IETF Logo Mail Archive

Re: [pcp] About selecting a key management for PCP

"Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com> Thu, 02 August 2012 23:09 UTC

Return-Path: <tireddy@cisco.com>
X-Original-To: pcp@ietfa.amsl.com
Delivered-To: pcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2332111E8185 for <pcp@ietfa.amsl.com>; Thu, 2 Aug 2012 16:09:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6qJc1NfnfsmM for <pcp@ietfa.amsl.com>; Thu, 2 Aug 2012 16:09:45 -0700 (PDT)
Received: from rcdn-iport-7.cisco.com (rcdn-iport-7.cisco.com [173.37.86.78]) by ietfa.amsl.com (Postfix) with ESMTP id 5FF6611E819F for <pcp@ietf.org>; Thu, 2 Aug 2012 16:09:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=tireddy@cisco.com; l=2218; q=dns/txt; s=iport; t=1343948982; x=1345158582; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=zlDJ/PuSK2OtB2Vf0ERGr/3ikwbq41DrdAKRrmdWUgs=; b=Is2CkAVl3GBkuPsscJbsdvZQqPmHxgB5q7llEeAFXx6h890rJnpuSL3m wvoNlDwBnNiXrhOVo4HrwjZUtFRQJz7SXEgQSzzRqDrl75RATOkwRHuV4 FHRYL+0/ufrfv6AwZ42y7W8vswsMiUtUXlicFNB6z+lSVkenAyPx/y7i8 A=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Av8EAMQHG1CtJV2c/2dsb2JhbABFuRuBB4IgAQEBBAEBAQ8BJzQLDAQCAQgRBAEBAQoUCQcnCxQJCAIEAQ0FCBMHh2sLnHqgQgSLSoYkYAOjboFmgl8
X-IronPort-AV: E=Sophos;i="4.77,703,1336348800"; d="scan'208";a="108023637"
Received: from rcdn-core-5.cisco.com ([173.37.93.156]) by rcdn-iport-7.cisco.com with ESMTP; 02 Aug 2012 23:09:42 +0000
Received: from xhc-aln-x06.cisco.com (xhc-aln-x06.cisco.com [173.36.12.80]) by rcdn-core-5.cisco.com (8.14.5/8.14.5) with ESMTP id q72N9fBq005317 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Thu, 2 Aug 2012 23:09:41 GMT
Received: from xmb-rcd-x10.cisco.com ([169.254.15.184]) by xhc-aln-x06.cisco.com ([173.36.12.80]) with mapi id 14.02.0298.004; Thu, 2 Aug 2012 18:09:41 -0500
From: "Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com>
To: Alper Yegin <alper.yegin@yegin.org>, Zhangdacheng <zhangdacheng@huawei.com>
Thread-Topic: [pcp] About selecting a key management for PCP
Thread-Index: AQHNcOC218fvGJ0NYUKgflZIXMWXkZdHIstQ
Date: Thu, 02 Aug 2012 23:09:41 +0000
Message-ID: <913383AAA69FF945B8F946018B75898A1476F137@xmb-rcd-x10.cisco.com>
References: <C72CBD9FE3CA604887B1B3F1D145D05E2CE62CD3@szxeml528-mbx.china.huawei.com> <0096E801-3D17-4751-981A-67A46B96F739@yegin.org>
In-Reply-To: <0096E801-3D17-4751-981A-67A46B96F739@yegin.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.65.77.246]
x-tm-as-product-ver: SMEX-10.2.0.1135-7.000.1014-19082.000
x-tm-as-result: No--56.482000-8.000000-31
x-tm-as-user-approved-sender: No
x-tm-as-user-blocked-sender: No
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: Margaret Wasserman <mrw@painless-security.com>, "pcp@ietf.org" <pcp@ietf.org>
Subject: Re: [pcp] About selecting a key management for PCP
X-BeenThere: pcp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: PCP wg discussion list <pcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pcp>, <mailto:pcp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pcp>
List-Post: <mailto:pcp@ietf.org>
List-Help: <mailto:pcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pcp>, <mailto:pcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Aug 2012 23:09:46 -0000

Hi -

These are couple of questions, I had raised in the meeting

1)If let's say the application is using both STUN and PCP. In STUN it can use long term credentials generate key (RFC 5389 section 15.4)
This brings in complexity of using two different mechanisms. Is it possible to make it more flexible ?
So that the application can either opt for long term credential approach similar to STUN or go with PANA ?

2)How will PCP authentication work b/w PCP proxy and PCP server ?

--Tiru.

> -----Original Message-----
> From: Alper Yegin [mailto:alper.yegin@yegin.org]
> Sent: Thursday, August 02, 2012 6:32 AM
> To: Zhangdacheng
> Cc: Margaret Wasserman; pcp@ietf.org
> Subject: Re: [pcp] About selecting a key management for PCP
> 
> > an in-band authenticaiton mchanism for PCP (actually a simplified
> PANA).
> 
> 
> It's not simplified.... It's basically growing PANA (an EAPoUDP
> transport) within PCP. A redundant work that'd result in more
> complexity than keeping two simple protocols separate. This "oh I'll
> just carry EAP over my favorite protocol (e.g., DHCP!), and it'd be
> sooo simple" was tried before and failed miserably.  PCP and its key
> management are two separate issues that deserve two separate protocols
> (similar to IKE and IPsec being separate). I don't see any value in
> cobbling them up, which is more like a PPP-style approach -- all-in-
> one.
> 
> Alper
> 
> 
> 
> On Jul 31, 2012, at 1:50 PM, Zhangdacheng (Dacheng) wrote:
> 
> > Hi, All:
> >
> > We have a discussion about the selection of a key management
> mechanism for PCP, but there is not a conclusion yet. Basically, people
> focus on two solutions, using PANA or generating an in-band
> authenticaiton mchanism for PCP (actually a simplified PANA). Now,
> there is a new draft draft-ohba-pcp-pana-00, which tries to specify the
> first one. So, maybe it is the right time to raise this disucssion
> again and decide the key management solution for PCP eventually.
> >
> > Cheers
> >
> > Dacheng
> > _______________________________________________
> > pcp mailing list
> > pcp@ietf.org
> > https://www.ietf.org/mailman/listinfo/pcp
>

v2.23.0 | Report a Bug | By Email