IETF Logo Mail Archive

Re: [pcp] Side-by-side or nested protocols (was Re: PANA implementatinos to consider)

Yoshihiro Ohba <yoshihiro.ohba@toshiba.co.jp> Wed, 19 September 2012 14:46 UTC

Return-Path: <yoshihiro.ohba@toshiba.co.jp>
X-Original-To: pcp@ietfa.amsl.com
Delivered-To: pcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 890E021F8688 for <pcp@ietfa.amsl.com>; Wed, 19 Sep 2012 07:46:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.171
X-Spam-Level:
X-Spam-Status: No, score=-5.171 tagged_above=-999 required=5 tests=[AWL=-1.082, BAYES_00=-2.599, HELO_EQ_JP=1.244, HOST_EQ_JP=1.265, RCVD_IN_DNSWL_MED=-4, UNPARSEABLE_RELAY=0.001]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dXeDG7aK5M55 for <pcp@ietfa.amsl.com>; Wed, 19 Sep 2012 07:46:47 -0700 (PDT)
Received: from imx2.toshiba.co.jp (inet-tsb5.toshiba.co.jp [202.33.96.24]) by ietfa.amsl.com (Postfix) with ESMTP id 6ADE921F8658 for <pcp@ietf.org>; Wed, 19 Sep 2012 07:46:47 -0700 (PDT)
Received: from arc1.toshiba.co.jp ([133.199.194.235]) by imx2.toshiba.co.jp with ESMTP id q8JEkklT017277 for <pcp@ietf.org>; Wed, 19 Sep 2012 23:46:46 +0900 (JST)
Received: (from root@localhost) by arc1.toshiba.co.jp id q8JEkkOU001473 for pcp@ietf.org; Wed, 19 Sep 2012 23:46:46 +0900 (JST)
Received: from unknown [133.199.192.144] by arc1.toshiba.co.jp with ESMTP id ZAA01472; Wed, 19 Sep 2012 23:46:46 +0900
Received: from mx.toshiba.co.jp (localhost [127.0.0.1]) by ovp2.toshiba.co.jp with ESMTP id q8JEkkge024340 for <pcp@ietf.org>; Wed, 19 Sep 2012 23:46:46 +0900 (JST)
Received: from tsbpoa.po.toshiba.co.jp by toshiba.co.jp id q8JEkkU8007738; Wed, 19 Sep 2012 23:46:46 +0900 (JST)
Received: from [133.199.17.204] by mail.po.toshiba.co.jp (Sun Java System Messaging Server 6.1 HotFix 0.05 (built Oct 21 2004)) with ESMTPA id <0MAL001ENQDXZ410@mail.po.toshiba.co.jp> for pcp@ietf.org; Wed, 19 Sep 2012 23:46:45 +0900 (JST)
Date: Wed, 19 Sep 2012 23:46:47 +0900
From: Yoshihiro Ohba <yoshihiro.ohba@toshiba.co.jp>
In-reply-to: <CC7EFDEF.A52D%repenno@cisco.com>
To: pcp@ietf.org
Message-id: <5059DAD7.2030507@toshiba.co.jp>
MIME-version: 1.0
Content-type: text/plain; charset="ISO-2022-JP"
Content-transfer-encoding: 7bit
References: <CC7EFDEF.A52D%repenno@cisco.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:14.0) Gecko/20120713 Thunderbird/14.0
Subject: Re: [pcp] Side-by-side or nested protocols (was Re: PANA implementatinos to consider)
X-BeenThere: pcp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: PCP wg discussion list <pcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pcp>, <mailto:pcp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pcp>
List-Post: <mailto:pcp@ietf.org>
List-Help: <mailto:pcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pcp>, <mailto:pcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Sep 2012 14:46:48 -0000

(2012/09/19 21:03), Reinaldo Penno (repenno) wrote:
(snip)
>>
>> Even binary re-use is a possibility, like Yoshi explained, and also
>> considering the possibility of integrated gateways.
> 
> 
> Like getting PANA binary from Zigbee and running on a CGN, CPE/High end
> Firewall running on a different NPU type without rewriting almost from
> scratch, recompilation, integration with CLI, debug, etc ? Please excuse
> my skepticism when I doubt this. But to be fair, please point me to your
> best candidate for this reuse and I will see if we can look into it if WG
> thinks it will help the process.

I suggest taking a look at the open source implementations that I
pointed and Sam analyzed, and send comments to this list as Sam did.
You would have some points, and your comments will be valuable to
improve the quality of the open source implementations,

Yoshihiro Ohba

> 
> 
>>
>>
>>> [For those unfamiliar with Zigbee SEP 2.0, it is one of the standards
>>> (the only IP-based one, I think) proposed for use in the Smart Grid,
>>> specifically for appliances, sensors and other embedded devices to
>>> integrate with a home energy management system (EMS) and/or electric
>>> meter (Smart Meter) on the in-home side of the Smart Energy universe.
>>> Implementations of SEP 2.0 are most often provided in ASICs, for
>>> integration into embedded devices with very limited system requirements.
>>> These devices run on a dedicated Zigbee networks within the home, and
>>> do not generally communicate outside the home, at all.]
>>>
>>>> Yes, it could be tricky, if we had a funky relationship between the
>>>> two protocols. But in this case, it's a clean separation. PCP needs
>>>> keys to run, it triggers PANA to generate the keys, PANA does its job
>>>> and gives back the keys, PCP runs with the keys. This is how separate
>>>> "key management" works. Natural fit.
>>>
>>> The success case in the side-by-side approach appears to work very
>>> smoothly, it is the error cases that I am more concerned about.
>>
>> Which specific error cases? You raised one about auth capability mismatch
>> and I already responded to that.
>>
>>
>>> Also, you haven't explained how you would deal with all of the things
>>> you list below...  If PCP has a simple request/response API with PANA,
>>> how are things like "asynchronous requests" handled in that model?  What
>>> is an "asynchronous request" in this context and when/why would it
>>> happen, BTW?  I understand that, in PANA, it is possible for network
>>> access to be renegotiated, or for Ip addresses to be reallocated.  There
>>> is no equivalent notion in PCP, though.
>>>
>>
>> EAP re-authentication can be initiated by either party at any time. We
>> need to support that.
>>
>>>> But, if we embed one protocol inside the other, then you have to
>>>> combine the state machines. And that combining is not a simple jump
>>>> back and forth like in the above case. More specifically, within the
>>>> PCP state machine, now you have to account for server-side
>>>> retransmissions, server-side asynchronous requests, etc.
>>>
>>> You keep claiming that there will be problems with "combining the state
>>> machines" of PCP and PANA in the encapsulation case that aren't there in
>>> the side-by-side case, but I'm still not sure what you mean by this.
>>> Could you give a concrete example?
>>
>> Please see my email with EAP-over-PCP subject line. As you see, the state
>> machines and flows of PCP and EAP-over-PCP are not compatible. If you try
>> to fit the latter into the former, it won't work -- incompatible. Exact
>> same issue with EAP-over-DHCP. I (naively?) assumed you'd not want to
>> impact the PCP design hence this compatibility issue is a problem.
>>
>>
>>>
>>>>> PCP is capable of sending unsolicited messages (both multicast and
>>>>> unicast). So, we are good here.
>>>>
>>>> You are referring to "announcements" right?
>>>> They are one-way notifications.
>>>> What you need is a server-initiated, multi-round-trip req/rsp
>>>> exchanges -- to have a working EAP lower-layer.
>>>
>>> How do we get this in a model that you have described as:  "PCP needs
>>> keys to run, it triggers PANA to generate the keys, PANA does its job
>>> and gives back the keys, PCP runs with the keys. "  Won't this notion
>>> (of server-initiated messages) need to be integrated into the API
>>> between PCP and PANA somehow?  When would these messages ever happen in
>>> the PCP context?
>>>
>>
>> Whether the client-side or the server-side initiated the re-auth,
>> EAP/PANA is executed and new security association is generated. The new
>> parameters are stored in the data structures where the PCP client picks
>> them up next time it needs to send a request.
>>
>> Alper
>>
>>
>>
>>
>>
>>> Margaret
>>>
>>>
>>
> 
> _______________________________________________
> pcp mailing list
> pcp@ietf.org
> https://www.ietf.org/mailman/listinfo/pcp
>

v2.23.0 | Report a Bug | By Email