Re: [pcp] About selecting a key management for PCP
Alper Yegin <alper.yegin@yegin.org> Thu, 02 August 2012 21:09 UTC
Return-Path: <alper.yegin@yegin.org>
X-Original-To: pcp@ietfa.amsl.com
Delivered-To: pcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C3BAD11E814B for <pcp@ietfa.amsl.com>; Thu, 2 Aug 2012 14:09:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Jbm+5LFUee+R for <pcp@ietfa.amsl.com>; Thu, 2 Aug 2012 14:09:41 -0700 (PDT)
Received: from mout.perfora.net (mout.perfora.net [74.208.4.194]) by ietfa.amsl.com (Postfix) with ESMTP id 1535A11E814E for <pcp@ietf.org>; Thu, 2 Aug 2012 14:09:41 -0700 (PDT)
Received: from [192.168.2.5] (88.247.135.202.static.ttnet.com.tr [88.247.135.202]) by mrelay.perfora.net (node=mrus4) with ESMTP (Nemesis) id 0MQROe-1TMDyc0oyS-00UTXY; Thu, 02 Aug 2012 17:09:39 -0400
Mime-Version: 1.0 (Apple Message framework v1278)
Content-Type: text/plain; charset="GB2312"
From: Alper Yegin <alper.yegin@yegin.org>
In-Reply-To: <C72CBD9FE3CA604887B1B3F1D145D05E2CE63FF9@szxeml528-mbx.china.huawei.com>
Date: Fri, 03 Aug 2012 00:09:19 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <1F8B57B5-BE4D-44C5-BA3A-E0EC3BA7FFCD@yegin.org>
References: <C72CBD9FE3CA604887B1B3F1D145D05E2CE62CD3@szxeml528-mbx.china.huawei.com>, <0096E801-3D17-4751-981A-67A46B96F739@yegin.org> <C72CBD9FE3CA604887B1B3F1D145D05E2CE63FF9@szxeml528-mbx.china.huawei.com>
To: "Zhangdacheng (Dacheng)" <zhangdacheng@huawei.com>
X-Mailer: Apple Mail (2.1278)
X-Provags-ID: V02:K0:JLdD6cX1a66dWu33pqzGYm2xGElTTTDVXpHa4T66N/B f4rKkBCnDhMYDsA9SOFQQhHLhy1nfm+myVp/l/+HFSZCnudhvr +2Z0qsAjNxWvHQwsUOPaJju+hmOmtJ2ntHxsQhL1CJjBguhVrj 1ZfKY/yMwdjMfjW7Ue5nx2yzFuDpVnk7ZYqPOCikX64bzlIyCW eqlZqQhgE3gYepv/40zXWfGouBWKAh7KWKiyM9AO6q17MIsany 7Wd0TtDYSemsMo8mrcpN1BM33GJfDFqAMrehaPA7hlBxFUe5Mp 5JRnIdNBYHXWIXdD8POIxXHwTEOm6KSOnP3g9Sf0j4EIcsCzgh DtutZPOQcgBtU3BEYcvNyPcipgBAHtMS8wMz/oN3KOqBC+pMdt ygPfmOmDzQkyQ==
Cc: Margaret Wasserman <mrw@painless-security.com>, "pcp@ietf.org" <pcp@ietf.org>
Subject: Re: [pcp] About selecting a key management for PCP
X-BeenThere: pcp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: PCP wg discussion list <pcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pcp>, <mailto:pcp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pcp>
List-Post: <mailto:pcp@ietf.org>
List-Help: <mailto:pcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pcp>, <mailto:pcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Aug 2012 21:09:42 -0000
>> an in-band authenticaiton mchanism for PCP (actually a simplified PANA). > > >> It's not simplified…. It's basically growing PANA (an EAPoUDP transport) within PCP. A redundant work that'd >result in more complexity than keeping two simple protocols separate. This "oh I'll just carry EAP over my favorite >protocol (e.g., DHCP!), and it'd be sooo simple" was tried before and failed miserably. PCP and its key >management are two separate issues that deserve two separate protocols (similar to IKE and IPsec being >separate). I don't see any value in cobbling them up, which is more like a PPP-style approach -- all-in-one. > > > > Maybe my bad English causes confusion. Sorry for that. The "simplified" here means we can remove the redundant functions of PANA and only keep the necessary part. That is exactly what we are trying to do in the pcp authentication draft. > We can certainly profile PANA to to not use those unnecessary parts (IP-reconfig bit… just a bit, don't use it). > In addition, you remind me one thing. Karp WG is trying to use IKEv2 to provide key management for unicast routing protocols. If our WG decide to select a separated AKM > solution. Do you think it is a good idea to borrow their work to secure PCP? > Sure, it's a candidate. (Though, IMHO, IKEv2 is so IPsec-specific, using it for keying other protocols is a stretch). Alper > Cheers > > Dacheng > > Alper >
- Re: [pcp] About selecting a key management for PCP Alper Yegin
- [pcp] About selecting a key management for PCP Zhangdacheng (Dacheng)
- Re: [pcp] About selecting a key management for PCP Dan Wing
- [pcp] 答复: About selecting a key management for PCP Zhangdacheng (Dacheng)
- Re: [pcp] About selecting a key management for PCP Alper Yegin
- Re: [pcp] About selecting a key management for PCP Tirumaleswar Reddy (tireddy)