Re: [pcp] Comparison of PCP authentication
Margaret Wasserman <mrw@lilacglade.org> Mon, 06 August 2012 23:07 UTC
Return-Path: <mrw@lilacglade.org>
X-Original-To: pcp@ietfa.amsl.com
Delivered-To: pcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6A51021F8605 for <pcp@ietfa.amsl.com>; Mon, 6 Aug 2012 16:07:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -95.706
X-Spam-Level:
X-Spam-Status: No, score=-95.706 tagged_above=-999 required=5 tests=[AWL=0.005, BAYES_00=-2.599, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_IPADDR=2.426, HTML_MESSAGE=0.001, RDNS_DYNAMIC=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R5K3nzsMePzV for <pcp@ietfa.amsl.com>; Mon, 6 Aug 2012 16:07:56 -0700 (PDT)
Received: from ec2-23-21-76-251.compute-1.amazonaws.com (ec2-23-21-76-251.compute-1.amazonaws.com [23.21.76.251]) by ietfa.amsl.com (Postfix) with ESMTP id A0A0A21F85A3 for <pcp@ietf.org>; Mon, 6 Aug 2012 16:07:56 -0700 (PDT)
Received: from lilac-too.home (permutation-city.suchdamage.org [69.25.196.28]) (using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)) (Client did not present a certificate) by mail.suchdamage.org (Postfix) with ESMTPSA id 92A5D2002D; Mon, 6 Aug 2012 19:06:55 -0400 (EDT)
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: multipart/alternative; boundary="Apple-Mail-5-915054956"
From: Margaret Wasserman <mrw@lilacglade.org>
In-Reply-To: <075301cd7419$19557dd0$4c007970$@com>
Date: Mon, 06 Aug 2012 19:07:54 -0400
Message-Id: <A8A3C2BF-6966-4043-ABF1-363EDA3BB7F8@lilacglade.org>
References: <9B57C850BB53634CACEC56EF4853FF653B6EC381@TK5EX14MBXW604.wingroup.windeploy.ntdev.microsoft.com> <7FE144CF-00E3-4451-8CBE-A6A684DB7CC4@yegin.org> <067d01cd73fd$765a6c50$630f44f0$@com> <D6D2DEED-C35A-45AB-8B72-96195C308DB9@yegin.org> <57FF0F8E-1B86-410F-8B6B-C4893A28222F@lilacglade.org> <075301cd7419$19557dd0$4c007970$@com>
To: Dan Wing <dwing@cisco.com>
X-Mailer: Apple Mail (2.1084)
Cc: pcp@ietf.org
Subject: Re: [pcp] Comparison of PCP authentication
X-BeenThere: pcp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: PCP wg discussion list <pcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pcp>, <mailto:pcp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pcp>
List-Post: <mailto:pcp@ietf.org>
List-Help: <mailto:pcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pcp>, <mailto:pcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Aug 2012 23:07:57 -0000
On Aug 6, 2012, at 5:19 PM, Dan Wing wrote: > > Also, if an update to PANA allows 0b00000010 in that first octet, we will > have a problem. It would be safer if we assign the last two bits in that > first octet of PANA to must-be-zero. Perhaps via an Errata against the PANA > spec, if we decide this is the best solution. Good point Dan. We will mention this in the updated draft (the one with the three choices), just so we don't lose track of it. >> But, the encapsulation >> approach would allow us to gain some optimization by piggy-backing the >> first (and possibly the final?) messages of the PANA exchange in the >> original PCP request (and response?) to cut down on the number of >> messages needed to create a secure mapping. > > How many messages are we talking about (5?), and how much reduction > could we see (reduction from 5 to 3??). I think we are talking about ~7 messages, cut down to 5 or 6... I realize that is a fairly small optimization, as a percentage, but security folks do go to fairly significant ends to cut out round trips, when possible, to make people less averse to adopting security solutions. I don't know how many of those steps are lock-step... This is something I will try to look into and provide more information about for the interim meeting. I'm hoping we'll have more time to go over the trade-offs in detail on a call than we did in the meeting (when we only had ~25 minutes). Margaret
- [pcp] Reminder: submit IETF 84 PCP agenda requests Dave Thaler
- Re: [pcp] Reminder: submit IETF 84 PCP agenda req… Xiaohong Deng
- [pcp] Comparison of PCP authentication Alper Yegin
- Re: [pcp] Comparison of PCP authentication Margaret Wasserman
- Re: [pcp] Comparison of PCP authentication Dan Wing
- Re: [pcp] Comparison of PCP authentication Alper Yegin
- Re: [pcp] Comparison of PCP authentication Margaret Wasserman
- Re: [pcp] Comparison of PCP authentication Dan Wing
- Re: [pcp] Comparison of PCP authentication james woodyatt
- Re: [pcp] Comparison of PCP authentication Margaret Wasserman
- Re: [pcp] Comparison of PCP authentication Margaret Wasserman
- Re: [pcp] Comparison of PCP authentication Sam Hartman
- Re: [pcp] Comparison of PCP authentication Yoshihiro Ohba
- Re: [pcp] Comparison of PCP authentication Zhangdacheng (Dacheng)
- Re: [pcp] Comparison of PCP authentication Alper Yegin
- Re: [pcp] Comparison of PCP authentication Alper Yegin
- Re: [pcp] Comparison of PCP authentication Margaret Wasserman
- Re: [pcp] Comparison of PCP authentication Margaret Wasserman
- Re: [pcp] Comparison of PCP authentication Alper Yegin
- Re: [pcp] Comparison of PCP authentication Yoshihiro Ohba
- Re: [pcp] Comparison of PCP authentication Alper Yegin
- Re: [pcp] Comparison of PCP authentication Margaret Wasserman
- Re: [pcp] Comparison of PCP authentication Sam Hartman
- Re: [pcp] Comparison of PCP authentication Alper Yegin
- Re: [pcp] Comparison of PCP authentication Margaret Wasserman
- Re: [pcp] Comparison of PCP authentication Yoshihiro Ohba
- Re: [pcp] Comparison of PCP authentication Dan Wing
- Re: [pcp] Comparison of PCP authentication Margaret Wasserman
- Re: [pcp] Comparison of PCP authentication Sam Hartman
- Re: [pcp] Comparison of PCP authentication Dan Wing
- Re: [pcp] Comparison of PCP authentication Zhangdacheng (Dacheng)
- Re: [pcp] Comparison of PCP authentication Dan Wing
- Re: [pcp] Comparison of PCP authentication Zhangdacheng (Dacheng)
- [pcp] single port PANA+PCP Alper Yegin
- Re: [pcp] single port PANA+PCP Margaret Wasserman
- Re: [pcp] Comparison of PCP authentication Sam Hartman
- Re: [pcp] single port PANA+PCP Alper Yegin
- Re: [pcp] single port PANA+PCP Dan Wing
- Re: [pcp] Comparison of PCP authentication Dan Wing
- Re: [pcp] single port PANA+PCP Dan Wing
- Re: [pcp] Comparison of PCP authentication Dan Wing
- Re: [pcp] Comparison of PCP authentication Sam Hartman
- Re: [pcp] Comparison of PCP authentication Dan Wing
- Re: [pcp] single port PANA+PCP Margaret Wasserman
- Re: [pcp] Comparison of PCP authentication Margaret Wasserman
- Re: [pcp] Comparison of PCP authentication Sam Hartman
- Re: [pcp] Comparison of PCP authentication Zhangdacheng (Dacheng)
- Re: [pcp] Comparison of PCP authentication Yoshihiro Ohba
- Re: [pcp] Comparison of PCP authentication Zhangdacheng (Dacheng)
- Re: [pcp] Comparison of PCP authentication Yoshihiro Ohba
- Re: [pcp] Comparison of PCP authentication Margaret Wasserman
- Re: [pcp] Comparison of PCP authentication Margaret Wasserman
- Re: [pcp] Comparison of PCP authentication Yoshihiro Ohba
- Re: [pcp] Comparison of PCP authentication Sam Hartman
- Re: [pcp] Comparison of PCP authentication Margaret Wasserman
- Re: [pcp] Comparison of PCP authentication Yoshihiro Ohba
- Re: [pcp] Comparison of PCP authentication Alper Yegin
- Re: [pcp] Comparison of PCP authentication Alper Yegin
- [pcp] channel binding (was Re: Comparison of PCP … Alper Yegin
- [pcp] PANA and PCP port sharing (was Re: Comparis… Alper Yegin
- Re: [pcp] Comparison of PCP authentication Sam Hartman
- Re: [pcp] channel binding Sam Hartman
- Re: [pcp] Comparison of PCP authentication Yoshihiro Ohba
- Re: [pcp] channel binding Alper Yegin
- Re: [pcp] Comparison of PCP authentication Alper Yegin
- Re: [pcp] Comparison of PCP authentication Zhangdacheng (Dacheng)
- [pcp] Fwd: Comparison of PCP authentication Subir Das
- Re: [pcp] Fwd: Comparison of PCP authentication Dan Wing
- Re: [pcp] Fwd: Comparison of PCP authentication Subir Das
- Re: [pcp] Fwd: Comparison of PCP authentication Sam Hartman