IETF Logo Mail Archive

Re: [pcp] Comparison of PCP authentication

Margaret Wasserman <mrw@lilacglade.org> Mon, 06 August 2012 23:07 UTC

Return-Path: <mrw@lilacglade.org>
X-Original-To: pcp@ietfa.amsl.com
Delivered-To: pcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6A51021F8605 for <pcp@ietfa.amsl.com>; Mon, 6 Aug 2012 16:07:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -95.706
X-Spam-Level:
X-Spam-Status: No, score=-95.706 tagged_above=-999 required=5 tests=[AWL=0.005, BAYES_00=-2.599, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_IPADDR=2.426, HTML_MESSAGE=0.001, RDNS_DYNAMIC=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R5K3nzsMePzV for <pcp@ietfa.amsl.com>; Mon, 6 Aug 2012 16:07:56 -0700 (PDT)
Received: from ec2-23-21-76-251.compute-1.amazonaws.com (ec2-23-21-76-251.compute-1.amazonaws.com [23.21.76.251]) by ietfa.amsl.com (Postfix) with ESMTP id A0A0A21F85A3 for <pcp@ietf.org>; Mon, 6 Aug 2012 16:07:56 -0700 (PDT)
Received: from lilac-too.home (permutation-city.suchdamage.org [69.25.196.28]) (using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)) (Client did not present a certificate) by mail.suchdamage.org (Postfix) with ESMTPSA id 92A5D2002D; Mon, 6 Aug 2012 19:06:55 -0400 (EDT)
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: multipart/alternative; boundary="Apple-Mail-5-915054956"
From: Margaret Wasserman <mrw@lilacglade.org>
In-Reply-To: <075301cd7419$19557dd0$4c007970$@com>
Date: Mon, 06 Aug 2012 19:07:54 -0400
Message-Id: <A8A3C2BF-6966-4043-ABF1-363EDA3BB7F8@lilacglade.org>
References: <9B57C850BB53634CACEC56EF4853FF653B6EC381@TK5EX14MBXW604.wingroup.windeploy.ntdev.microsoft.com> <7FE144CF-00E3-4451-8CBE-A6A684DB7CC4@yegin.org> <067d01cd73fd$765a6c50$630f44f0$@com> <D6D2DEED-C35A-45AB-8B72-96195C308DB9@yegin.org> <57FF0F8E-1B86-410F-8B6B-C4893A28222F@lilacglade.org> <075301cd7419$19557dd0$4c007970$@com>
To: Dan Wing <dwing@cisco.com>
X-Mailer: Apple Mail (2.1084)
Cc: pcp@ietf.org
Subject: Re: [pcp] Comparison of PCP authentication
X-BeenThere: pcp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: PCP wg discussion list <pcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pcp>, <mailto:pcp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pcp>
List-Post: <mailto:pcp@ietf.org>
List-Help: <mailto:pcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pcp>, <mailto:pcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Aug 2012 23:07:57 -0000

On Aug 6, 2012, at 5:19 PM, Dan Wing wrote:
> 
> Also, if an update to PANA allows 0b00000010 in that first octet, we will
> have a problem.  It would be safer if we assign the last two bits in that
> first octet of PANA to must-be-zero.  Perhaps via an Errata against the PANA
> spec, if we decide this is the best solution.

Good point Dan.  We will mention this in the updated draft (the one with the three choices), just so we don't lose track of it.

>>   But, the encapsulation
>> approach would allow us to gain some optimization by piggy-backing the
>> first (and possibly the final?) messages of the PANA exchange in the
>> original PCP request (and response?) to cut down on the number of
>> messages needed to create a secure mapping. 
> 
> How many messages are we talking about (5?), and how much reduction 
> could we see (reduction from 5 to 3??).

I think we are talking about ~7 messages, cut down to 5 or 6...  I realize that is a fairly small optimization, as a percentage, but security folks do go to fairly significant ends to cut out round trips, when possible, to make people less averse to adopting security solutions.  I don't know how many of those steps are lock-step... This is something I will try to look into and provide more information about for the interim meeting.  I'm hoping we'll have more time to go over the trade-offs in detail on a call than we did in the meeting (when we only had ~25 minutes).

Margaret

v2.23.0 | Report a Bug | By Email