IETF Logo Mail Archive

Re: [pcp] Posted auth req slide that was edited during meeting

<yoshihiro.ohba@toshiba.co.jp> Mon, 18 March 2013 14:12 UTC

Return-Path: <yoshihiro.ohba@toshiba.co.jp>
X-Original-To: pcp@ietfa.amsl.com
Delivered-To: pcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EDF8821F8F03 for <pcp@ietfa.amsl.com>; Mon, 18 Mar 2013 07:12:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.089
X-Spam-Level:
X-Spam-Status: No, score=-5.089 tagged_above=-999 required=5 tests=[AWL=-1.000, BAYES_00=-2.599, HELO_EQ_JP=1.244, HOST_EQ_JP=1.265, RCVD_IN_DNSWL_MED=-4, UNPARSEABLE_RELAY=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LlnoKEoGaunQ for <pcp@ietfa.amsl.com>; Mon, 18 Mar 2013 07:12:11 -0700 (PDT)
Received: from imx2.toshiba.co.jp (inet-tsb5.toshiba.co.jp [202.33.96.24]) by ietfa.amsl.com (Postfix) with ESMTP id 416BC21F8EF6 for <pcp@ietf.org>; Mon, 18 Mar 2013 07:12:10 -0700 (PDT)
Received: from tsbmgw-mgw02.tsbmgw-mgw02.toshiba.co.jp ([133.199.200.50]) by imx2.toshiba.co.jp with ESMTP id r2IEC81q020739 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 18 Mar 2013 23:12:08 +0900 (JST)
Received: from tsbmgw-mgw02 (localhost [127.0.0.1]) by tsbmgw-mgw02.tsbmgw-mgw02.toshiba.co.jp (8.13.8/8.14.5) with ESMTP id r2IEC8Oa017321; Mon, 18 Mar 2013 23:12:08 +0900
Received: from localhost ([127.0.0.1]) by tsbmgw-mgw02 (JAMES SMTP Server 2.3.1) with SMTP ID 731; Mon, 18 Mar 2013 23:12:08 +0900 (JST)
Received: from arc1.toshiba.co.jp ([133.199.194.235]) by tsbmgw-mgw02.tsbmgw-mgw02.toshiba.co.jp (8.13.8/8.14.5) with ESMTP id r2IEC89l017312; Mon, 18 Mar 2013 23:12:08 +0900
Received: (from root@localhost) by arc1.toshiba.co.jp id r2IEC8GR003892; Mon, 18 Mar 2013 23:12:08 +0900 (JST)
Received: from unknown [133.199.192.144] by arc1.toshiba.co.jp with ESMTP id ZAA03889; Mon, 18 Mar 2013 23:12:08 +0900
Received: from mx.toshiba.co.jp (localhost [127.0.0.1]) by ovp2.toshiba.co.jp with ESMTP id r2IEC8ct013748; Mon, 18 Mar 2013 23:12:08 +0900 (JST)
Received: from tgxml329.toshiba.local by toshiba.co.jp id r2IEC8LG019763; Mon, 18 Mar 2013 23:12:08 +0900 (JST)
Received: from TGXML337.toshiba.local ([169.254.3.203]) by tgxml329.toshiba.local ([133.199.60.16]) with mapi id 14.02.0328.009; Mon, 18 Mar 2013 23:12:07 +0900
From: yoshihiro.ohba@toshiba.co.jp
To: hartmans@painless-security.com
Thread-Topic: [pcp] Posted auth req slide that was edited during meeting
Thread-Index: AQHOI+DTZVo7fOcKTKW7xX5uXeSScpirfAWw
Date: Mon, 18 Mar 2013 14:12:07 +0000
Message-ID: <674F70E5F2BE564CB06B6901FD3DD78B12CDB148@tgxml337.toshiba.local>
References: <341064315C6D0D498193B256F238CF9747C9C9@TK5EX14MBXW603.wingroup.windeploy.ntdev.microsoft.com> <5EF8B214-6563-47C7-9D48-621D9D5E1B29@yegin.org> <tslip4r42r3.fsf@mit.edu> <674F70E5F2BE564CB06B6901FD3DD78B12CD0A01@tgxml337.toshiba.local> <tslk3p4zyze.fsf@mit.edu> <674F70E5F2BE564CB06B6901FD3DD78B12CDB0CB@tgxml337.toshiba.local> <tsl620ox0zb.fsf@mit.edu>
In-Reply-To: <tsl620ox0zb.fsf@mit.edu>
Accept-Language: ja-JP, en-US
Content-Language: ja-JP
x-originating-ip: [133.199.16.60]
msscp.transfermailtomossagent: 103
Content-Type: text/plain; charset="iso-2022-jp"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: pcp@ietf.org
Subject: Re: [pcp] Posted auth req slide that was edited during meeting
X-BeenThere: pcp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: PCP wg discussion list <pcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pcp>, <mailto:pcp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pcp>
List-Post: <mailto:pcp@ietf.org>
List-Help: <mailto:pcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pcp>, <mailto:pcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Mar 2013 14:12:12 -0000

Sam,

-----Original Message-----
From: Sam Hartman [mailto:hartmans@painless-security.com] 
Sent: Monday, March 18, 2013 11:00 PM
To: ohba yoshihiro
Cc: alper.yegin@yegin.org; pcp@ietf.org
Subject: Re: [pcp] Posted auth req slide that was edited during meeting

>>>>>   <yoshihiro.ohba@toshiba.co.jp> writes:


    > In any case, we should follow the definition of EAP
    > re-authentication in RFC 5247 about re-authentication timing.  I
    > see absolutely no reason to change the definition.

OK. So you're saying that the goal of the security association expiration is to make sure that a client cannot change the PCP state in a manner that requires authentication outside a time window defined by the AAA infrastructure/PCP server?

[YO] Yes.

So, the sorts of attacks we'd want to prevent are people changing state after credentials have changed or authorizations have changed?

[YO] Yes, unless the credentials or authorizations are changed via a valid re-authentication, that is the whole purpose of re-authentication.

Yoshihiro Ohba

--Sam

v2.23.0 | Report a Bug | By Email