Re: [pcp] Comparison of PCP authentication

Alper Yegin <alper.yegin@yegin.org> Fri, 17 August 2012 08:09 UTC

Return-Path: <alper.yegin@yegin.org>
X-Original-To: pcp@ietfa.amsl.com
Delivered-To: pcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0231D21F853E for <pcp@ietfa.amsl.com>; Fri, 17 Aug 2012 01:09:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.523
X-Spam-Level:
X-Spam-Status: No, score=-102.523 tagged_above=-999 required=5 tests=[AWL=0.075, BAYES_00=-2.599, HTML_MESSAGE=0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E-UIi2bKLeAY for <pcp@ietfa.amsl.com>; Fri, 17 Aug 2012 01:09:25 -0700 (PDT)
Received: from mout.perfora.net (mout.perfora.net [74.208.4.195]) by ietfa.amsl.com (Postfix) with ESMTP id 3239C21F853A for <pcp@ietf.org>; Fri, 17 Aug 2012 01:09:25 -0700 (PDT)
Received: from [192.168.2.4] (88.247.135.202.static.ttnet.com.tr [88.247.135.202]) by mrelay.perfora.net (node=mrus2) with ESMTP (Nemesis) id 0MWCQ5-1TCsbv1LoH-00Xzpz; Fri, 17 Aug 2012 04:09:23 -0400
Mime-Version: 1.0 (Apple Message framework v1278)
Content-Type: multipart/alternative; boundary="Apple-Mail=_A3E9F3D3-F6AD-4FD8-B446-269EE669320F"
From: Alper Yegin <alper.yegin@yegin.org>
In-Reply-To: <2340495D-0811-42DD-B0D3-636499A0D802@lilacglade.org>
Date: Fri, 17 Aug 2012 11:09:03 +0300
Message-Id: <17F2DC3F-3DAF-452C-B0FE-3337FDEE4118@yegin.org>
References: <9B57C850BB53634CACEC56EF4853FF653B6EC381@TK5EX14MBXW604.wingroup.windeploy.ntdev.microsoft.com> <7FE144CF-00E3-4451-8CBE-A6A684DB7CC4@yegin.org> <067d01cd73fd$765a6c50$630f44f0$@com> <D6D2DEED-C35A-45AB-8B72-96195C308DB9@yegin.org> <57FF0F8E-1B86-410F-8B6B-C4893A28222F@lilacglade.org> <BB72B80F-0622-4A5B-A985-79D8AED13E0B@apple.com> <003b01cd7587$a111b760$e3352620$@com> <15990E87-2D59-49B1-845C-2A4CB5A1FBD6@lilacglade.org> <008801cd758f$3fd306e0$bf7914a0$@com> <C72CBD9FE3CA604887B1B3F1D145D05E2CE65225@szxeml528-mbx.china.huawei.com> <028801cd75d6$c5765490$5062fdb0$@com> <tsla9y4gptp.fsf@mit.edu> <04c901cd7658$37a740c0$a6f5c240$@com> <tslboikexlv.fsf@mit.edu> <054001cd765d$54c0f3e0$fe42dba0$@com> <0F259BA1-CEFF-4346-AFE5-3D33BB0CF0CC@lilacglade.org> <C72CBD9FE3CA604887B1B3F1D145D05E2CE756EE@szxeml528-mbs.china.huawei.com> <2340495D-0811-42DD-B0D3-636499A0D802@lilacglade.org>
To: Margaret Wasserman <margaretw42@gmail.com>
X-Mailer: Apple Mail (2.1278)
X-Provags-ID: V02:K0:mOUKcGyr2qVpvGdq3LlJf/7qtl/IH6jGDvKY8S8+UAN gQutZEfW+7S2yauwYbc/Cwt6PUnaH76mgwIWxIDE+2kTjBnT/q 2E8OS46dxR2q903eqq07ASzRizie0Nso3EjWJhsRfNdlty3qkT jVUzYoFNivscBOF806oJmytcKMHNeh7b0q06AzCdCC2X0Nmn3Z ASi/+scEhW/HiegKpraqLPSZqWpbLSq0PrUujCJZYjIoklQBD1 xtPMdu+HR9IHhbuUr3OHJsdSfrN6mTfp1b5IhqUE/ye71iM92B dvcmLxs4mPoRGHNsNbTCyiUmEL/Ley34F0KwINSfigMcHl7/9u uO4BkIsAvhTuDlrxjp7Hn6kBJ6+z8vpsjmoXkiHRwBAQYP5PU3 Bw3pq93DWhv3w==
Cc: pcp@ietf.org
Subject: Re: [pcp] Comparison of PCP authentication
X-BeenThere: pcp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: PCP wg discussion list <pcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pcp>, <mailto:pcp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pcp>
List-Post: <mailto:pcp@ietf.org>
List-Help: <mailto:pcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pcp>, <mailto:pcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Aug 2012 08:09:26 -0000

On Aug 16, 2012, at 2:38 PM, Margaret Wasserman wrote:

> 
> 
> Hi Dacheng,
> 
> The conclusion from the meeting was that we will document all three approaches in our document:
> 

Could the chairs please declare what the meeting conclusions and next steps are.

Thanks.

Alper




> - PCP Specific
> - PANA Encapsulated in PCP
> - PANA Demultiplexed with PCP on the same port
> 
> Then, we will have an interim PCP conference call to discuss the trade-offs and hopefully decide between them.
> 
> Margaret
> 
> 
> 
> On Aug 15, 2012, at 10:47 PM, Zhangdacheng (Dacheng) wrote:
> 
>> Have we got any conclusions on two approaches?  Or we can just support the two options in the draft for the moment and briefly compare their pros and cons, can we?
>>  
>> Cheers
>>  
>> Dcheng
>>  
>> From: pcp-bounces@ietf.org [mailto:pcp-bounces@ietf.org] On Behalf Of Margaret Wasserman
>> Sent: Friday, August 10, 2012 3:21 AM
>> To: Dan Wing
>> Cc: pcp@ietf.org
>> Subject: Re: [pcp] Comparison of PCP authentication
>>  
>>  
>> On Aug 9, 2012, at 2:32 PM, Dan Wing wrote:
>>  
>> If I'm updating security policy on a firewall I want to be able to
>> audit whether that actually happened.  That requires authentication.
>> 
>> You are saying a PCP client would only want to update firewall policies 
>> if the PCP server supports authentication, otherwise it would tell the
>> user that it cannot enable the webcam, Internet-connected NAS, 
>> Internet-connected printer, etc.?
>>  
>> I wont presume to guess what Sam is thinking...
>>  
>> However, I am thinking that there will be some clients  that are configured to perform authentication for every request.  For example, there is no reason for a PCP proxy, running in an environment where authentication is required to do a THIRD-PARTY request, to perform a useless round-trip for every THIRD-PARTY request it issues.  
>>  
>> Margaret
>>  
>>  
> 
> _______________________________________________
> pcp mailing list
> pcp@ietf.org
> https://www.ietf.org/mailman/listinfo/pcp