Re: [pcp] CONSENSUS CALL on PCP security
Alper Yegin <alper.yegin@yegin.org> Tue, 16 July 2013 20:01 UTC
Return-Path: <alper.yegin@yegin.org>
X-Original-To: pcp@ietfa.amsl.com
Delivered-To: pcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A130A21F9DCF for <pcp@ietfa.amsl.com>; Tue, 16 Jul 2013 13:01:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.45
X-Spam-Level:
X-Spam-Status: No, score=-102.45 tagged_above=-999 required=5 tests=[AWL=0.149, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vMN4JQzP9ssx for <pcp@ietfa.amsl.com>; Tue, 16 Jul 2013 13:01:19 -0700 (PDT)
Received: from mout.perfora.net (mout.perfora.net [74.208.4.195]) by ietfa.amsl.com (Postfix) with ESMTP id 9512221F9D66 for <pcp@ietf.org>; Tue, 16 Jul 2013 13:01:18 -0700 (PDT)
Received: from [192.168.2.49] (88.247.135.202.static.ttnet.com.tr [88.247.135.202]) by mrelay.perfora.net (node=mrus4) with ESMTP (Nemesis) id 0M4nkT-1UDZ6508yr-00zMrz; Tue, 16 Jul 2013 16:01:09 -0400
Mime-Version: 1.0 (Apple Message framework v1283)
Content-Type: text/plain; charset="us-ascii"
From: Alper Yegin <alper.yegin@yegin.org>
In-Reply-To: <a9f43a37e6fb4a11a05a66fb75182604@BY2PR03MB269.namprd03.prod.outlook.com>
Date: Tue, 16 Jul 2013 23:01:07 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <1A7721F2-825C-412C-A0A8-A7D0A149E3FC@yegin.org>
References: <c91bb8469abe4b079e46454e022546e6@BY2PR03MB269.namprd03.prod.outlook.com> <913383AAA69FF945B8F946018B75898A14B9AE60@xmb-rcd-x10.cisco.com> <a9f43a37e6fb4a11a05a66fb75182604@BY2PR03MB269.namprd03.prod.outlook.com>
To: Dave Thaler <dthaler@microsoft.com>
X-Mailer: Apple Mail (2.1283)
X-Provags-ID: V02:K0:PhmWdz3SYRL4aFLJ7/KBg8t3SGjJqwZe+BAieFToYPH 9MYptuLmAfxH1DZYCIT/UQTR2HDF5rxm+lSe58e9PDIVrIUT0f yeBn3YB+AGMcHUK9WN8WIPdVS9mOTd3KNh1pzwdW7FBRVp12cI yGjfsiJtqw7Lt37a38GtF4Qq+W2A+gf21XoeJjl+Gb4FIgEhyQ T9x6vhiAYC9L+UNNrIbKR4HSB4Bnpkls4NRY4hhom8D1t7DaFm prUBOjhen/sUs7z2f+0j6WZXKr85gyQIoqhE1hAy5jobw8jGZp sLmXZ0DyFh1Uig9nVJhMb0G0bvkMOl55KZ6Q56SCCMAq2dYQLm jxUzpwKe4mVw2DwUUAilxdfPzf8MQUxgI7gpe7SaIkfjeKJgJN 6QUhWqoRbdL1g==
Cc: "pcp@ietf.org" <pcp@ietf.org>, "Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com>
Subject: Re: [pcp] CONSENSUS CALL on PCP security
X-BeenThere: pcp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: PCP wg discussion list <pcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pcp>, <mailto:pcp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pcp>
List-Post: <mailto:pcp@ietf.org>
List-Help: <mailto:pcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pcp>, <mailto:pcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Jul 2013 20:01:23 -0000
Dave, Last time we conducted this polling, the two pana-based solutions were asked separately. Based on the discussions and the result of the poll, I realized some people preferred one PANA solution over the other, with possibly varying preference with respect to the EAP-o-PCP solution. Bundling them up as one option is not a good idea. So, I suggest we pose them as separate questions (like we did last time). After all, they are technically different. One other thing: I'm not sure if enough thought went into the PCP Proxy security. As much as I'd love to be DONE! with this discussion, I also want to make sure people feel comfortable having thought all aspects around the proxy use. For (very important) example, what kind of security associations are needed for securing the proxy use: An SA btw client and server, an SA btw client and proxy, an SA btw proxy and server -- which combinations of these are needed? Then we need to talk about how we dynamically create those using any one of these solutions. Alper On Jul 16, 2013, at 7:50 PM, Dave Thaler wrote: >> -----Original Message----- >> From: Tirumaleswar Reddy (tireddy) [mailto:tireddy@cisco.com] >> Sent: Monday, July 15, 2013 10:51 PM >> To: Dave Thaler; pcp@ietf.org >> Subject: RE: [pcp] CONSENSUS CALL on PCP security >> >> Hi Dave, >> >> In the poll when you refer to PANA, please clarify the draft you are referring >> to http://tools.ietf.org/html/draft-ohba-pcp-pana-04 or >> http://tools.ietf.org/html/draft-ohba-pcp-pana-encap-01 ? >> >> --Tiru. > > The question is intentionally agnostic as this is about a general approach, > not which specific implementation. If it helps, you can interpret the > answer as "which of the two you think is better". > > If the consensus is PANA rather than direct EAP-in-PCP, then we could > ask as a follow-up question which of the two we should go with. If > you'd like to include your answer to that now though, feel free to > include that in your response to the call. > > -Dave > > > > _______________________________________________ > pcp mailing list > pcp@ietf.org > https://www.ietf.org/mailman/listinfo/pcp
- [pcp] CONSENSUS CALL on PCP security Dave Thaler
- Re: [pcp] CONSENSUS CALL on PCP security Tirumaleswar Reddy (tireddy)
- Re: [pcp] CONSENSUS CALL on PCP security yoshihiro.ohba
- Re: [pcp] CONSENSUS CALL on PCP security Alper Yegin
- Re: [pcp] CONSENSUS CALL on PCP security yoshihiro.ohba
- Re: [pcp] CONSENSUS CALL on PCP security Alper Yegin
- Re: [pcp] CONSENSUS CALL on PCP security Dave Thaler
- Re: [pcp] CONSENSUS CALL on PCP security Tirumaleswar Reddy (tireddy)
- Re: [pcp] CONSENSUS CALL on PCP security Alper Yegin
- Re: [pcp] CONSENSUS CALL on PCP security Prashanth Patil (praspati)
- [pcp] REQ-14 in PCP Authentication Requirements Tirumaleswar Reddy (tireddy)
- [pcp] Proxy security (was Re: CONSENSUS CALL on P… Alper Yegin
- Re: [pcp] Proxy security (was Re: CONSENSUS CALL … Tirumaleswar Reddy (tireddy)
- Re: [pcp] Proxy security (was Re: CONSENSUS CALL … Prashanth Patil (praspati)
- Re: [pcp] Proxy security (was Re: CONSENSUS CALL … Alper Yegin
- Re: [pcp] Proxy security (was Re: CONSENSUS CALL … Prashanth Patil (praspati)
- Re: [pcp] Proxy security (was Re: CONSENSUS CALL … Alper Yegin
- Re: [pcp] Proxy security (was Re: CONSENSUS CALL … Dan Wing
- Re: [pcp] CONSENSUS CALL on PCP security Ben McCann
- Re: [pcp] Proxy security (was Re: CONSENSUS CALL … Tirumaleswar Reddy (tireddy)
- Re: [pcp] Proxy security (was Re: CONSENSUS CALL … Alper Yegin
- [pcp] PANA misconceptions (was Re: CONSENSUS CALL… Alper Yegin
- Re: [pcp] PANA misconceptions (was Re: CONSENSUS … Rafa Marin Lopez
- Re: [pcp] Proxy security (was Re: CONSENSUS CALL … Tirumaleswar Reddy (tireddy)
- Re: [pcp] Proxy security (was Re: CONSENSUS CALL … yoshihiro.ohba
- Re: [pcp] Proxy security (was Re: CONSENSUS CALL … Alper Yegin
- Re: [pcp] Proxy security (was Re: CONSENSUS CALL … Prashanth Patil (praspati)
- Re: [pcp] Proxy security (was Re: CONSENSUS CALL … yoshihiro.ohba
- Re: [pcp] Proxy security (was Re: CONSENSUS CALL … Tirumaleswar Reddy (tireddy)
- Re: [pcp] Proxy security (was Re: CONSENSUS CALL … Prashanth Patil (praspati)
- Re: [pcp] PANA misconceptions (was Re: CONSENSUS … Ben McCann
- Re: [pcp] Proxy security (was Re: CONSENSUS CALL … yoshihiro.ohba
- Re: [pcp] PANA misconceptions (was Re: CONSENSUS … Rafa Marin Lopez
- Re: [pcp] PANA misconceptions (was Re: CONSENSUS … Ben McCann
- Re: [pcp] Proxy security (was Re: CONSENSUS CALL … Dan Wing
- Re: [pcp] Proxy security (was Re: CONSENSUS CALL … Alper Yegin
- Re: [pcp] Proxy security (was Re: CONSENSUS CALL … Prashanth Patil (praspati)
- Re: [pcp] PANA misconceptions (was Re: CONSENSUS … Alper Yegin
- Re: [pcp] PANA misconceptions (was Re: CONSENSUS … Alper Yegin
- Re: [pcp] PANA misconceptions (was Re: CONSENSUS … Prashanth Patil (praspati)
- Re: [pcp] REQ-14 in PCP Authentication Requiremen… Alper Yegin
- Re: [pcp] Proxy security (was Re: CONSENSUS CALL … yoshihiro.ohba
- Re: [pcp] PANA misconceptions (was Re: CONSENSUS … Rafa Marin Lopez
- Re: [pcp] CONSENSUS CALL on PCP security Tina TSOU
- Re: [pcp] CONSENSUS CALL on PCP security Martija, Ricardo V
- Re: [pcp] CONSENSUS CALL on PCP security Dave Thaler
- Re: [pcp] CONSENSUS CALL on PCP security Margaret Wasserman
- Re: [pcp] CONSENSUS CALL on PCP security Stuart Cheshire
- Re: [pcp] CONSENSUS CALL on PCP security yoshihiro.ohba
- Re: [pcp] CONSENSUS CALL on PCP security Subir Das
- Re: [pcp] CONSENSUS CALL on PCP security Ted Lemon
- Re: [pcp] CONSENSUS CALL on PCP security Alper Yegin
- Re: [pcp] CONSENSUS CALL on PCP security Rafa Marin Lopez
- Re: [pcp] CONSENSUS CALL on PCP security yoshihiro.ohba
- Re: [pcp] CONSENSUS CALL on PCP security Pedro Moreno Sánchez
- Re: [pcp] CONSENSUS CALL on PCP security Ted Lemon
- Re: [pcp] CONSENSUS CALL on PCP security Ted Lemon
- Re: [pcp] CONSENSUS CALL on PCP security Alan DeKok
- Re: [pcp] CONSENSUS CALL on PCP security Alan DeKok
- Re: [pcp] CONSENSUS CALL on PCP security Alan DeKok
- Re: [pcp] CONSENSUS CALL on PCP security Dacheng Zhang
- Re: [pcp] CONSENSUS CALL on PCP security Alper Yegin
- Re: [pcp] CONSENSUS CALL on PCP security Alper Yegin
- Re: [pcp] CONSENSUS CALL on PCP security Alper Yegin
- Re: [pcp] CONSENSUS CALL on PCP security Ted Lemon
- Re: [pcp] CONSENSUS CALL on PCP security Alper Yegin
- Re: [pcp] CONSENSUS CALL on PCP security Margaret Wasserman
- Re: [pcp] CONSENSUS CALL on PCP security Margaret Wasserman
- Re: [pcp] CONSENSUS CALL on PCP security Tassos Chatzithomaoglou
- Re: [pcp] CONSENSUS CALL on PCP security Subir Das
- Re: [pcp] CONSENSUS CALL on PCP security yoshihiro.ohba
- Re: [pcp] CONSENSUS CALL on PCP security Alan DeKok
- Re: [pcp] CONSENSUS CALL on PCP security Alper Yegin
- Re: [pcp] CONSENSUS CALL on PCP security Alper Yegin
- Re: [pcp] CONSENSUS CALL on PCP security Alan DeKok
- Re: [pcp] CONSENSUS CALL on PCP security Alan DeKok
- Re: [pcp] CONSENSUS CALL on PCP security Margaret Wasserman
- Re: [pcp] CONSENSUS CALL on PCP security Margaret Wasserman
- Re: [pcp] CONSENSUS CALL on PCP security Subir Das
- Re: [pcp] CONSENSUS CALL on PCP security Margaret Wasserman
- Re: [pcp] CONSENSUS CALL on PCP security Pedro Moreno Sánchez
- Re: [pcp] CONSENSUS CALL on PCP security Alper Yegin
- Re: [pcp] CONSENSUS CALL on PCP security Alper Yegin
- Re: [pcp] CONSENSUS CALL on PCP security Margaret Wasserman
- Re: [pcp] CONSENSUS CALL on PCP security Tassos Chatzithomaoglou
- Re: [pcp] CONSENSUS CALL on PCP security Alper Yegin
- Re: [pcp] CONSENSUS CALL on PCP security Dave Thaler
- Re: [pcp] CONSENSUS CALL on PCP security Tassos Chatzithomaoglou
- Re: [pcp] CONSENSUS CALL on PCP security Alper Yegin
- Re: [pcp] CONSENSUS CALL on PCP security Alper Yegin
- Re: [pcp] CONSENSUS CALL on PCP security Margaret Wasserman
- Re: [pcp] PANA misconceptions (was Re: CONSENSUS … Ben McCann
- Re: [pcp] PANA misconceptions (was Re: CONSENSUS … yoshihiro.ohba