IETF Logo Mail Archive

Re: [pcp] Comparison of PCP authentication

Margaret Wasserman <margaretw42@gmail.com> Thu, 16 August 2012 11:38 UTC

Return-Path: <margaretw42@gmail.com>
X-Original-To: pcp@ietfa.amsl.com
Delivered-To: pcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A3D9A21F85ED for <pcp@ietfa.amsl.com>; Thu, 16 Aug 2012 04:38:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[AWL=-0.001, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5M1m-MNJxUZY for <pcp@ietfa.amsl.com>; Thu, 16 Aug 2012 04:38:37 -0700 (PDT)
Received: from mail-qc0-f172.google.com (mail-qc0-f172.google.com [209.85.216.172]) by ietfa.amsl.com (Postfix) with ESMTP id CEF2221F85DF for <pcp@ietf.org>; Thu, 16 Aug 2012 04:38:36 -0700 (PDT)
Received: by qcac10 with SMTP id c10so2224522qca.31 for <pcp@ietf.org>; Thu, 16 Aug 2012 04:38:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:mime-version:content-type:from:in-reply-to:date:cc :message-id:references:to:x-mailer; bh=GJqBcUv5AT5hjHTYXGkT2lrEA6tdQ+G7FUbPT36DqRg=; b=mjnI5a112Q37tht6m1BDKjX7OvfQiNxEThfFXiZZu/C9Dh5GDzv4RSHnoeIpp8UzCn jPLOpeW+Xl3BFxgs89zC+xopzK1VXH8Rk7Z6lP4kyZM7GA9SOkIpofKf/Vs/+UjPgH59 ZxeMuzPoFDP21tsZyRiYCcVim/cuHtZv79YggtPLaxD9LqqWil9Cqmq5Di1EdHHTyTZ9 uuhU8ObLmetctnfMVI8jF48tyP+qF56uRvP2tUnSxo9QHHiUtI+5c8Czk0dRVo1HfvLW l9lu1hqCdhgRv8gxYfEKEnKgxIJWOddZdDh6OZ8LypQq8vMBHgr1IpfbNKL84anKuSie 0erA==
Received: by 10.224.213.194 with SMTP id gx2mr2473226qab.11.1345117116058; Thu, 16 Aug 2012 04:38:36 -0700 (PDT)
Received: from lilac-too.home (pool-71-184-120-122.bstnma.fios.verizon.net. [71.184.120.122]) by mx.google.com with ESMTPS id s9sm6309530qaa.7.2012.08.16.04.38.31 (version=SSLv3 cipher=OTHER); Thu, 16 Aug 2012 04:38:34 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: multipart/alternative; boundary="Apple-Mail-10--409792648"
From: Margaret Wasserman <margaretw42@gmail.com>
In-Reply-To: <C72CBD9FE3CA604887B1B3F1D145D05E2CE756EE@szxeml528-mbs.china.huawei.com>
Date: Thu, 16 Aug 2012 07:38:30 -0400
Message-Id: <2340495D-0811-42DD-B0D3-636499A0D802@lilacglade.org>
References: <9B57C850BB53634CACEC56EF4853FF653B6EC381@TK5EX14MBXW604.wingroup.windeploy.ntdev.microsoft.com> <7FE144CF-00E3-4451-8CBE-A6A684DB7CC4@yegin.org> <067d01cd73fd$765a6c50$630f44f0$@com> <D6D2DEED-C35A-45AB-8B72-96195C308DB9@yegin.org> <57FF0F8E-1B86-410F-8B6B-C4893A28222F@lilacglade.org> <BB72B80F-0622-4A5B-A985-79D8AED13E0B@apple.com> <003b01cd7587$a111b760$e3352620$@com> <15990E87-2D59-49B1-845C-2A4CB5A1FBD6@lilacglade.org> <008801cd758f$3fd306e0$bf7914a0$@com> <C72CBD9FE3CA604887B1B3F1D145D05E2CE65225@szxeml528-mbx.china.huawei.com> <028801cd75d6$c5765490$5062fdb0$@com> <tsla9y4gptp.fsf@mit.edu> <04c901cd7658$37a740c0$a6f5c240$@com> <tslboikexlv.fsf@mit.edu> <054001cd765d$54c0f3e0$fe42dba0$@com> <0F259BA1-CEFF-4346-AFE5-3D33BB0CF0CC@lilacglade.org> <C72CBD9FE3CA604887B1B3F1D145D05E2CE756EE@szxeml528-mbs.china.huawei.com>
To: "Zhangdacheng (Dacheng)" <zhangdacheng@huawei.com>
X-Mailer: Apple Mail (2.1084)
Cc: pcp@ietf.org
Subject: Re: [pcp] Comparison of PCP authentication
X-BeenThere: pcp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: PCP wg discussion list <pcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pcp>, <mailto:pcp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pcp>
List-Post: <mailto:pcp@ietf.org>
List-Help: <mailto:pcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pcp>, <mailto:pcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Aug 2012 11:38:37 -0000


Hi Dacheng,

The conclusion from the meeting was that we will document all three approaches in our document:

- PCP Specific
- PANA Encapsulated in PCP
- PANA Demultiplexed with PCP on the same port

Then, we will have an interim PCP conference call to discuss the trade-offs and hopefully decide between them.

Margaret



On Aug 15, 2012, at 10:47 PM, Zhangdacheng (Dacheng) wrote:

> Have we got any conclusions on two approaches?  Or we can just support the two options in the draft for the moment and briefly compare their pros and cons, can we?
>  
> Cheers
>  
> Dcheng
>  
> From: pcp-bounces@ietf.org [mailto:pcp-bounces@ietf.org] On Behalf Of Margaret Wasserman
> Sent: Friday, August 10, 2012 3:21 AM
> To: Dan Wing
> Cc: pcp@ietf.org
> Subject: Re: [pcp] Comparison of PCP authentication
>  
>  
> On Aug 9, 2012, at 2:32 PM, Dan Wing wrote:
>  
> If I'm updating security policy on a firewall I want to be able to
> audit whether that actually happened.  That requires authentication.
> 
> You are saying a PCP client would only want to update firewall policies 
> if the PCP server supports authentication, otherwise it would tell the
> user that it cannot enable the webcam, Internet-connected NAS, 
> Internet-connected printer, etc.?
>  
> I wont presume to guess what Sam is thinking...
>  
> However, I am thinking that there will be some clients  that are configured to perform authentication for every request.  For example, there is no reason for a PCP proxy, running in an environment where authentication is required to do a THIRD-PARTY request, to perform a useless round-trip for every THIRD-PARTY request it issues.  
>  
> Margaret
>  
>

v2.23.0 | Report a Bug | By Email