[pcp] Authentication: how do we make a decision about the approach
Sam Hartman <hartmans@painless-security.com> Fri, 18 January 2013 19:24 UTC
Return-Path: <hartmans@painless-security.com>
X-Original-To: pcp@ietfa.amsl.com
Delivered-To: pcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2FD2321F870A for <pcp@ietfa.amsl.com>; Fri, 18 Jan 2013 11:24:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tTAoY65wDjWy for <pcp@ietfa.amsl.com>; Fri, 18 Jan 2013 11:24:14 -0800 (PST)
Received: from mail.painless-security.com (mail.painless-security.com [23.30.188.241]) by ietfa.amsl.com (Postfix) with ESMTP id A5B9521F8684 for <pcp@ietf.org>; Fri, 18 Jan 2013 11:24:14 -0800 (PST)
Received: from carter-zimmerman.suchdamage.org (c-98-216-0-82.hsd1.ma.comcast.net [98.216.0.82]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client CN "laptop", Issuer "laptop" (not verified)) by mail.painless-security.com (Postfix) with ESMTPS id 320DC20289 for <pcp@ietf.org>; Fri, 18 Jan 2013 14:20:45 -0500 (EST)
Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id DC8C243F7; Fri, 18 Jan 2013 14:24:07 -0500 (EST)
From: Sam Hartman <hartmans@painless-security.com>
To: pcp@ietf.org
Date: Fri, 18 Jan 2013 14:24:07 -0500
Message-ID: <tslhamepa5k.fsf@mit.edu>
User-Agent: Gnus/5.110009 (No Gnus v0.9) Emacs/22.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Subject: [pcp] Authentication: how do we make a decision about the approach
X-BeenThere: pcp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: PCP wg discussion list <pcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pcp>, <mailto:pcp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pcp>
List-Post: <mailto:pcp@ietf.org>
List-Help: <mailto:pcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pcp>, <mailto:pcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Jan 2013 19:24:15 -0000
I for one don't really know how to get the working group more information on which to make a decision about which authentication approach to choose. We all seem to agree that it's possible to specify PCP-based security with any of the PANA approaches or simply by creating an EAP lower layer. Stuart, Alan, myself and a few others have said they believe the EAP lower layer approach will be easier to implement. Alper, Yoshi and a few others have indicated they favor PANA. The sense of the room roughly favored an EAP specific approach in Atlanta, but I'm not sure the chairs felt comfortable calling it a rough consensus of the room. When we asked the same question earlier, we got a different result. Of course we've explored the issues more. That was before I looked at various implementation strategies and before we had the architectural discussion. So, what now? For myself, the discussions have strengthened my opinion that we'd be better off defining an EAP lower layer for all the reasons that we've discussed. So I rather strongly prefer that approach, and will argue for that position until the consensus call is made. However, I'm in this discussion to work on PCP security. If I end up in the rough on this issue, I'll contribute to the PANA approach and would be able and willing to contribute heavily to documents in that space. Sure, I'd like to see the approach I think best be chosen, but more important is providing a quality security solution for PCP.