.wingroup.windeploy.ntdev.microsoft.com> <5EF8B214-6563-47C7-9D48-621D9D5E1B29@yegin.org> <tslip4r42r3.fsf@mit.edu> <674F70E5F2BE564CB06B6901FD3DD78B12CD0A01@tgxml337.toshiba.local> <tslk3p4zyze.fsf@mit.edu> <674F70E5F2BE564CB06B6901FD3DD78B12CDB0CB@tgxml337.toshiba.local> <tsl620ox0zb.fsf@mit.edu> <674F70E5F2BE564CB06B6901FD3DD78B12CDB148@tgxml337.toshiba.local>
In-Reply-To: <674F70E5F2BE564CB06B6901FD3DD78B12CDB148@tgxml337.toshiba.local>
Accept-Language: ja-JP, en-US
Content-Language: ja-JP
x-originating-ip: [133.199.17.216]
msscp.transfermailtomossagent: 103
Content-Type: text/plain; charset="iso-2022-jp"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [pcp] Posted auth req slide that was edited during meeting
X-BeenThere: pcp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: PCP wg discussion list <pcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pcp>, <mailto:pcp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pcp>
List-Post: <mailto:pcp@ietf.org>
List-Help: <mailto:pcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pcp>, <mailto:pcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Mar 2013 16:42:05 -0000

Can we take silence as agreement about re-auth to happen before the SA expires?

Yoshihiro Ohba


-----Original Message-----
From: pcp-bounces@ietf.org [mailto:pcp-bounces@ietf.org] On Behalf Of yoshihiro.ohba@toshiba.co.jp
Sent: Monday, March 18, 2013 11:12 PM
To: hartmans@painless-security.com
Cc: pcp@ietf.org
Subject: Re: [pcp] Posted auth req slide that was edited during meeting

Sam,

-----Original Message-----
From: Sam Hartman [mailto:hartmans@painless-security.com] 
Sent: Monday, March 18, 2013 11:00 PM
To: ohba yoshihiro
Cc: alper.yegin@yegin.org; pcp@ietf.org
Subject: Re: [pcp] Posted auth req slide that was edited during meeting

>>>>>   <yoshihiro.ohba@toshiba.co.jp> writes:


    > In any case, we should follow the definition of EAP
    > re-authentication in RFC 5247 about re-authentication timing.  I
    > see absolutely no reason to change the definition.

OK. So you're saying that the goal of the security association expiration is to make sure that a client cannot change the PCP state in a manner that requires authentication outside a time window defined by the AAA infrastructure/PCP server?

[YO] Yes.

So, the sorts of attacks we'd want to prevent are people changing state after credentials have changed or authorizations have changed?

[YO] Yes, unless the credentials or authorizations are changed via a valid re-authentication, that is the whole purpose of re-authentication.

Yoshihiro Ohba

--Sam

_______________________________________________
pcp mailing list
pcp@ietf.org
https://www.ietf.org/mailman/listinfo/pcp

v2.23.0 | Report a Bug | By Email