[pcp] Stephen Farrell's Discuss on draft-ietf-pcp-authentication-13: (with DISCUSS and COMMENT)
"Stephen Farrell" <stephen.farrell@cs.tcd.ie> Thu, 09 July 2015 14:48 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: pcp@ietfa.amsl.com
Delivered-To: pcp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 59BD41B2A22; Thu, 9 Jul 2015 07:48:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zKsieNlYrDQ1; Thu, 9 Jul 2015 07:48:06 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 0AF721B2A1F; Thu, 9 Jul 2015 07:48:06 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
To: The IESG <iesg@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.0.4.p3
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <20150709144806.3500.46973.idtracker@ietfa.amsl.com>
Date: Thu, 09 Jul 2015 07:48:06 -0700
Archived-At: <http://mailarchive.ietf.org/arch/msg/pcp/WPEzwcF-blayKmqKHrI5spLLm2w>
Cc: pcp@ietf.org
Subject: [pcp] Stephen Farrell's Discuss on draft-ietf-pcp-authentication-13: (with DISCUSS and COMMENT)
X-BeenThere: pcp@ietf.org
X-Mailman-Version: 2.1.15
List-Id: PCP wg discussion list <pcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pcp>, <mailto:pcp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pcp/>
List-Post: <mailto:pcp@ietf.org>
List-Help: <mailto:pcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pcp>, <mailto:pcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Jul 2015 14:48:07 -0000
Stephen Farrell has entered the following ballot position for draft-ietf-pcp-authentication-13: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-pcp-authentication/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- - Why didn't you choose to encrypt the PCP payloads after you've got a shared secret? ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thanks for getting this done. - How would this work in a home network where the f/w is not managed by the ISP and there'd otherwise be no EAP infrastructure? That could be out-of-scope or require some new/odd EAP implementation and no change to this protocol, and that is probably fine, but I do wonder. - 3.3: Is this really needed? I wonder if we could do without it. The protocol would be simpler if this wasn't needed and simpler == more-secure in general. - 5.11: would s/issued the credentials/issued the EAP credentials that will be used to authenticate the client/ be better? As-is, it's a tiny bit confusing maybe. - 6.2: Maybe this is being overly paranoid, but would it be worth saying that in all failure cases when you say discard the message, you mean to not process it's content? With a very perverse reading of the current text, I might be able to argue that I could process the message content first and only then check the authentication afterwards. Yes, that'd be fairly spectacularly dim, but that kind of thing does sometimes happen. (If there's a better place in the draft to put some text on that, that's just fine.)
- [pcp] Stephen Farrell's Discuss on draft-ietf-pcp… Stephen Farrell