IETF Logo Mail Archive

Re: [pcp] CONSENSUS CALL on PCP security

Alper Yegin <alper.yegin@yegin.org> Tue, 16 July 2013 20:01 UTC

Return-Path: <alper.yegin@yegin.org>
X-Original-To: pcp@ietfa.amsl.com
Delivered-To: pcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A130A21F9DCF for <pcp@ietfa.amsl.com>; Tue, 16 Jul 2013 13:01:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.45
X-Spam-Level:
X-Spam-Status: No, score=-102.45 tagged_above=-999 required=5 tests=[AWL=0.149, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vMN4JQzP9ssx for <pcp@ietfa.amsl.com>; Tue, 16 Jul 2013 13:01:19 -0700 (PDT)
Received: from mout.perfora.net (mout.perfora.net [74.208.4.195]) by ietfa.amsl.com (Postfix) with ESMTP id 9512221F9D66 for <pcp@ietf.org>; Tue, 16 Jul 2013 13:01:18 -0700 (PDT)
Received: from [192.168.2.49] (88.247.135.202.static.ttnet.com.tr [88.247.135.202]) by mrelay.perfora.net (node=mrus4) with ESMTP (Nemesis) id 0M4nkT-1UDZ6508yr-00zMrz; Tue, 16 Jul 2013 16:01:09 -0400
Mime-Version: 1.0 (Apple Message framework v1283)
Content-Type: text/plain; charset="us-ascii"
From: Alper Yegin <alper.yegin@yegin.org>
In-Reply-To: <a9f43a37e6fb4a11a05a66fb75182604@BY2PR03MB269.namprd03.prod.outlook.com>
Date: Tue, 16 Jul 2013 23:01:07 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <1A7721F2-825C-412C-A0A8-A7D0A149E3FC@yegin.org>
References: <c91bb8469abe4b079e46454e022546e6@BY2PR03MB269.namprd03.prod.outlook.com> <913383AAA69FF945B8F946018B75898A14B9AE60@xmb-rcd-x10.cisco.com> <a9f43a37e6fb4a11a05a66fb75182604@BY2PR03MB269.namprd03.prod.outlook.com>
To: Dave Thaler <dthaler@microsoft.com>
X-Mailer: Apple Mail (2.1283)
X-Provags-ID: V02:K0:PhmWdz3SYRL4aFLJ7/KBg8t3SGjJqwZe+BAieFToYPH 9MYptuLmAfxH1DZYCIT/UQTR2HDF5rxm+lSe58e9PDIVrIUT0f yeBn3YB+AGMcHUK9WN8WIPdVS9mOTd3KNh1pzwdW7FBRVp12cI yGjfsiJtqw7Lt37a38GtF4Qq+W2A+gf21XoeJjl+Gb4FIgEhyQ T9x6vhiAYC9L+UNNrIbKR4HSB4Bnpkls4NRY4hhom8D1t7DaFm prUBOjhen/sUs7z2f+0j6WZXKr85gyQIoqhE1hAy5jobw8jGZp sLmXZ0DyFh1Uig9nVJhMb0G0bvkMOl55KZ6Q56SCCMAq2dYQLm jxUzpwKe4mVw2DwUUAilxdfPzf8MQUxgI7gpe7SaIkfjeKJgJN 6QUhWqoRbdL1g==
Cc: "pcp@ietf.org" <pcp@ietf.org>, "Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com>
Subject: Re: [pcp] CONSENSUS CALL on PCP security
X-BeenThere: pcp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: PCP wg discussion list <pcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pcp>, <mailto:pcp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pcp>
List-Post: <mailto:pcp@ietf.org>
List-Help: <mailto:pcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pcp>, <mailto:pcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Jul 2013 20:01:23 -0000

Dave,

Last time we conducted this polling, the two pana-based solutions were asked separately.
Based on the discussions and the result of the poll, I realized some people preferred one PANA solution over the other, with possibly varying preference with respect to the EAP-o-PCP solution.
Bundling them up as one option is not a good idea.
So, I suggest we pose them as separate questions (like we did last time). After all, they are technically different.

One other thing: 

I'm not sure if enough thought went into the PCP Proxy security. As much as I'd love to be DONE! with this discussion, I also want to make sure people feel comfortable having thought all aspects around the proxy use. For (very important) example, what kind of security associations are needed for securing the proxy use: An SA btw client and server, an SA btw client and proxy, an SA btw proxy and server -- which combinations of these are needed? Then we need to talk about how we dynamically create those using any one of these solutions.

Alper





On Jul 16, 2013, at 7:50 PM, Dave Thaler wrote:

>> -----Original Message-----
>> From: Tirumaleswar Reddy (tireddy) [mailto:tireddy@cisco.com]
>> Sent: Monday, July 15, 2013 10:51 PM
>> To: Dave Thaler; pcp@ietf.org
>> Subject: RE: [pcp] CONSENSUS CALL on PCP security
>> 
>> Hi Dave,
>> 
>> In the poll when you refer to PANA, please clarify the draft you are referring
>> to http://tools.ietf.org/html/draft-ohba-pcp-pana-04 or
>> http://tools.ietf.org/html/draft-ohba-pcp-pana-encap-01 ?
>> 
>> --Tiru.
> 
> The question is intentionally agnostic as this is about a general approach,
> not which specific implementation.  If it helps, you can interpret the
> answer as "which of the two you think is better".
> 
> If the consensus is PANA rather than direct EAP-in-PCP, then we could 
> ask as a follow-up question which of the two we should go with. If
> you'd like to include your answer to that now though, feel free to
> include that in your response to the call.
> 
> -Dave
> 
> 
> 
> _______________________________________________
> pcp mailing list
> pcp@ietf.org
> https://www.ietf.org/mailman/listinfo/pcp

v2.23.0 | Report a Bug | By Email