Re: [Seamoby] issue-#48: Use of trusted-anchor sub-option between Access Routers

Marco Liebsch <marco.liebsch@ccrle.nec.de> Tue, 11 May 2004 17:30 UTC

Received: from optimus.ietf.org (iesg.org [132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA10510 for <seamoby-archive@odin.ietf.org>; Tue, 11 May 2004 13:30:52 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BNaw6-0001Ji-Oc for seamoby-archive@odin.ietf.org; Tue, 11 May 2004 13:21:02 -0400
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id i4BHKwrv005060 for seamoby-archive@odin.ietf.org; Tue, 11 May 2004 13:20:58 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BNago-0006V0-H6 for seamoby-web-archive@optimus.ietf.org; Tue, 11 May 2004 13:05:10 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA08843 for <seamoby-web-archive@ietf.org>; Tue, 11 May 2004 13:05:06 -0400 (EDT)
Received: from ietf-mx.ietf.org ([132.151.6.1] helo=ietf-mx) by ietf-mx with esmtp (Exim 4.32) id 1BNagm-0001Jb-Nr for seamoby-web-archive@ietf.org; Tue, 11 May 2004 13:05:08 -0400
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1BNafv-0000tY-00 for seamoby-web-archive@ietf.org; Tue, 11 May 2004 13:04:16 -0400
Received: from optimus.ietf.org ([132.151.1.19]) by ietf-mx with esmtp (Exim 4.12) id 1BNaey-0000TL-00 for seamoby-web-archive@ietf.org; Tue, 11 May 2004 13:03:16 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BNaWz-0003zJ-P2; Tue, 11 May 2004 12:55:01 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BNaDj-00088u-Ll for seamoby@optimus.ietf.org; Tue, 11 May 2004 12:35:07 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA07013 for <seamoby@ietf.org>; Tue, 11 May 2004 12:35:03 -0400 (EDT)
Received: from ietf-mx.ietf.org ([132.151.6.1] helo=ietf-mx) by ietf-mx with esmtp (Exim 4.32) id 1BNaDi-0003kG-1u for seamoby@ietf.org; Tue, 11 May 2004 12:35:06 -0400
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1BNaCl-0003Km-00 for seamoby@ietf.org; Tue, 11 May 2004 12:34:07 -0400
Received: from tokyo.netlab.nec.de ([195.37.70.2] helo=tokyo.ccrle.nec.de) by ietf-mx with esmtp (Exim 4.12) id 1BNaBx-0002Vc-00 for seamoby@ietf.org; Tue, 11 May 2004 12:33:17 -0400
Received: from tokyo.ccrle.nec.de (localhost [127.0.0.1]) by tokyo.ccrle.nec.de (8.12.10/8.12.9) with ESMTP id i4BGWfDW049136 for <seamoby@ietf.org>; Tue, 11 May 2004 18:32:41 +0200 (CEST)
Received: (from defang@localhost) by tokyo.ccrle.nec.de (8.12.10/8.12.8/Submit) id i4BGWahk049132 for <seamoby@ietf.org>; Tue, 11 May 2004 18:32:36 +0200 (CEST)
X-Authentication-Warning: tokyo.ccrle.nec.de: defang set sender to <marco.liebsch@ccrle.nec.de> using -f
Received: from venus.office (venus.office [10.1.1.11]) by pluto.office (8.12.9/8.12.9+MIMEDefang) with ESMTP id i4BGWZDW049130; Tue, 11 May 2004 18:32:36 +0200 (CEST)
Received: from ccrle.nec.de (pluto.office [10.1.1.84]) by venus.office (Postfix on SuSE Linux eMail Server 3.0) with ESMTP id 587AFA11D7; Tue, 11 May 2004 17:32:35 +0200 (CEST)
Message-ID: <40A10023.8030507@ccrle.nec.de>
Date: Tue, 11 May 2004 18:32:35 +0200
From: Marco Liebsch <marco.liebsch@ccrle.nec.de>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040113
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: James Kempf <kempf@docomolabs-usa.com>
Cc: seamoby@ietf.org
Subject: Re: [Seamoby] issue-#48: Use of trusted-anchor sub-option between Access Routers
References: <01db01c432ef$630b8b50$366115ac@dcml.docomolabsusa.com>
In-Reply-To: <01db01c432ef$630b8b50$366115ac@dcml.docomolabsusa.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.35
Content-Transfer-Encoding: 7bit
Sender: seamoby-admin@ietf.org
Errors-To: seamoby-admin@ietf.org
X-BeenThere: seamoby@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/seamoby>, <mailto:seamoby-request@ietf.org?subject=unsubscribe>
List-Id: Context Transfer, Handoff Candidate Discovery, and Dormant Mode Host Alerting <seamoby.ietf.org>
List-Post: <mailto:seamoby@ietf.org>
List-Help: <mailto:seamoby-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/seamoby>, <mailto:seamoby-request@ietf.org?subject=subscribe>
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org
X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=no version=2.60
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit

Another point: Is the Trusted Anchor always to be sent from a mobile to 
it current AR in case of
certificates are requested? If the current AR and a CAR share the same 
CA, the chain from the mobile's
trusted CA to the ARs' CA should have been validated already in a 
previous request.
Hence, subsequent cert requests do not necessarily require a Trusted 
Anchor to be sent
with the MN-AR CARD Request, right?
Here, the flag could serve for the same purpose in the MN-AR CARD Request.

Furthermore, do we have to distinguish between a requested certificate 
of a CAR or
a requested cert of a mobile's current AR? Well, I think the current 
mechanism
uses the L2-ID for that. If the L2-ID belongs to an Access Point 
associated with the
current AR, the cert of the current AR will be sent back, otherwise the 
cert of the CAR will
be sent in the reply. Shouldn't we de-couple a cert request from the L2-ID
sub-option?

What do you think?

marco

James Kempf wrote:

>The issue is that draft 07 requires use of the Trusted Anchor sub-option
>between access routers for an AR to request its CAR to send certificates.
>Typically an AR would be interested in obtaining certificate chains for all
>trusted anchors possessed by the CAR, and since there is no logical
>bandwidth limitation on the inter-router interface, there is no reason to
>limit the number of certificates transmitted.
>
>The suggested resolution is to include a flag in the CARD Request header for
>the AR to indicate that it wants all the certificate chains.
>
>            jak
>
>
>
>_______________________________________________
>Seamoby mailing list
>Seamoby@ietf.org
>https://www1.ietf.org/mailman/listinfo/seamoby
>  
>



_______________________________________________
Seamoby mailing list
Seamoby@ietf.org
https://www1.ietf.org/mailman/listinfo/seamoby