Re: [pcp] PANA implementatinos to consider
Margaret Wasserman <margaretw42@gmail.com> Fri, 14 September 2012 14:54 UTC
Return-Path: <margaretw42@gmail.com>
X-Original-To: pcp@ietfa.amsl.com
Delivered-To: pcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E84B421F851A for <pcp@ietfa.amsl.com>; Fri, 14 Sep 2012 07:54:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eLKYoNvQqeVE for <pcp@ietfa.amsl.com>; Fri, 14 Sep 2012 07:54:21 -0700 (PDT)
Received: from mail-qa0-f44.google.com (mail-qa0-f44.google.com [209.85.216.44]) by ietfa.amsl.com (Postfix) with ESMTP id 5E36D21F84A5 for <pcp@ietf.org>; Fri, 14 Sep 2012 07:54:21 -0700 (PDT)
Received: by qafi29 with SMTP id i29so4380560qaf.10 for <pcp@ietf.org>; Fri, 14 Sep 2012 07:54:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:mime-version:content-type:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to:x-mailer; bh=epQjM/MXldzLxxFaguffiPuXXM8UY2XZZ2AmNT7Kk7w=; b=fzeHujzCx8j0TAlKMHb04UEpXOFEqiXfzop12yVPjS4erkcNOKSBAoaqr9zAsj0yfl 1ixTKpno7Ut2oBYobBTYC1jSQ2Bg9gX+TvFF4Gh7Lo+CXQSE7/VxFxSrP2iDegW8BrHT tZcy2E5Pkgp08YHsbSJyw/+rOjNtRvzxuD70RdltStEPEx3hfDrtUgwrR1/mfJZ3noHT epkWspcwN8Vt11GK+RYOZv6ir9IaanOWez9Tf8ZINAclMrcHlodpxKtZuhcfRriAoOs9 XlFV7ypJ1ms2mW12xLsEVfC4VOf2jFDraw/d4OJ6p+hk9tr2K5sNwwT4Zu6za4KGeXTs uztg==
Received: by 10.224.221.206 with SMTP id id14mr7710503qab.66.1347634460839; Fri, 14 Sep 2012 07:54:20 -0700 (PDT)
Received: from lilac-too.home (pool-71-184-79-25.bstnma.fios.verizon.net. [71.184.79.25]) by mx.google.com with ESMTPS id y18sm2683908qaa.15.2012.09.14.07.54.16 (version=SSLv3 cipher=OTHER); Fri, 14 Sep 2012 07:54:18 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset="us-ascii"
From: Margaret Wasserman <margaretw42@gmail.com>
In-Reply-To: <6657E02B-2D08-40BE-A567-F8AB976F2741@yegin.org>
Date: Fri, 14 Sep 2012 10:54:15 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <6F4080C4-A6E2-4FC0-9D3E-61992E86C22F@gmail.com>
References: <0MZjvC-1SyMXc0ZaA-00Lf23@mx.perfora.net> <F621C78A-2005-46E4-969C-DF25495A735A@yegin.org> <B860EA81-0451-4F26-BF46-382176DC9103@lilacglade.org> <6657E02B-2D08-40BE-A567-F8AB976F2741@yegin.org>
To: Alper Yegin <alper.yegin@yegin.org>
X-Mailer: Apple Mail (2.1084)
Cc: pcp@ietf.org
Subject: Re: [pcp] PANA implementatinos to consider
X-BeenThere: pcp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: PCP wg discussion list <pcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pcp>, <mailto:pcp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pcp>
List-Post: <mailto:pcp@ietf.org>
List-Help: <mailto:pcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pcp>, <mailto:pcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Sep 2012 14:54:22 -0000
On Sep 14, 2012, at 9:38 AM, Alper Yegin wrote: >> How does this work in the case where the PCP Server is not running a PANA Server? I _think_ that if a PCP Client asks its PANA Client to perform authentication, and the PCP Server does support authentication, some sort of "unsupported version" error code will be returned to the _PCP Client_ (due to the details of your proposed demultiplexing scheme), and that nothing will be returned to the PANA Client, at all. We would need to make sure that secure PCP clients are specified to handle an "unsupported version" error differently when the PANA Client is in this particular state, but how does the PCP Client know that this is why that error was returned? If this does happen, how does the PCP client inform the PANA Client that it should stop trying to perform authentication with that particular PCP Server? >> > > I'd like to first understand how the client-side decides when to use authentication, and when not to? > Can you, or someone, explain that? Once I understand the scenarios we are trying to cover, I can come back and answer your question. There are two cases we have considered where PCP clients may send authenticated PCP requests: (1) Cases where the client sends an unauthenticated request and is told that authentication is required, so it retries with an authenticated request. (2) Cases where the client initially attempts to send an authenticated request. In the first case, the PCP Server will (we hope :-)) not return the "authentication required" error if it doesn't actually support authentication. But, in the second case, a client may try to send an authenticated request to a PCP Server that does not support authentication. Obviously, an error will result, be we want to be certain that the error can be properly detected and returned to the user, so that the user can understand what went wrong. Margaret
- Re: [pcp] PANA implementatinos to consider Yoshihiro Ohba
- Re: [pcp] PANA implementatinos to consider Reinaldo Penno (repenno)
- Re: [pcp] Side-by-side or nested protocols (was R… Yoshihiro Ohba
- Re: [pcp] PANA implementatinos to consider Dan Wing
- Re: [pcp] PANA implementatinos to consider Hannes Tschofenig
- Re: [pcp] PANA implementatinos to consider Sam Hartman
- Re: [pcp] PANA implementatinos to consider Hannes Tschofenig
- Re: [pcp] PANA implementatinos to consider Hannes Tschofenig
- Re: [pcp] PANA implementatinos to consider Alper Yegin
- Re: [pcp] PANA implementatinos to consider Margaret Wasserman
- Re: [pcp] PANA implementatinos to consider Margaret Wasserman
- Re: [pcp] PANA implementatinos to consider Margaret Wasserman
- Re: [pcp] PANA implementatinos to consider Yoshihiro Ohba
- Re: [pcp] PANA implementatinos to consider Alper Yegin
- Re: [pcp] PANA implementatinos to consider Margaret Wasserman
- Re: [pcp] PANA implementatinos to consider Henderickx, Wim (Wim)
- Re: [pcp] PANA implementatinos to consider Yoshihiro Ohba
- Re: [pcp] PANA implementatinos to consider Margaret Wasserman
- Re: [pcp] PANA implementatinos to consider Margaret Wasserman
- [pcp] Authentication scenarios (was Re: PANA impl… Alper Yegin
- [pcp] Side-by-side or nested protocols (was Re: P… Alper Yegin
- Re: [pcp] Side-by-side or nested protocols (was R… Henderickx, Wim (Wim)
- Re: [pcp] Authentication scenarios (was Re: PANA … Margaret Wasserman
- Re: [pcp] Side-by-side or nested protocols (was R… Alper Yegin
- Re: [pcp] [ Side-by-side or nested protocols Sam Hartman
- Re: [pcp] Authentication scenarios (was Re: PANA … Alper Yegin
- Re: [pcp] Side-by-side or nested protocols (was R… Reinaldo Penno (repenno)
- Re: [pcp] [ Side-by-side or nested protocols Alper Yegin
- Re: [pcp] Side-by-side or nested protocols (was R… Alper Yegin
- [pcp] EAP-over-PCP Alper Yegin
- Re: [pcp] EAP-over-PCP Zhangdacheng (Dacheng)
- Re: [pcp] [ Side-by-side or nested protocols Margaret Wasserman
- Re: [pcp] Side-by-side or nested protocols (was R… Margaret Wasserman
- Re: [pcp] Side-by-side or nested protocols Sam Hartman
- Re: [pcp] EAP-over-PCP Margaret Wasserman
- [pcp] EAP-over-PCP Sam Hartman
- Re: [pcp] Side-by-side or nested protocols (was R… Yoshihiro Ohba
- Re: [pcp] EAP-over-PCP Alper Yegin
- Re: [pcp] EAP-over-PCP Alper Yegin
- Re: [pcp] Side-by-side or nested protocols (was R… Alper Yegin
- Re: [pcp] EAP-over-PCP Margaret Wasserman
- Re: [pcp] Side-by-side or nested protocols (was R… Reinaldo Penno (repenno)
- Re: [pcp] EAP-over-PCP Sam Hartman
- Re: [pcp] Side-by-side or nested protocols (was R… Yoshihiro Ohba
- Re: [pcp] Side-by-side or nested protocols (was R… Alper Yegin
- Re: [pcp] EAP-over-PCP Alper Yegin
- Re: [pcp] EAP-over-PCP Alper Yegin
- Re: [pcp] EAP-over-PCP Margaret Wasserman
- Re: [pcp] EAP-over-PCP Margaret Wasserman
- Re: [pcp] EAP-over-PCP Alper Yegin
- [pcp] EAP retransmits and re-authentication Sam Hartman
- [pcp] gss-eap Alper Yegin
- Re: [pcp] EAP retransmits and re-authentication Yoshihiro Ohba
- Re: [pcp] EAP retransmits and re-authentication Sam Hartman
- Re: [pcp] EAP retransmits and re-authentication Yoshihiro Ohba
- Re: [pcp] EAP retransmits and re-authentication Sam Hartman
- Re: [pcp] EAP retransmits and re-authentication Margaret Wasserman
- Re: [pcp] EAP retransmits and re-authentication Yoshihiro Ohba
- Re: [pcp] EAP retransmits and re-authentication Sam Hartman
- Re: [pcp] EAP retransmits and re-authentication Yoshihiro Ohba
- Re: [pcp] EAP retransmits and re-authentication Alper Yegin
- Re: [pcp] gss-eap & client-side rexmit only Alper Yegin
- Re: [pcp] gss-eap & client-side rexmit only Margaret Wasserman
- Re: [pcp] gss-eap & client-side rexmit only Sam Hartman
- Re: [pcp] gss-eap & client-side rexmit only Yoshihiro Ohba
- Re: [pcp] gss-eap & client-side rexmit only Alper Yegin