Re: [pcp] Fwd: Comparison of PCP authentication

I went to the audio, to try to understand this resistance to analyzing
everything.

The discussion of the three options started at about 77 minutes into the
audio, which is at
http://www.ietf.org/audio/ietf84/ietf84-regencya-20120802-1510-pm2.mp3.  The
audio quality is pretty poor.

I heard:
 1.  separate PCP-dedicated function:  4 hands
 2.  PANA 'tunnel': ? hands (I could not hear)
 3.  PCP/PANA demux: 5 hands
 4.  don't care:  ? hands (I could not hear)

then, after a little more hand-raising, PANA had twice the votes of a
separate PCP-dedicated function.  Alain said the direction is PANA on a
single port.  I then heard myself asking at the microphone that I answered
"don't care" because I lack enough information to decide.  I couldn't hear
Margaret's reply in the audio.

In any event, I am struggling to understand the resistance to analyzing all
three in detail.  Worried a non-PANA solution will win, or the analysis will
take an additional 15 minutes, or what?

-d

> -----Original Message-----
> From: pcp-bounces@ietf.org [mailto:pcp-bounces@ietf.org] On Behalf Of
> Subir Das
> Sent: Wednesday, August 29, 2012 6:27 AM
> To: Margaret Wasserman
> Cc: pcp@ietf.org
> Subject: [pcp] Fwd: Comparison of PCP authentication
> 
> Margaret,
> I realized that I didn't copy my  mail to the mailing list.
> 
> Thanks,
> -Subir
> 
> 
> ---------- Forwarded message ----------
> From: Subir Das <subirdas21@gmail.com>
> Date: Fri, Aug 17, 2012 at 8:29 AM
> Subject: Re: [pcp] Comparison of PCP authentication
> To: Margaret Wasserman <margaretw42@gmail.com>
> 
> 
> 
> Hi Margaret,
> My recollection regarding conclusion was little different:
> 
> We will discuss  the following two PANA-based approaches and then
> decide:
> 
> - PANA Encapsulated in PCP
> - PANA Demultiplexed with PCP on the same port
> 
> The consensus in the room  was that PANA-based approach is preferrable
> over PCP specific approach. I need to look at the meeting minutes and
> recording though.
> 
> regards,
> _Subir
> 
> On Thu, Aug 16, 2012 at 7:38 AM, Margaret Wasserman
> <margaretw42@gmail.com> wrote:
> 
> 
> 
> 
> 	Hi Dacheng,
> 
> 	The conclusion from the meeting was that we will document all
> three approaches in our document:
> 
> 	- PCP Specific
> 	- PANA Encapsulated in PCP
> 	- PANA Demultiplexed with PCP on the same port
> 
> 	Then, we will have an interim PCP conference call to discuss the
> trade-offs and hopefully decide between them.
> 
> 
> 	Margaret
> 
> 
> 
> 	On Aug 15, 2012, at 10:47 PM, Zhangdacheng (Dacheng) wrote:
> 
> 
> 
> 		Have we got any conclusions on two approaches?  Or we can
> just support the two options in the draft for the moment and briefly
> compare their pros and cons, can we?
> 
> 		Cheers
> 
> 		Dcheng
> 
> 		From: pcp-bounces@ietf.org [mailto:pcp-bounces@ietf.org] On
> Behalf Of Margaret Wasserman
> 		Sent: Friday, August 10, 2012 3:21 AM
> 		To: Dan Wing
> 		Cc: pcp@ietf.org
> 		Subject: Re: [pcp] Comparison of PCP authentication
> 
> 
> 		On Aug 9, 2012, at 2:32 PM, Dan Wing wrote:
> 
> 
> 
> 				If I'm updating security policy on a
firewall I
> want to be able to
> 
> 				audit whether that actually happened.  That
> requires authentication.
> 
> 
> 			You are saying a PCP client would only want to
update
> firewall policies
> 			if the PCP server supports authentication, otherwise
> it would tell the
> 			user that it cannot enable the webcam, Internet-
> connected NAS,
> 			Internet-connected printer, etc.?
> 
> 
> 		I wont presume to guess what Sam is thinking...
> 
> 		However, I am thinking that there will be some clients
> that are configured to perform authentication for every request.  For
> example, there is no reason for a PCP proxy, running in an environment
> where authentication is required to do a THIRD-PARTY request, to
> perform a useless round-trip for every THIRD-PARTY request it issues.
> 
> 		Margaret
> 
> 
> 
> 
> 
> 	_______________________________________________
> 	pcp mailing list
> 	pcp@ietf.org
> 	https://www.ietf.org/mailman/listinfo/pcp
> 
> 
> 
> 