IETF Logo Mail Archive

Re: [pcp] Comparison of PCP authentication

"Zhangdacheng (Dacheng)" <zhangdacheng@huawei.com> Thu, 16 August 2012 02:50 UTC

Return-Path: <zhangdacheng@huawei.com>
X-Original-To: pcp@ietfa.amsl.com
Delivered-To: pcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5AA2221F84C4 for <pcp@ietfa.amsl.com>; Wed, 15 Aug 2012 19:50:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.77
X-Spam-Level:
X-Spam-Status: No, score=-5.77 tagged_above=-999 required=5 tests=[AWL=0.828, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MoL+YY1Afs35 for <pcp@ietfa.amsl.com>; Wed, 15 Aug 2012 19:50:45 -0700 (PDT)
Received: from dfwrgout.huawei.com (dfwrgout.huawei.com [206.16.17.72]) by ietfa.amsl.com (Postfix) with ESMTP id BB92821F8491 for <pcp@ietf.org>; Wed, 15 Aug 2012 19:50:26 -0700 (PDT)
Received: from 172.18.9.243 (EHLO dfweml201-edg.china.huawei.com) ([172.18.9.243]) by dfwrg01-dlp.huawei.com (MOS 4.3.5-GA FastPath) with ESMTP id AJL38439; Wed, 15 Aug 2012 18:50:26 -0800 (PST)
Received: from DFWEML403-HUB.china.huawei.com (10.193.5.151) by dfweml201-edg.china.huawei.com (172.18.9.107) with Microsoft SMTP Server (TLS) id 14.1.323.3; Wed, 15 Aug 2012 19:47:21 -0700
Received: from SZXEML405-HUB.china.huawei.com (10.82.67.60) by dfweml403-hub.china.huawei.com (10.193.5.151) with Microsoft SMTP Server (TLS) id 14.1.323.3; Wed, 15 Aug 2012 19:47:25 -0700
Received: from SZXEML528-MBS.china.huawei.com ([169.254.5.24]) by szxeml405-hub.china.huawei.com ([::1]) with mapi id 14.01.0323.003; Thu, 16 Aug 2012 10:47:17 +0800
From: "Zhangdacheng (Dacheng)" <zhangdacheng@huawei.com>
To: Margaret Wasserman <mrw@lilacglade.org>, Dan Wing <dwing@cisco.com>
Thread-Topic: [pcp] Comparison of PCP authentication
Thread-Index: Ac12W6ER1F5Ai0qa4kawmCOKzP6BvgAAVNUQ//+IUID/9Zu6kA==
Date: Thu, 16 Aug 2012 02:47:16 +0000
Message-ID: <C72CBD9FE3CA604887B1B3F1D145D05E2CE756EE@szxeml528-mbs.china.huawei.com>
References: <9B57C850BB53634CACEC56EF4853FF653B6EC381@TK5EX14MBXW604.wingroup.windeploy.ntdev.microsoft.com> <7FE144CF-00E3-4451-8CBE-A6A684DB7CC4@yegin.org> <067d01cd73fd$765a6c50$630f44f0$@com> <D6D2DEED-C35A-45AB-8B72-96195C308DB9@yegin.org> <57FF0F8E-1B86-410F-8B6B-C4893A28222F@lilacglade.org> <BB72B80F-0622-4A5B-A985-79D8AED13E0B@apple.com> <003b01cd7587$a111b760$e3352620$@com> <15990E87-2D59-49B1-845C-2A4CB5A1FBD6@lilacglade.org> <008801cd758f$3fd306e0$bf7914a0$@com> <C72CBD9FE3CA604887B1B3F1D145D05E2CE65225@szxeml528-mbx.china.huawei.com> <028801cd75d6$c5765490$5062fdb0$@com> <tsla9y4gptp.fsf@mit.edu> <04c901cd7658$37a740c0$a6f5c240$@com> <tslboikexlv.fsf@mit.edu> <054001cd765d$54c0f3e0$fe42dba0$@com> <0F259BA1-CEFF-4346-AFE5-3D33BB0CF0CC@lilacglade.org>
In-Reply-To: <0F259BA1-CEFF-4346-AFE5-3D33BB0CF0CC@lilacglade.org>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.111.99.49]
Content-Type: multipart/alternative; boundary="_000_C72CBD9FE3CA604887B1B3F1D145D05E2CE756EEszxeml528mbschi_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Cc: "pcp@ietf.org" <pcp@ietf.org>
Subject: Re: [pcp] Comparison of PCP authentication
X-BeenThere: pcp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: PCP wg discussion list <pcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pcp>, <mailto:pcp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pcp>
List-Post: <mailto:pcp@ietf.org>
List-Help: <mailto:pcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pcp>, <mailto:pcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Aug 2012 02:50:46 -0000

Have we got any conclusions on two approaches?  Or we can just support the two options in the draft for the moment and briefly compare their pros and cons, can we?

Cheers

Dcheng

From: pcp-bounces@ietf.org [mailto:pcp-bounces@ietf.org] On Behalf Of Margaret Wasserman
Sent: Friday, August 10, 2012 3:21 AM
To: Dan Wing
Cc: pcp@ietf.org
Subject: Re: [pcp] Comparison of PCP authentication


On Aug 9, 2012, at 2:32 PM, Dan Wing wrote:

If I'm updating security policy on a firewall I want to be able to
audit whether that actually happened.  That requires authentication.

You are saying a PCP client would only want to update firewall policies
if the PCP server supports authentication, otherwise it would tell the
user that it cannot enable the webcam, Internet-connected NAS,
Internet-connected printer, etc.?

I wont presume to guess what Sam is thinking...

However, I am thinking that there will be some clients  that are configured to perform authentication for every request.  For example, there is no reason for a PCP proxy, running in an environment where authentication is required to do a THIRD-PARTY request, to perform a useless round-trip for every THIRD-PARTY request it issues.

Margaret

v2.23.0 | Report a Bug | By Email