[pcp] issue#61: Unsolicited reauthentication
Alper Yegin <alper.yegin@yegin.org> Mon, 05 November 2012 11:21 UTC
Return-Path: <alper.yegin@yegin.org>
X-Original-To: pcp@ietfa.amsl.com
Delivered-To: pcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BA4BE21F85EE for <pcp@ietfa.amsl.com>; Mon, 5 Nov 2012 03:21:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.385
X-Spam-Level:
X-Spam-Status: No, score=-102.385 tagged_above=-999 required=5 tests=[AWL=0.213, BAYES_00=-2.599, HTML_MESSAGE=0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8cLF+9svC87m for <pcp@ietfa.amsl.com>; Mon, 5 Nov 2012 03:21:32 -0800 (PST)
Received: from mout.perfora.net (mout.perfora.net [74.208.4.195]) by ietfa.amsl.com (Postfix) with ESMTP id 1AFDF21F8527 for <pcp@ietf.org>; Mon, 5 Nov 2012 03:21:32 -0800 (PST)
Received: from [192.168.2.4] (88.247.135.202.static.ttnet.com.tr [88.247.135.202]) by mrelay.perfora.net (node=mrus4) with ESMTP (Nemesis) id 0MJjH2-1TUEoe1Y28-001Kh4; Mon, 05 Nov 2012 06:21:30 -0500
From: Alper Yegin <alper.yegin@yegin.org>
Content-Type: multipart/alternative; boundary="Apple-Mail=_AF9A9CB5-AD11-4F23-8523-277482A79EF6"
Date: Mon, 05 Nov 2012 13:21:14 +0200
Message-Id: <A0F7F765-4E5B-494E-B4D0-7BDD8325D08A@yegin.org>
To: pcp@ietf.org
Mime-Version: 1.0 (Apple Message framework v1278)
X-Mailer: Apple Mail (2.1278)
X-Provags-ID: V02:K0:i/kXcKWDyDnpa1Onl2mkxYyYjOs+678BB5r6foQpUmH 6eaDA4I7SHNp8o8AIvy8pQmNwjMFvoW06knOvahrL1KEdIuxKn +XJQvluiy02g2JmoPBKYmeX4nqXieE3wfNn5HBxJ+7jPxN6BCr /ts+Ouqk9Rp4bRUsOeDVTgDX9N4Up6hPUDcDy3SYC267n0/Vuc qugMfIj5fdFmFBRCMfp57o201OAhJoI7WZDLDVnntM5sIcW3Go NeYBhE3zomN4YF4IYeRl7o4eOCmW5JCJrHy+Kr/EiyzSW5s8dw LH4/uH7X6TAWNuUox5HzqjD7JWmrEGAfou3JqU2TIPTula10v0 z8PDk15yC0IhRJagPYxkk2aEbbCQcCk+D+v+vbOMiG+L1nk3jh xoxq1wcUQ/L9w==
Subject: [pcp] issue#61: Unsolicited reauthentication
X-BeenThere: pcp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: PCP wg discussion list <pcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pcp>, <mailto:pcp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pcp>
List-Post: <mailto:pcp@ietf.org>
List-Help: <mailto:pcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pcp>, <mailto:pcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Nov 2012 11:21:32 -0000
Would it be desirable to support unsolicited re-authentication? – May depend on answer to issue #60 – is there a need to renew authentication information when no requests are being issued? Alper> As we discovered over the mailing list, there are cases where the PCP server sends unsolicited messages to the PCP client (e.g., when the mapping lifetime is updated). Such messages too need to be secured. So, tossing the PCP SA as soon as the first PCP request/response is completed after the EAP authentication does not work. PCP SA is needed later too. Alper> Besides, I don't understand why you'd want to toss the PCP SA away. Keep it around because you are likely to need it even at least for the subsequent requests from the PCP client. Alper> And, finally, RADIUS and Diameter support EAP re-authentication initiated by the AAA server. Unless we explicitly forbid that, they are there to be supported by any EAP lower-layer. Or is it preferable to wait until a new mapping request is issued, and start a new authentication process then, if needed?
- [pcp] issue#61: Unsolicited reauthentication Alper Yegin
- Re: [pcp] issue#61: Unsolicited reauthentication Alper Yegin
- Re: [pcp] issue#61: Unsolicited reauthentication Alper Yegin