IETF Logo Mail Archive

Re: [pcp] Comparison of PCP authentication

Yoshihiro Ohba <yoshihiro.ohba@toshiba.co.jp> Thu, 16 August 2012 03:41 UTC

Return-Path: <yoshihiro.ohba@toshiba.co.jp>
X-Original-To: pcp@ietfa.amsl.com
Delivered-To: pcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B621A11E80EC for <pcp@ietfa.amsl.com>; Wed, 15 Aug 2012 20:41:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.624
X-Spam-Level:
X-Spam-Status: No, score=-3.624 tagged_above=-999 required=5 tests=[AWL=0.465, BAYES_00=-2.599, HELO_EQ_JP=1.244, HOST_EQ_JP=1.265, RCVD_IN_DNSWL_MED=-4, UNPARSEABLE_RELAY=0.001]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JsmyQCBuXd3f for <pcp@ietfa.amsl.com>; Wed, 15 Aug 2012 20:41:41 -0700 (PDT)
Received: from imx2.toshiba.co.jp (inet-tsb5.toshiba.co.jp [202.33.96.24]) by ietfa.amsl.com (Postfix) with ESMTP id B876D11E80E7 for <pcp@ietf.org>; Wed, 15 Aug 2012 20:41:37 -0700 (PDT)
Received: from arc1.toshiba.co.jp ([133.199.194.235]) by imx2.toshiba.co.jp with ESMTP id q7G3faqL016465 for <pcp@ietf.org>; Thu, 16 Aug 2012 12:41:36 +0900 (JST)
Received: (from root@localhost) by arc1.toshiba.co.jp id q7G3fZdT021000 for pcp@ietf.org; Thu, 16 Aug 2012 12:41:35 +0900 (JST)
Received: from unknown [133.199.192.144] by arc1.toshiba.co.jp with ESMTP id NAA20996; Thu, 16 Aug 2012 12:41:35 +0900
Received: from mx.toshiba.co.jp (localhost [127.0.0.1]) by ovp2.toshiba.co.jp with ESMTP id q7G3fZZ7004611 for <pcp@ietf.org>; Thu, 16 Aug 2012 12:41:35 +0900 (JST)
Received: from tsbpoa.po.toshiba.co.jp by toshiba.co.jp id q7G3fZQ7022307; Thu, 16 Aug 2012 12:41:35 +0900 (JST)
Received: from [133.196.20.119] by mail.po.toshiba.co.jp (Sun Java System Messaging Server 6.1 HotFix 0.05 (built Oct 21 2004)) with ESMTPA id <0M8T008MSWXBK140@mail.po.toshiba.co.jp> for pcp@ietf.org; Thu, 16 Aug 2012 12:41:35 +0900 (JST)
Date: Thu, 16 Aug 2012 12:41:36 +0900
From: Yoshihiro Ohba <yoshihiro.ohba@toshiba.co.jp>
In-reply-to: <C72CBD9FE3CA604887B1B3F1D145D05E2CE756EE@szxeml528-mbs.china.huawei.com>
To: pcp@ietf.org
Message-id: <502C6BF0.3030400@toshiba.co.jp>
MIME-version: 1.0
Content-type: text/plain; charset="ISO-2022-JP"
Content-transfer-encoding: 7bit
References: <9B57C850BB53634CACEC56EF4853FF653B6EC381@TK5EX14MBXW604.wingroup.windeploy.ntdev.microsoft.com> <7FE144CF-00E3-4451-8CBE-A6A684DB7CC4@yegin.org> <067d01cd73fd$765a6c50$630f44f0$@com> <D6D2DEED-C35A-45AB-8B72-96195C308DB9@yegin.org> <57FF0F8E-1B86-410F-8B6B-C4893A28222F@lilacglade.org> <BB72B80F-0622-4A5B-A985-79D8AED13E0B@apple.com> <003b01cd7587$a111b760$e3352620$@com> <15990E87-2D59-49B1-845C-2A4CB5A1FBD6@lilacglade.org> <008801cd758f$3fd306e0$bf7914a0$@com> <C72CBD9FE3CA604887B1B3F1D145D05E2CE65225@szxeml528-mbx.china.huawei.com> <028801cd75d6$c5765490$5062fdb0$@com> <tsla9y4gptp.fsf@mit.edu> <04c901cd7658$37a740c0$a6f5c240$@com> <tslboikexlv.fsf@mit.edu> <054001cd765d$54c0f3e0$fe42dba0$@com> <0F259BA1-CEFF-4346-AFE5-3D33BB0CF0CC@lilacglade.org> <C72CBD9FE3CA604887B1B3F1D145D05E2CE756EE@szxeml528-mbs.china.huawei.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:14.0) Gecko/20120713 Thunderbird/14.0
Subject: Re: [pcp] Comparison of PCP authentication
X-BeenThere: pcp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: PCP wg discussion list <pcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pcp>, <mailto:pcp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pcp>
List-Post: <mailto:pcp@ietf.org>
List-Help: <mailto:pcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pcp>, <mailto:pcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Aug 2012 03:41:41 -0000

Here is a brief comparison on both PANA-based schemes:

Encapsulation/tunneling approach:
- Pros: No impact on PANA specification
- Cons: Encapsulation overhead

Demultiplexing/port-sharing approach:
- Pros: No encapsulation overhead
- Cons: Impact on PANA specification (an Update of RFC 5191 is needed
on the use of "Reserved" field.)

Hope this helps,
Yoshihiro Ohba

(2012/08/16 11:47), Zhangdacheng (Dacheng) wrote:
> Have we got any conclusions on two approaches?  Or we can just support 
> the two options in the draft for the moment and briefly compare their 
> pros and cons, can we?
> 
> Cheers
> 
> Dcheng
> 
> *From:*pcp-bounces@ietf.org [mailto:pcp-bounces@ietf.org] *On Behalf 
> Of *Margaret Wasserman
> *Sent:* Friday, August 10, 2012 3:21 AM
> *To:* Dan Wing
> *Cc:* pcp@ietf.org
> *Subject:* Re: [pcp] Comparison of PCP authentication
> 
> On Aug 9, 2012, at 2:32 PM, Dan Wing wrote:
> 
>         If I'm updating security policy on a firewall I want to be able to
> 
>         audit whether that actually happened.  That requires
>         authentication.
> 
> 
>     You are saying a PCP client would only want to update firewall
>     policies
>     if the PCP server supports authentication, otherwise it would tell the
>     user that it cannot enable the webcam, Internet-connected NAS,
>     Internet-connected printer, etc.?
> 
> I wont presume to guess what Sam is thinking...
> 
> However, I am thinking that there will be some clients  that are 
> configured to perform authentication for every request.  For example, 
> there is no reason for a PCP proxy, running in an environment where 
> authentication is required to do a THIRD-PARTY request, to perform a 
> useless round-trip for every THIRD-PARTY request it issues.
> 
> Margaret
> 
> 
> 
> _______________________________________________
> pcp mailing list
> pcp@ietf.org
> https://www.ietf.org/mailman/listinfo/pcp
>

v2.23.0 | Report a Bug | By Email