Re: [Seamoby] issue-#48: Use of trusted-anchor sub-option between Access Routers
Marco Liebsch <marco.liebsch@ccrle.nec.de> Tue, 11 May 2004 17:30 UTC
Received: from optimus.ietf.org (iesg.org [132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA10510 for <seamoby-archive@odin.ietf.org>; Tue, 11 May 2004 13:30:52 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BNaw6-0001Ji-Oc for seamoby-archive@odin.ietf.org; Tue, 11 May 2004 13:21:02 -0400
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id i4BHKwrv005060 for seamoby-archive@odin.ietf.org; Tue, 11 May 2004 13:20:58 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BNago-0006V0-H6 for seamoby-web-archive@optimus.ietf.org; Tue, 11 May 2004 13:05:10 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA08843 for <seamoby-web-archive@ietf.org>; Tue, 11 May 2004 13:05:06 -0400 (EDT)
Received: from ietf-mx.ietf.org ([132.151.6.1] helo=ietf-mx) by ietf-mx with esmtp (Exim 4.32) id 1BNagm-0001Jb-Nr for seamoby-web-archive@ietf.org; Tue, 11 May 2004 13:05:08 -0400
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1BNafv-0000tY-00 for seamoby-web-archive@ietf.org; Tue, 11 May 2004 13:04:16 -0400
Received: from optimus.ietf.org ([132.151.1.19]) by ietf-mx with esmtp (Exim 4.12) id 1BNaey-0000TL-00 for seamoby-web-archive@ietf.org; Tue, 11 May 2004 13:03:16 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BNaWz-0003zJ-P2; Tue, 11 May 2004 12:55:01 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BNaDj-00088u-Ll for seamoby@optimus.ietf.org; Tue, 11 May 2004 12:35:07 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA07013 for <seamoby@ietf.org>; Tue, 11 May 2004 12:35:03 -0400 (EDT)
Received: from ietf-mx.ietf.org ([132.151.6.1] helo=ietf-mx) by ietf-mx with esmtp (Exim 4.32) id 1BNaDi-0003kG-1u for seamoby@ietf.org; Tue, 11 May 2004 12:35:06 -0400
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1BNaCl-0003Km-00 for seamoby@ietf.org; Tue, 11 May 2004 12:34:07 -0400
Received: from tokyo.netlab.nec.de ([195.37.70.2] helo=tokyo.ccrle.nec.de) by ietf-mx with esmtp (Exim 4.12) id 1BNaBx-0002Vc-00 for seamoby@ietf.org; Tue, 11 May 2004 12:33:17 -0400
Received: from tokyo.ccrle.nec.de (localhost [127.0.0.1]) by tokyo.ccrle.nec.de (8.12.10/8.12.9) with ESMTP id i4BGWfDW049136 for <seamoby@ietf.org>; Tue, 11 May 2004 18:32:41 +0200 (CEST)
Received: (from defang@localhost) by tokyo.ccrle.nec.de (8.12.10/8.12.8/Submit) id i4BGWahk049132 for <seamoby@ietf.org>; Tue, 11 May 2004 18:32:36 +0200 (CEST)
X-Authentication-Warning: tokyo.ccrle.nec.de: defang set sender to <marco.liebsch@ccrle.nec.de> using -f
Received: from venus.office (venus.office [10.1.1.11]) by pluto.office (8.12.9/8.12.9+MIMEDefang) with ESMTP id i4BGWZDW049130; Tue, 11 May 2004 18:32:36 +0200 (CEST)
Received: from ccrle.nec.de (pluto.office [10.1.1.84]) by venus.office (Postfix on SuSE Linux eMail Server 3.0) with ESMTP id 587AFA11D7; Tue, 11 May 2004 17:32:35 +0200 (CEST)
Message-ID: <40A10023.8030507@ccrle.nec.de>
Date: Tue, 11 May 2004 18:32:35 +0200
From: Marco Liebsch <marco.liebsch@ccrle.nec.de>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040113
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: James Kempf <kempf@docomolabs-usa.com>
Cc: seamoby@ietf.org
Subject: Re: [Seamoby] issue-#48: Use of trusted-anchor sub-option between Access Routers
References: <01db01c432ef$630b8b50$366115ac@dcml.docomolabsusa.com>
In-Reply-To: <01db01c432ef$630b8b50$366115ac@dcml.docomolabsusa.com>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.35
Content-Transfer-Encoding: 7bit
Sender: seamoby-admin@ietf.org
Errors-To: seamoby-admin@ietf.org
X-BeenThere: seamoby@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/seamoby>, <mailto:seamoby-request@ietf.org?subject=unsubscribe>
List-Id: Context Transfer, Handoff Candidate Discovery, and Dormant Mode Host Alerting <seamoby.ietf.org>
List-Post: <mailto:seamoby@ietf.org>
List-Help: <mailto:seamoby-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/seamoby>, <mailto:seamoby-request@ietf.org?subject=subscribe>
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org
X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=no version=2.60
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
Another point: Is the Trusted Anchor always to be sent from a mobile to it current AR in case of certificates are requested? If the current AR and a CAR share the same CA, the chain from the mobile's trusted CA to the ARs' CA should have been validated already in a previous request. Hence, subsequent cert requests do not necessarily require a Trusted Anchor to be sent with the MN-AR CARD Request, right? Here, the flag could serve for the same purpose in the MN-AR CARD Request. Furthermore, do we have to distinguish between a requested certificate of a CAR or a requested cert of a mobile's current AR? Well, I think the current mechanism uses the L2-ID for that. If the L2-ID belongs to an Access Point associated with the current AR, the cert of the current AR will be sent back, otherwise the cert of the CAR will be sent in the reply. Shouldn't we de-couple a cert request from the L2-ID sub-option? What do you think? marco James Kempf wrote: >The issue is that draft 07 requires use of the Trusted Anchor sub-option >between access routers for an AR to request its CAR to send certificates. >Typically an AR would be interested in obtaining certificate chains for all >trusted anchors possessed by the CAR, and since there is no logical >bandwidth limitation on the inter-router interface, there is no reason to >limit the number of certificates transmitted. > >The suggested resolution is to include a flag in the CARD Request header for >the AR to indicate that it wants all the certificate chains. > > jak > > > >_______________________________________________ >Seamoby mailing list >Seamoby@ietf.org >https://www1.ietf.org/mailman/listinfo/seamoby > > _______________________________________________ Seamoby mailing list Seamoby@ietf.org https://www1.ietf.org/mailman/listinfo/seamoby
- [Seamoby] issue-#48: Use of trusted-anchor sub-op… James Kempf
- Re: [Seamoby] issue-#48: Use of trusted-anchor su… Marco Liebsch
- Re: [Seamoby] issue-#48: Use of trusted-anchor su… James Kempf