IETF Logo Mail Archive

Re: [pcp] EAP retransmits and re-authentication

Margaret Wasserman <margaretw42@gmail.com> Thu, 20 September 2012 16:45 UTC

Return-Path: <margaretw42@gmail.com>
X-Original-To: pcp@ietfa.amsl.com
Delivered-To: pcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C7BFB21F87DD for <pcp@ietfa.amsl.com>; Thu, 20 Sep 2012 09:45:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pBxC4raa1N3Q for <pcp@ietfa.amsl.com>; Thu, 20 Sep 2012 09:45:16 -0700 (PDT)
Received: from mail-qc0-f172.google.com (mail-qc0-f172.google.com [209.85.216.172]) by ietfa.amsl.com (Postfix) with ESMTP id 23B3E21F847C for <pcp@ietf.org>; Thu, 20 Sep 2012 09:45:06 -0700 (PDT)
Received: by qcac10 with SMTP id c10so2170748qca.31 for <pcp@ietf.org>; Thu, 20 Sep 2012 09:45:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:mime-version:content-type:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to:x-mailer; bh=FPLWVcOxM8cuICv5D/dCACQCMS3zfg+kWg396hq3y3w=; b=G7KX80duyd4YWbf13Hl+tIiVb1f/YJtXivBRIg6tRnu7us1Qrkp4HJAwyYwsTiYU7E yGEQ/x56AzdBSXO07VMS2eZfxX8fx0ui1RQZC1dnaMHsRvxlOetcHeTxOW5ZMCs5ZH5o tkPuxxeL3IqvSTha0HfWv+sPqKw9FCVqQkGGNVKF+Ywipq5ugo0FwrOuGNMSslUVWY68 oSNF1va5Gm1bF9m/0DAIQIKTDLzicbueZPmZbmxirSNEdbV4AUR+lib0P3Avuz1EJHgx HE2MW0CKeyUY5CSVPzvTXpv6vgEnHF29qVeRCOm2cQ9zxVjq0rtaQPrFqFNKShT2CrpP IA8Q==
Received: by 10.224.222.13 with SMTP id ie13mr5899148qab.69.1348159506381; Thu, 20 Sep 2012 09:45:06 -0700 (PDT)
Received: from lilac-too.home (pool-71-184-79-25.bstnma.fios.verizon.net. [71.184.79.25]) by mx.google.com with ESMTPS id bh14sm8841354qab.2.2012.09.20.09.45.02 (version=SSLv3 cipher=OTHER); Thu, 20 Sep 2012 09:45:03 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset="us-ascii"
From: Margaret Wasserman <margaretw42@gmail.com>
In-Reply-To: <505B4077.3030802@toshiba.co.jp>
Date: Thu, 20 Sep 2012 12:45:01 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <6CDC61E8-2811-4D44-959E-0F01BEA5C7EF@lilacglade.org>
References: <14C7F4F06DB5814AB0DE29716C4F6D6702E12ABC28@FRMRSSXCHMBSB1.dc-m.alcatel-lucent.com> <CB96F2AF-7545-457D-96EB-F78B7666C00C@yegin.org> <tsl1ui0wvmo.fsf_-_@mit.edu> <E91C9554-FBCF-4324-A1BF-5C4D75F5264A@yegin.org> <9A2322BB-699A-4A71-89D5-9E3E48979272@yegin.org> <tslvcfbscqm.fsf_-_@mit.edu> <20FE79EA-9E75-49E7-9854-4AA24314FC7B@yegin.org> <tslipbap18s.fsf@mit.edu> <09E52F80-2292-42CB-9833-957D16DCF2AB@yegin.org> <tsl392clv10.fsf_-_@mit.edu> <505B35E4.5020108@toshiba.co.jp> <tslfw6ciuan.fsf@mit.edu> <505B4077.3030802@toshiba.co.jp>
To: Yoshihiro Ohba <yoshihiro.ohba@toshiba.co.jp>
X-Mailer: Apple Mail (2.1084)
Cc: pcp@ietf.org
Subject: Re: [pcp] EAP retransmits and re-authentication
X-BeenThere: pcp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: PCP wg discussion list <pcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pcp>, <mailto:pcp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pcp>
List-Post: <mailto:pcp@ietf.org>
List-Help: <mailto:pcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pcp>, <mailto:pcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Sep 2012 16:45:18 -0000

On Sep 20, 2012, at 12:12 PM, Yoshihiro Ohba wrote:
>> Actually, I didn't propose a change; I simply pointed out that you can
>> do it either way depending on what is easiest for PCP implementations;
>> we should pick, but what we pick should be based on the needs of the PCP
>> community.
> 
> I would rather consider this as the major disadvantage of tight
> coupling EAP and PCP.  It is much easier to run PANA and PCP
> side-by-side which achieves loose coupling of EAP and PCP.=

The problem is that running PCP and PANA side-by-side doesn't really change anything...

Either we change PCP to have a notion of a "session" that is associated with every mapping, and to understand to understand that external events can cause an asynchronous event of some sort that invalidates all of those mappings, or we don't...

I greatly prefer a model where the a client is authenticated and authorized to create a mapping, at the time that the mapping is created, and there is no presumption that the mapping is tied to any sort of ongoing client authentication/authorization.

Otherwise, I suppose we could _claim_ to support re-authentication, but what does it mean if PANA performs re-authentication and there is no meaningful way to communicate a re-authentication success, or more importantly perhaps, a re-authentication failure to PCP.

How are you imagining this would work in the side-by-side case -- re-authentication occurs, and then what?

Margaret

v2.23.0 | Report a Bug | By Email