IETF Logo Mail Archive

Re: [pcp] Fwd: Comparison of PCP authentication

Subir Das <subirdas21@gmail.com> Wed, 29 August 2012 17:19 UTC

Return-Path: <subirdas21@gmail.com>
X-Original-To: pcp@ietfa.amsl.com
Delivered-To: pcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5D29C21F861C for <pcp@ietfa.amsl.com>; Wed, 29 Aug 2012 10:19:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.598
X-Spam-Level:
X-Spam-Status: No, score=-3.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oySIBP1KBCDm for <pcp@ietfa.amsl.com>; Wed, 29 Aug 2012 10:19:31 -0700 (PDT)
Received: from mail-vb0-f44.google.com (mail-vb0-f44.google.com [209.85.212.44]) by ietfa.amsl.com (Postfix) with ESMTP id C5E2821F8615 for <pcp@ietf.org>; Wed, 29 Aug 2012 10:19:30 -0700 (PDT)
Received: by vbbez10 with SMTP id ez10so1046240vbb.31 for <pcp@ietf.org>; Wed, 29 Aug 2012 10:19:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=lxgRZ5G2EAtOAxl7zLGOIoS+kYS3xVFSldmgOTU73ZU=; b=kxq3e6Fyhbh4xqzi4quoN6UjJL1gcpxVNgMNTC+0f/2mFcWUJRuIZBwbL1ZI+dRdrM Y88m3p8N+F+9TLXxWSZrIqeMXEGiENiqe8LVO+bw/7ZyqmlXl6JfMMIYRj/IQ6fqmOyt tFOFt7IRefNmI4ExdlmMsS5ulFaPPHDgAHfMMy97AmsfvRXjTBw1yMYDLqFlW1utf7rq byGNOvqjuZUQYk4LycnfdQUXYEtEZxkMPmdtyvK6TANI9/tTD7mOXu6OPKtBfzTPMpTm sfV6yhPfwXVyzCJpLAEPqmZ9aUM5cPo8XalmM+KCEi+Qrff0A6hazMjBTkumhLVDD+1k Z/5w==
MIME-Version: 1.0
Received: by 10.52.33.15 with SMTP id n15mr1221918vdi.67.1346260769879; Wed, 29 Aug 2012 10:19:29 -0700 (PDT)
Received: by 10.58.155.170 with HTTP; Wed, 29 Aug 2012 10:19:29 -0700 (PDT)
In-Reply-To: <012301cd85ff$3b451430$b1cf3c90$@com>
References: <9B57C850BB53634CACEC56EF4853FF653B6EC381@TK5EX14MBXW604.wingroup.windeploy.ntdev.microsoft.com> <7FE144CF-00E3-4451-8CBE-A6A684DB7CC4@yegin.org> <067d01cd73fd$765a6c50$630f44f0$@com> <D6D2DEED-C35A-45AB-8B72-96195C308DB9@yegin.org> <57FF0F8E-1B86-410F-8B6B-C4893A28222F@lilacglade.org> <BB72B80F-0622-4A5B-A985-79D8AED13E0B@apple.com> <003b01cd7587$a111b760$e3352620$@com> <15990E87-2D59-49B1-845C-2A4CB5A1FBD6@lilacglade.org> <008801cd758f$3fd306e0$bf7914a0$@com> <C72CBD9FE3CA604887B1B3F1D145D05E2CE65225@szxeml528-mbx.china.huawei.com> <028801cd75d6$c5765490$5062fdb0$@com> <tsla9y4gptp.fsf@mit.edu> <04c901cd7658$37a740c0$a6f5c240$@com> <tslboikexlv.fsf@mit.edu> <054001cd765d$54c0f3e0$fe42dba0$@com> <0F259BA1-CEFF-4346-AFE5-3D33BB0CF0CC@lilacglade.org> <C72CBD9FE3CA604887B1B3F1D145D05E2CE756EE@szxeml528-mbs.china.huawei.com> <2340495D-0811-42DD-B0D3-636499A0D802@lilacglade.org> <CAFb8J8opi_X8fsDZnAtMGp2bajAkqepCDyxgeyGuqzGzd9D-zQ@mail.gmail.com> <CAFb8J8qsoKL+U+9YpV0wuN3yhgvncirAXc+h+XAWBX55SQPytg@mail.gmail.com> <012301cd85ff$3b451430$b1cf3c90$@com>
Date: Wed, 29 Aug 2012 13:19:29 -0400
Message-ID: <CAFb8J8r+x96De-u7M1HSbb0=UUz=Di5mypsNMV5L2_eGSrnhvQ@mail.gmail.com>
From: Subir Das <subirdas21@gmail.com>
To: Dan Wing <dwing@cisco.com>
Content-Type: multipart/alternative; boundary="20cf307c9bdcf6b66904c86ac24b"
Cc: pcp@ietf.org
Subject: Re: [pcp] Fwd: Comparison of PCP authentication
X-BeenThere: pcp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: PCP wg discussion list <pcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pcp>, <mailto:pcp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pcp>
List-Post: <mailto:pcp@ietf.org>
List-Help: <mailto:pcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pcp>, <mailto:pcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Aug 2012 17:19:35 -0000

I also tried the audio and it was very poor. You have summarized it nicely
though. I am not resisting anything, I was merely stating my takeway on
Chair's statement.

-Subir

On Wed, Aug 29, 2012 at 11:59 AM, Dan Wing <dwing@cisco.com> wrote:

> I went to the audio, to try to understand this resistance to analyzing
> everything.
>
> The discussion of the three options started at about 77 minutes into the
> audio, which is at
> http://www.ietf.org/audio/ietf84/ietf84-regencya-20120802-1510-pm2.mp3.
>  The
> audio quality is pretty poor.
>
> I heard:
>  1.  separate PCP-dedicated function:  4 hands
>  2.  PANA 'tunnel': ? hands (I could not hear)
>  3.  PCP/PANA demux: 5 hands
>  4.  don't care:  ? hands (I could not hear)
>
> then, after a little more hand-raising, PANA had twice the votes of a
> separate PCP-dedicated function.  Alain said the direction is PANA on a
> single port.  I then heard myself asking at the microphone that I answered
> "don't care" because I lack enough information to decide.  I couldn't hear
> Margaret's reply in the audio.
>
>
> In any event, I am struggling to understand the resistance to analyzing all
> three in detail.  Worried a non-PANA solution will win, or the analysis
> will
> take an additional 15 minutes, or what?
>
> -d
>
> > -----Original Message-----
> > From: pcp-bounces@ietf.org [mailto:pcp-bounces@ietf.org] On Behalf Of
> > Subir Das
> > Sent: Wednesday, August 29, 2012 6:27 AM
> > To: Margaret Wasserman
> > Cc: pcp@ietf.org
> > Subject: [pcp] Fwd: Comparison of PCP authentication
> >
> > Margaret,
> > I realized that I didn't copy my  mail to the mailing list.
> >
> > Thanks,
> > -Subir
> >
> >
> > ---------- Forwarded message ----------
> > From: Subir Das <subirdas21@gmail.com>
> > Date: Fri, Aug 17, 2012 at 8:29 AM
> > Subject: Re: [pcp] Comparison of PCP authentication
> > To: Margaret Wasserman <margaretw42@gmail.com>
> >
> >
> >
> > Hi Margaret,
> > My recollection regarding conclusion was little different:
> >
> > We will discuss  the following two PANA-based approaches and then
> > decide:
> >
> > - PANA Encapsulated in PCP
> > - PANA Demultiplexed with PCP on the same port
> >
> > The consensus in the room  was that PANA-based approach is preferrable
> > over PCP specific approach. I need to look at the meeting minutes and
> > recording though.
> >
> > regards,
> > _Subir
> >
> > On Thu, Aug 16, 2012 at 7:38 AM, Margaret Wasserman
> > <margaretw42@gmail.com> wrote:
> >
> >
> >
> >
> >       Hi Dacheng,
> >
> >       The conclusion from the meeting was that we will document all
> > three approaches in our document:
> >
> >       - PCP Specific
> >       - PANA Encapsulated in PCP
> >       - PANA Demultiplexed with PCP on the same port
> >
> >       Then, we will have an interim PCP conference call to discuss the
> > trade-offs and hopefully decide between them.
> >
> >
> >       Margaret
> >
> >
> >
> >       On Aug 15, 2012, at 10:47 PM, Zhangdacheng (Dacheng) wrote:
> >
> >
> >
> >               Have we got any conclusions on two approaches?  Or we can
> > just support the two options in the draft for the moment and briefly
> > compare their pros and cons, can we?
> >
> >               Cheers
> >
> >               Dcheng
> >
> >               From: pcp-bounces@ietf.org [mailto:pcp-bounces@ietf.org]
> On
> > Behalf Of Margaret Wasserman
> >               Sent: Friday, August 10, 2012 3:21 AM
> >               To: Dan Wing
> >               Cc: pcp@ietf.org
> >               Subject: Re: [pcp] Comparison of PCP authentication
> >
> >
> >               On Aug 9, 2012, at 2:32 PM, Dan Wing wrote:
> >
> >
> >
> >                               If I'm updating security policy on a
> firewall I
> > want to be able to
> >
> >                               audit whether that actually happened.  That
> > requires authentication.
> >
> >
> >                       You are saying a PCP client would only want to
> update
> > firewall policies
> >                       if the PCP server supports authentication,
> otherwise
> > it would tell the
> >                       user that it cannot enable the webcam, Internet-
> > connected NAS,
> >                       Internet-connected printer, etc.?
> >
> >
> >               I wont presume to guess what Sam is thinking...
> >
> >               However, I am thinking that there will be some clients
> > that are configured to perform authentication for every request.  For
> > example, there is no reason for a PCP proxy, running in an environment
> > where authentication is required to do a THIRD-PARTY request, to
> > perform a useless round-trip for every THIRD-PARTY request it issues.
> >
> >               Margaret
> >
> >
> >
> >
> >
> >       _______________________________________________
> >       pcp mailing list
> >       pcp@ietf.org
> >       https://www.ietf.org/mailman/listinfo/pcp
> >
> >
> >
> >
>
>
>

v2.23.0 | Report a Bug | By Email