Re: [Dime] DiME ERP - Getting the message flows right

To: Hannes Tschofenig <Hannes.Tschofenig at gmx.net>
Subject: Re: [Dime] DiME ERP - Getting the message flows right
From: Sebastien Decugis <sdecugis at nict.go.jp>
Date: Tue, 17 Mar 2009 15:28:05 +0900
Cc: dime at ietf.org, hokey at ietf.org
Delivered-to: dime at core3.amsl.com
In-reply-to: <097701c9a2fe$e070c6d0$0201a8c0 at nsnintra.net>
List-archive: <http://www.ietf.org/mail-archive/web/dime>
List-help: <mailto:dime-request@ietf.org?subject=help>
List-id: Diameter Maintanence and Extentions Working Group <dime.ietf.org>
List-post: <mailto:dime@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/dime>, <mailto:dime-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/dime>, <mailto:dime-request@ietf.org?subject=unsubscribe>
Openpgp: id=33D9F61D
References: <5e2406980903032305k48ad83b7r1015e61c6ed983ae at mail.gmail.com> <020e01c99ca1$3b704150$2fb4b70a at nsnintra.net> <5e2406980903040203i26ab161bs3f221dc4ac03ed7 at mail.gmail.com> <021601c99f18$ee622250$0201a8c0 at nsnintra.net> <5e2406980903100314ycaf2a26mebff07d6e8ad395a at mail.gmail.com> <006b01c9a19e$aa68cf30$ff3a6d90$ at net> <07ce01c9a1a1$5a8daa50$0201a8c0 at nsnintra.net> <024d01c9a2e7$6708e0f0$1b0ca40a at china.huawei.com> <5e2406980903120206h5d80503bw46edbc3388105516 at mail.gmail.com> <04e101c9a2f8$8a871ef0$1b0ca40a at china.huawei.com> <097701c9a2fe$e070c6d0$0201a8c0 at nsnintra.net>
User-agent: Thunderbird 2.0.0.19 (Windows/20081209)

Hi again,

After trying to capture the new mechanism (based on a new application
id) in a document, I have encountered an issue and I am not sure what is
the proper way to solve it.

When the local ER server (aka HOKEY server in the visited domain) needs
to retrieve the rDSRK material (i.e. it was not bootstrapped already)
this material can not be provided directly by the Home ER server,
because of the key hierarchy:

EMSK (in Home EAP server)
|
+- rRK (in Home ERP server)
|
+- DSRK (in Home EAP server or a local server)
    |
   +- rDSRK (in local ERP server)

There are two ways to get this material:
- through the home ERP server (in this case the home ER server receives
visited domain specific keying material, which may not be good)
- directly with an exchange between local ERP server and home EAP server.

This second option would be shown as follow ( exchange (c) ):

>   Diameter EAP +-------------+   Diameter EAP   +-------------+
>                |             |                  |             |
>  <------------>| Local       |<---------------->| Home        |
>                | Diameter    |                  | Diameter    |
>                | EAP Proxy   |                  | EAP Server  |
>                |             |            ----->|             |
>                +-------------+           /      +-------------+
>                       ^                 /              ^
>                    (a)| proprietary   (c)  proprietary |(b)
>                       v               /                v
>                +-------------+ <-----/          +-------------+
>   Diameter ERP |             |                  |             |
>                | Local       |    Diameter ERP  |  Home       |
>  <------------>| Diameter    |<---------------->|  Diameter   |
>                | ERP Server  |                  |  ERP Server |
>                |             |                  |             |
>                +-------------+                  +-------------+
>   

Note that the exchange (b) is needed anyway for the case when the peer
is in its home domain.


Does anybody have some comments on this?

Thank you,
Sebastien.


-- 
Sebastien Decugis
Research fellow
Network Architecture Group
NICT (nict.go.jp)

Follow-Ups:
- Re: [Dime] DiME ERP - Getting the message flows right
  - From: Tschofenig, Hannes (NSN - FI/Espoo)
- Re: [Dime] DiME ERP - Getting the message flows right
  - From: Sebastien Decugis

References:
- [Dime] DiME ERP: new Application ID or not ? (non-roaming case)
  - From: Julien Bournelle
- Re: [Dime] DiME ERP: new Application ID or not ? (non-roaming case)
  - From: Hannes Tschofenig
- Re: [Dime] DiME ERP: new Application ID or not ? (non-roaming case)
  - From: Julien Bournelle
- Re: [Dime] DiME ERP: new Application ID or not ? (non-roaming case)
  - From: Hannes Tschofenig
- Re: [Dime] DiME ERP: new Application ID or not ? (non-roaming case)
  - From: Julien Bournelle
- Re: [Dime] DiME ERP: new Application ID or not ? (non-roaming case)
  - From: Glen Zorn
- Re: [Dime] [HOKEY] DiME ERP: new Application ID or not ?(non-roaming case)
  - From: Hannes Tschofenig
- Re: [Dime] [HOKEY] DiME ERP: new Application ID or not ?(non-roaming case)
  - From: Qin Wu
- Re: [Dime] [HOKEY] DiME ERP: new Application ID or not ?(non-roaming case)
  - From: Julien Bournelle
- Re: [Dime] [HOKEY] DiME ERP: new Application ID or not ?(non-roamingcase)
  - From: Qin Wu
- [Dime] DiME ERP - Getting the message flows right
  - From: Hannes Tschofenig

Prev by Date: Re: [Dime] [HOKEY] DiME ERP: new Application ID or not ?(non-roaming case)
Next by Date: [Dime] draft-ietf-dime-erp
Previous by thread: Re: [Dime] DiME ERP - Getting the message flows right
Next by thread: Re: [Dime] DiME ERP - Getting the message flows right
Index(es):
- Date
- Thread

Re: [Dime] DiME ERP - Getting the message flows right

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.