IETF Logo Mail Archive

Re: [pcp] channel binding

Alper Yegin <alper.yegin@yegin.org> Fri, 17 August 2012 15:51 UTC

Return-Path: <alper.yegin@yegin.org>
X-Original-To: pcp@ietfa.amsl.com
Delivered-To: pcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D78C421F860D for <pcp@ietfa.amsl.com>; Fri, 17 Aug 2012 08:51:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.452
X-Spam-Level:
X-Spam-Status: No, score=-102.452 tagged_above=-999 required=5 tests=[AWL=0.147, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XSoT+ybEd-DC for <pcp@ietfa.amsl.com>; Fri, 17 Aug 2012 08:51:03 -0700 (PDT)
Received: from mout.perfora.net (mout.perfora.net [74.208.4.195]) by ietfa.amsl.com (Postfix) with ESMTP id CB97721F8605 for <pcp@ietf.org>; Fri, 17 Aug 2012 08:51:02 -0700 (PDT)
Received: from [192.168.2.4] (88.247.135.202.static.ttnet.com.tr [88.247.135.202]) by mrelay.perfora.net (node=mrus1) with ESMTP (Nemesis) id 0MQgmT-1T84FI1mVp-00U1j7; Fri, 17 Aug 2012 11:50:53 -0400
Mime-Version: 1.0 (Apple Message framework v1278)
Content-Type: text/plain; charset="windows-1252"
From: Alper Yegin <alper.yegin@yegin.org>
In-Reply-To: <tsl7gsx3bxn.fsf@mit.edu>
Date: Fri, 17 Aug 2012 18:50:35 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <5FEBF03D-2045-4F6C-B1A3-C35330677AED@yegin.org>
References: <9B57C850BB53634CACEC56EF4853FF653B6EC381@TK5EX14MBXW604.wingroup.windeploy.ntdev.microsoft.com> <7FE144CF-00E3-4451-8CBE-A6A684DB7CC4@yegin.org> <067d01cd73fd$765a6c50$630f44f0$@com> <D6D2DEED-C35A-45AB-8B72-96195C308DB9@yegin.org> <57FF0F8E-1B86-410F-8B6B-C4893A28222F@lilacglade.org> <BB72B80F-0622-4A5B-A985-79D8AED13E0B@apple.com> <003b01cd7587$a111b760$e3352620$@com> <15990E87-2D59-49B1-845C-2A4CB5A1FBD6@lilacglade.org> <008801cd758f$3fd306e0$bf7914a0$@com> <C72CBD9FE3CA604887B1B3F1D145D05E2CE65225@szxeml528-mbx.china.huawei.com> <028801cd75d6$c5765490$5062fdb0$@com> <tsla9y4gptp.fsf@mit.edu> <04c901cd7658$37a740c0$a6f5c240$@com> <tslboikexlv.fsf@mit.edu> <054001cd765d$54c0f3e0$fe42dba0$@com> <0F259BA1-CEFF-4346-AFE5-3D33BB0CF0CC@lilacglade.org> <C72CBD9FE3CA604887B1B3F1D145D05E2CE756EE@szxeml528-mbs.china.huawei.com> <502C6BF0.3030400@toshiba.co.jp> <6F0B4ED8-68F1-44BB-A94B-E5D86E6C7254@lilacglade.org> <tsly5lf80o6.fsf@mit.edu> <A10FCAE7-AE02-4E3B-9C8A-1694EC 274652@yegin.org> <tsl7gsx3bxn.fsf@mit.edu>
To: Sam Hartman <hartmans@painless-security.com>
X-Mailer: Apple Mail (2.1278)
X-Provags-ID: V02:K0:QKqL7CBk+o0H5iC04S00GsV6SA5urUn2LU4pITM1/E7 JceBkl2MqN3oLuV+8fcwKhfXUxxJkng9tKSDJXxVL3nl4rBOzZ GFCxV9NINY8/0U+OPwkL5nmqfUEkI9MQBOFbW52DKTvZoqQsBr pVKvjxWRESN6VNkmOCCNW0bhQOzDC3Lo/e6EKtnzt7jeKPbKQC tLT1y3eAxlwXZLROOPDvYxg8oQXNOypFkM3faYVMUHG4w9PUHY 5XDB84pF6/OvSXKFiNaqRUKdW5tNG0ZtHEK/w1BGtDtGlFVyrT F5BsFhVGI7MqsgBdh826wBUlrZdLK8qu4YPD0fuVMurkJHnXnH cCjYLvDSwUCWYluLOH/fs52dugvES5FkKM5w8NTpKvGNqO5R9j XhopEgmWy+d7g==
Cc: pcp@ietf.org
Subject: Re: [pcp] channel binding
X-BeenThere: pcp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: PCP wg discussion list <pcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pcp>, <mailto:pcp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pcp>
List-Post: <mailto:pcp@ietf.org>
List-Help: <mailto:pcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pcp>, <mailto:pcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Aug 2012 15:51:04 -0000

> 
>    Alper> (spinning off a new thread for easier tracking)
> 
>    Alper> What value are you thinking of using for i1 and i2? IP
>    Alper> address of the PCP server?  If so, you can do that in any of
>    Alper> those solutions.  Is there a problem?
> I'm not entirely sure what we need for i1 and i2.
> I think it definitely needs to include:
> 
> * an indication that it is PCP
> * IP address.
> 
> Possibly this is easy.
> Can you give a clear algorithm for determining what ip address to use in
> i2?
> 

For i2, we need new RADIUS attribute(s)/Diameter AVP(s) to carry an indication that this is for PCP authentication, and the IP address facing the PCP client/PANA Client.
These would constitute i2.
Note that the IP address used by the node implementing PAA and PCP server may be different than the IP address used by the same node with its AAA client. That's why I said "facing…"

Alper
 




> --Sam

v2.23.0 | Report a Bug | By Email