Re: [pcp] EAP-over-PCP
Alper Yegin <alper.yegin@yegin.org> Wed, 19 September 2012 07:40 UTC
Return-Path: <alper.yegin@yegin.org>
X-Original-To: pcp@ietfa.amsl.com
Delivered-To: pcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1196D21F86AB for <pcp@ietfa.amsl.com>; Wed, 19 Sep 2012 00:40:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.445
X-Spam-Level:
X-Spam-Status: No, score=-102.445 tagged_above=-999 required=5 tests=[AWL=0.154, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cXWZtXOy6U2P for <pcp@ietfa.amsl.com>; Wed, 19 Sep 2012 00:40:00 -0700 (PDT)
Received: from mout.perfora.net (mout.perfora.net [74.208.4.194]) by ietfa.amsl.com (Postfix) with ESMTP id 75A8921F86AA for <pcp@ietf.org>; Wed, 19 Sep 2012 00:40:00 -0700 (PDT)
Received: from [192.168.2.5] (88.247.135.202.static.ttnet.com.tr [88.247.135.202]) by mrelay.perfora.net (node=mrus3) with ESMTP (Nemesis) id 0LoErp-1Tggx034NF-00gf0C; Wed, 19 Sep 2012 03:39:58 -0400
Mime-Version: 1.0 (Apple Message framework v1278)
Content-Type: text/plain; charset="us-ascii"
From: Alper Yegin <alper.yegin@yegin.org>
In-Reply-To: <tslvcfbscqm.fsf_-_@mit.edu>
Date: Wed, 19 Sep 2012 10:39:40 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <20FE79EA-9E75-49E7-9854-4AA24314FC7B@yegin.org>
References: <14C7F4F06DB5814AB0DE29716C4F6D6702E12ABC28@FRMRSSXCHMBSB1.dc-m.alcatel-lucent.com> <CB96F2AF-7545-457D-96EB-F78B7666C00C@yegin.org> <tsl1ui0wvmo.fsf_-_@mit.edu> <E91C9554-FBCF-4324-A1BF-5C4D75F5264A@yegin.org> <9A2322BB-699A-4A71-89D5-9E3E48979272@yegin.org> <tslvcfbscqm.fsf_-_@mit.edu>
To: Sam Hartman <hartmans@painless-security.com>
X-Mailer: Apple Mail (2.1278)
X-Provags-ID: V02:K0:P4tFH0J6OZ61dUd+lozqLnAgeyy4Uxt4k2yqihnOEF1 Ql4mTQWxxewlRHLnmbhi3gPbXQOjpxnejrr5ROYIeH9x+kdblC Y41Sgz+q/TC1UtLJlrD11JIPLcHMpluOahqY0EffOmZlpdR7vz vG/2MhLJo+4fJz5TCNFfPxDhzX/8VQ25PhUuVM9h7j1ePgjv9b 2/HsIR/Ukp8M84IP2k1lTBOFi3LMVONb4D5tZNFnoYrXUP6+b/ eEiDHe33+QicHFQXQ5Zo94oG9KjFof/uxkRN0atSatzcunKhWn wluUM9K9vACWb1jyOY6fwxYAvTRlie27/NxVgyFRynP+CX16LT EVlDiqXiDsk7/sZsyg2zEVU9zOElyMcwCuUc95JGz6UWeds1LH YybKhg7Sa+3MQ==
Cc: "'pcp@ietf.org'" <pcp@ietf.org>
Subject: Re: [pcp] EAP-over-PCP
X-BeenThere: pcp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: PCP wg discussion list <pcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pcp>, <mailto:pcp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pcp>
List-Post: <mailto:pcp@ietf.org>
List-Help: <mailto:pcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pcp>, <mailto:pcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Sep 2012 07:40:01 -0000
Hi Sam, > > > Hi, Alper. > Thanks for your review. > We're glad that we were able in your eyes to successfully re-use a lot > of the work that went into PANA design. > We really appreciated being able to look at previous lower-layer work > including PANA and draft-ietf-abfab-gss-eap to make our job easier. > > > If the WG believes terminology realignment would be beneficial here, > then we can work towards that goal. > > I'd appreciate comments from PCP implementors on the state machine > integration issue that Alper brings up. > > Depending on what's easy for PCP implementations we have a number of > options. > > In RFC 3748 the conversation is conceptually server driven. > However, there is typically a client (lower layer) indication to get > things started. > > However, the only reason that the conversation is server-driven iss > retransmissions. If you take a look at section 2 of RFC 3748 you note > that the protocol is lockstep. The server cannot send a new request > until the client has responded to the previous one. If you take a look > at section 4.3, a lower layer may sent the retransmission timeout to > infinite. In this mode, the server will never generate an unsolicited > request. > So, it's entirely possible to view things as a client-server protocol > with client-driven retransmissions if that makes things easier for PCP > implementations. > I don't understand how this works. EAP authenticator performs rexmits. So, if it does not get a response, it'll keep rexmitting. So, how can you achieve "server will never generate an unsolicited request"? And, furthermore, there'd be EAP re-authentication which can be initiated by the client or server. This is another reason for having to support server-side requests. Alper > That's the approach we took in draft-ietf-abfab-gss-eap. That spec is an > approved EAP lower layer in the RFC editor queue. That spec treats EAP > as a simple lock-step client-server protocol. We lose a half round trip > because we ask the server to get started and it then asks us for our > identity. We came up with mechanisms for including our identity in the > first request, trimming a half round trip. The decision of that working > group was that the complexity was not worth it, but that optimization is > available if it helps with PCP. > > so, feedback from people with PCP state machines would be really helpful > about which of these issues matter to you.
- Re: [pcp] PANA implementatinos to consider Yoshihiro Ohba
- Re: [pcp] PANA implementatinos to consider Reinaldo Penno (repenno)
- Re: [pcp] Side-by-side or nested protocols (was R… Yoshihiro Ohba
- Re: [pcp] PANA implementatinos to consider Dan Wing
- Re: [pcp] PANA implementatinos to consider Hannes Tschofenig
- Re: [pcp] PANA implementatinos to consider Sam Hartman
- Re: [pcp] PANA implementatinos to consider Hannes Tschofenig
- Re: [pcp] PANA implementatinos to consider Hannes Tschofenig
- Re: [pcp] PANA implementatinos to consider Alper Yegin
- Re: [pcp] PANA implementatinos to consider Margaret Wasserman
- Re: [pcp] PANA implementatinos to consider Margaret Wasserman
- Re: [pcp] PANA implementatinos to consider Margaret Wasserman
- Re: [pcp] PANA implementatinos to consider Yoshihiro Ohba
- Re: [pcp] PANA implementatinos to consider Alper Yegin
- Re: [pcp] PANA implementatinos to consider Margaret Wasserman
- Re: [pcp] PANA implementatinos to consider Henderickx, Wim (Wim)
- Re: [pcp] PANA implementatinos to consider Yoshihiro Ohba
- Re: [pcp] PANA implementatinos to consider Margaret Wasserman
- Re: [pcp] PANA implementatinos to consider Margaret Wasserman
- [pcp] Authentication scenarios (was Re: PANA impl… Alper Yegin
- [pcp] Side-by-side or nested protocols (was Re: P… Alper Yegin
- Re: [pcp] Side-by-side or nested protocols (was R… Henderickx, Wim (Wim)
- Re: [pcp] Authentication scenarios (was Re: PANA … Margaret Wasserman
- Re: [pcp] Side-by-side or nested protocols (was R… Alper Yegin
- Re: [pcp] [ Side-by-side or nested protocols Sam Hartman
- Re: [pcp] Authentication scenarios (was Re: PANA … Alper Yegin
- Re: [pcp] Side-by-side or nested protocols (was R… Reinaldo Penno (repenno)
- Re: [pcp] [ Side-by-side or nested protocols Alper Yegin
- Re: [pcp] Side-by-side or nested protocols (was R… Alper Yegin
- [pcp] EAP-over-PCP Alper Yegin
- Re: [pcp] EAP-over-PCP Zhangdacheng (Dacheng)
- Re: [pcp] [ Side-by-side or nested protocols Margaret Wasserman
- Re: [pcp] Side-by-side or nested protocols (was R… Margaret Wasserman
- Re: [pcp] Side-by-side or nested protocols Sam Hartman
- Re: [pcp] EAP-over-PCP Margaret Wasserman
- [pcp] EAP-over-PCP Sam Hartman
- Re: [pcp] Side-by-side or nested protocols (was R… Yoshihiro Ohba
- Re: [pcp] EAP-over-PCP Alper Yegin
- Re: [pcp] EAP-over-PCP Alper Yegin
- Re: [pcp] Side-by-side or nested protocols (was R… Alper Yegin
- Re: [pcp] EAP-over-PCP Margaret Wasserman
- Re: [pcp] Side-by-side or nested protocols (was R… Reinaldo Penno (repenno)
- Re: [pcp] EAP-over-PCP Sam Hartman
- Re: [pcp] Side-by-side or nested protocols (was R… Yoshihiro Ohba
- Re: [pcp] Side-by-side or nested protocols (was R… Alper Yegin
- Re: [pcp] EAP-over-PCP Alper Yegin
- Re: [pcp] EAP-over-PCP Alper Yegin
- Re: [pcp] EAP-over-PCP Margaret Wasserman
- Re: [pcp] EAP-over-PCP Margaret Wasserman
- Re: [pcp] EAP-over-PCP Alper Yegin
- [pcp] EAP retransmits and re-authentication Sam Hartman
- [pcp] gss-eap Alper Yegin
- Re: [pcp] EAP retransmits and re-authentication Yoshihiro Ohba
- Re: [pcp] EAP retransmits and re-authentication Sam Hartman
- Re: [pcp] EAP retransmits and re-authentication Yoshihiro Ohba
- Re: [pcp] EAP retransmits and re-authentication Sam Hartman
- Re: [pcp] EAP retransmits and re-authentication Margaret Wasserman
- Re: [pcp] EAP retransmits and re-authentication Yoshihiro Ohba
- Re: [pcp] EAP retransmits and re-authentication Sam Hartman
- Re: [pcp] EAP retransmits and re-authentication Yoshihiro Ohba
- Re: [pcp] EAP retransmits and re-authentication Alper Yegin
- Re: [pcp] gss-eap & client-side rexmit only Alper Yegin
- Re: [pcp] gss-eap & client-side rexmit only Margaret Wasserman
- Re: [pcp] gss-eap & client-side rexmit only Sam Hartman
- Re: [pcp] gss-eap & client-side rexmit only Yoshihiro Ohba
- Re: [pcp] gss-eap & client-side rexmit only Alper Yegin