IETF Logo Mail Archive

[pcp] Stephen Farrell's No Objection on draft-ietf-pcp-authentication-13: (with COMMENT)

"Stephen Farrell" <stephen.farrell@cs.tcd.ie> Thu, 09 July 2015 16:22 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: pcp@ietfa.amsl.com
Delivered-To: pcp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 75AF71B2AD7; Thu, 9 Jul 2015 09:22:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i7_fG2ob0KIy; Thu, 9 Jul 2015 09:22:21 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 549541B2AB9; Thu, 9 Jul 2015 09:22:17 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
To: The IESG <iesg@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.0.4.p3
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <20150709162217.19448.27985.idtracker@ietfa.amsl.com>
Date: Thu, 09 Jul 2015 09:22:17 -0700
Archived-At: <http://mailarchive.ietf.org/arch/msg/pcp/sZtT1GmSULVGeTKba3Eoa8cC1I0>
Cc: pcp@ietf.org
Subject: [pcp] Stephen Farrell's No Objection on draft-ietf-pcp-authentication-13: (with COMMENT)
X-BeenThere: pcp@ietf.org
X-Mailman-Version: 2.1.15
List-Id: PCP wg discussion list <pcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pcp>, <mailto:pcp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pcp/>
List-Post: <mailto:pcp@ietf.org>
List-Help: <mailto:pcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pcp>, <mailto:pcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Jul 2015 16:22:28 -0000

Stephen Farrell has entered the following ballot position for
draft-ietf-pcp-authentication-13: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-pcp-authentication/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------



Thanks for getting this done.


- How would this work in a home network where the f/w is not
managed by the ISP and there'd otherwise be no EAP
infrastructure? That could be out-of-scope or require some
new/odd EAP implementation and no change to this protocol, and
that is probably fine, but I do wonder. 

- 3.3: Is this really needed? I wonder if we could do without
it. The protocol would be simpler if this wasn't needed and
simpler == more-secure in general.

- 5.11: would s/issued the credentials/issued the EAP
credentials that will be used to authenticate the client/ be
better? As-is, it's a tiny bit confusing maybe.

- 6.2: Maybe this is being overly paranoid, but would it be
worth saying that in all failure cases when you say discard the
message, you mean to not process it's content?  With a very
perverse reading of the current text, I might be able to argue
that I could process the message content first and only then
check the authentication afterwards. Yes, that'd be fairly
spectacularly dim, but that kind of thing does sometimes
happen. (If there's a better place in the draft to put some
text on that, that's just fine.)

v2.23.0 | Report a Bug | By Email