IETF Logo Mail Archive

Re: [pcp] Stephen Farrell's Discuss on draft-ietf-pcp-proxy-08: (with DISCUSS)

Stephen Farrell <stephen.farrell@cs.tcd.ie> Thu, 09 July 2015 12:51 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: pcp@ietfa.amsl.com
Delivered-To: pcp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 123551AD352; Thu, 9 Jul 2015 05:51:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.311
X-Spam-Level:
X-Spam-Status: No, score=-4.311 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mx01C7r_Mcty; Thu, 9 Jul 2015 05:51:46 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 09E6C1A8BB0; Thu, 9 Jul 2015 05:51:46 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 9D3B2BE77; Thu, 9 Jul 2015 13:51:44 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1436446304; bh=HGo1jClJ7Fvt24QHGiN+nri02iv8thxeJJqEKzqqkt8=; h=Date:From:To:CC:Subject:References:In-Reply-To:From; b=xT1eNX+7u/neoVvd2zPiMB58BpeplwTWlYePXe0uthKLTYpjlaMOuR4pOa6qh9xqi VkQ/s49AQV3SERLzYEd5r2UiWb3Z4BYz2QogUNXHknqxXgElVlkzUEtLo6i4snzCIN HQyzZmy3e5QfUrqVVgV4ytrjC3AWwRT4wrhH+ODE=
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JAeIzzY4VC7x; Thu, 9 Jul 2015 13:51:44 +0100 (IST)
Received: from [134.226.36.180] (stephen-think.dsg.cs.tcd.ie [134.226.36.180]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 6DCCEBE75; Thu, 9 Jul 2015 13:51:44 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1436446304; bh=HGo1jClJ7Fvt24QHGiN+nri02iv8thxeJJqEKzqqkt8=; h=Date:From:To:CC:Subject:References:In-Reply-To:From; b=xT1eNX+7u/neoVvd2zPiMB58BpeplwTWlYePXe0uthKLTYpjlaMOuR4pOa6qh9xqi VkQ/s49AQV3SERLzYEd5r2UiWb3Z4BYz2QogUNXHknqxXgElVlkzUEtLo6i4snzCIN HQyzZmy3e5QfUrqVVgV4ytrjC3AWwRT4wrhH+ODE=
Message-ID: <559E6E60.8080405@cs.tcd.ie>
Date: Thu, 09 Jul 2015 13:51:44 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: mohamed.boucadair@orange.com, The IESG <iesg@ietf.org>
References: <20150709113220.17494.888.idtracker@ietfa.amsl.com> <787AE7BB302AE849A7480A190F8B933005359436@OPEXCLILMA3.corporate.adroot.infra.ftgroup> <559E6722.7000504@cs.tcd.ie> <787AE7BB302AE849A7480A190F8B9330053594DD@OPEXCLILMA3.corporate.adroot.infra.ftgroup>
In-Reply-To: <787AE7BB302AE849A7480A190F8B9330053594DD@OPEXCLILMA3.corporate.adroot.infra.ftgroup>
OpenPGP: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/pcp/Bbca3fY3tl5aB02CumLQ9m6Cp_c>
Cc: "pcp@ietf.org" <pcp@ietf.org>
Subject: Re: [pcp] Stephen Farrell's Discuss on draft-ietf-pcp-proxy-08: (with DISCUSS)
X-BeenThere: pcp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: PCP wg discussion list <pcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pcp>, <mailto:pcp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pcp/>
List-Post: <mailto:pcp@ietf.org>
List-Help: <mailto:pcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pcp>, <mailto:pcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Jul 2015 12:51:51 -0000

Hiya.

On 09/07/15 13:38, mohamed.boucadair@orange.com wrote:
> Re-,
> 
> Both modes you mentioned may be envisaged... 

Right. But I think there's no way to support both (as of
now at least), is that correct? (I'm not asking that both
be supported - it's probably over complex for the benefits
one could get.)

> but in term of
> requirements the wg discussed mainly the case where the left-most
> client authenticates with the middle server and the case where the
> left-most client does not even authenticate (but still the proxy
> authenticate to the upstream server).

So that's a credible answer. I do think it ought be stated
in this document though as it rules out a few things that
one could otherwise have done if the leftmost client could
be authenticated to the rightmost server. I'm not saying
the WG should have chosen any of the particular answers there
btw, but just that it needs to be clear, here.

> 
> The PCP auth draft says the following:

Ah thanks. Sorry for missing/forgetting that. Too much
too-quick reading;-)

> 
> When a PCP proxy is located between a PCP server and PCP clients,
> the proxy may perform authentication with the PCP server before it 
> processes requests from the clients.  In addition, re-authentication 
> between the PCP proxy and PCP server will not interrupt the service 
> that the proxy provides to the clients since the proxy is still 
> allowed to send common PCP messages to the PCP server during that 
> period.

Ok. So that doesn't quite preclude the leftmost client
authenticating to the rightmost server though. Shouldn't it?

Cheers,
S.

> 
> Cheers, Med
> 
>> -----Message d'origine----- De : Stephen Farrell
>> [mailto:stephen.farrell@cs.tcd.ie] Envoyé : jeudi 9 juillet 2015
>> 14:21 À : BOUCADAIR Mohamed IMT/OLN; The IESG Cc : pcp@ietf.org 
>> Objet : Re: [pcp] Stephen Farrell's Discuss on
>> draft-ietf-pcp-proxy-08: (with DISCUSS)
>> 
>> 
>> Hi Med,
>> 
>> On 09/07/15 12:58, mohamed.boucadair@orange.com wrote:
>>> Hi Stephen,
>>> 
>>> FWIW, the document does not include any discussion about 
>>> authentication as per slide 4 of 
>>> http://www.ietf.org/proceedings/87/slides/slides-87-pcp-2.pdf.
>>> Those aspects are out of scope of this document; implication
>>> assessment is supposed to be in the PCP auth draft.
>> 
>> Well, I don't believe the PCP auth draft says anything about PCP
>> proxies does it?
>> 
>> But I'm not asking about where/how we document stuff but rather 
>> about how it is supposed to work.
>> 
>>> 
>>> The answer to your question is in slide 3 
>>> (https://www.ietf.org/proceedings/87/slides/slides-87-pcp-6.pdf).
>>
>>
>>> 
Sorry, I don't get an answer to my question from that, can
>> you explain?
>> 
>> Ta, S.
>> 
>> 
>>> 
>>> Cheers, Med
>>> 
>>>> -----Message d'origine----- De : pcp
>>>> [mailto:pcp-bounces@ietf.org] De la part de Stephen Farrell
>>>> Envoyé : jeudi 9 juillet 2015 13:32 À : The IESG Cc :
>>>> pcp@ietf.org Objet : [pcp] Stephen Farrell's Discuss on
>>>> draft-ietf-pcp-proxy-08: (with DISCUSS)
>>>> 
>>>> Stephen Farrell has entered the following ballot position for 
>>>> draft-ietf-pcp-proxy-08: Discuss
>>>> 
>>>> When responding, please keep the subject line intact and reply
>>>> to all email addresses included in the To and CC lines. (Feel
>>>> free to cut this introductory paragraph, however.)
>>>> 
>>>> 
>>>> Please refer to 
>>>> https://www.ietf.org/iesg/statement/discuss-criteria.html for
>>>> more information about IESG DISCUSS and COMMENT positions.
>>>> 
>>>> 
>>>> The document, along with other ballot positions, can be found 
>>>> here: https://datatracker.ietf.org/doc/draft-ietf-pcp-proxy/
>>>> 
>>>> 
>>>> 
>>>> ----------------------------------------------------------------------
>>>>
>>>>
>>
>>>> 
DISCUSS:
>>>> ----------------------------------------------------------------------
>>>>
>>>>
>>>>
>>>>
>>
>>>> 
I have one thing I'd like to check. Maybe this just works fine,
>>>> but how does this function work with PCP authentication?  E.g.
>>>> in Figure 1, is the left-most client authenticating to the
>>>> middle or rightmost server? I think I could imagine either
>>>> answer being desirable and don't see a way that both could be
>>>> supported.
>>>> 
>>>> 
>>>> 
>>>> 
>>>> _______________________________________________ pcp mailing
>>>> list pcp@ietf.org https://www.ietf.org/mailman/listinfo/pcp

v2.23.0 | Report a Bug | By Email