Re: [Dime] DiME ERP - Getting the message flows right

To: "ext Sebastien Decugis" <sdecugis at nict.go.jp>, "Hannes Tschofenig" <Hannes.Tschofenig at gmx.net>
Subject: Re: [Dime] DiME ERP - Getting the message flows right
From: "Tschofenig, Hannes (NSN - FI/Espoo)" <hannes.tschofenig at nsn.com>
Date: Tue, 17 Mar 2009 10:37:21 +0200
Cc: dime at ietf.org, hokey at ietf.org
Delivered-to: dime at core3.amsl.com
In-reply-to: <49BF42F5.9030006 at nict.go.jp>
List-archive: <http://www.ietf.org/mail-archive/web/dime>
List-help: <mailto:dime-request@ietf.org?subject=help>
List-id: Diameter Maintanence and Extentions Working Group <dime.ietf.org>
List-post: <mailto:dime@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/dime>, <mailto:dime-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/dime>, <mailto:dime-request@ietf.org?subject=unsubscribe>
References: <5e2406980903032305k48ad83b7r1015e61c6ed983ae at mail.gmail.com> <020e01c99ca1$3b704150$2fb4b70a at nsnintra.net> <5e2406980903040203i26ab161bs3f221dc4ac03ed7 at mail.gmail.com> <021601c99f18$ee622250$0201a8c0 at nsnintra.net> <5e2406980903100314ycaf2a26mebff07d6e8ad395a at mail.gmail.com> <006b01c9a19e$aa68cf30$ff3a6d90$ at net> <07ce01c9a1a1$5a8daa50$0201a8c0 at nsnintra.net> <024d01c9a2e7$6708e0f0$1b0ca40a at china.huawei.com> <5e2406980903120206h5d80503bw46edbc3388105516 at mail.gmail.com> <04e101c9a2f8$8a871ef0$1b0ca40a at china.huawei.com><097701c9a2fe$e070c6d0$0201a8c0 at nsnintra.net> <49BF42F5.9030006 at nict.go.jp>
Thread-index: AcmmyiSTJdwXMOiwQ1aeE8jqAAijbwAEVRcg
Thread-topic: [Dime] DiME ERP - Getting the message flows right

Hmmm. Interesting. 

From your description I would go for a direct exchange between local ERP
server and home EAP server. 


>-----Original Message-----
>From: dime-bounces at ietf.org [mailto:dime-bounces at ietf.org] On 
>Behalf Of ext Sebastien Decugis
>Sent: 17 March, 2009 08:28
>To: Hannes Tschofenig
>Cc: dime at ietf.org; hokey at ietf.org
>Subject: Re: [Dime] DiME ERP - Getting the message flows right
>
>Hi again,
>
>After trying to capture the new mechanism (based on a new application
>id) in a document, I have encountered an issue and I am not 
>sure what is the proper way to solve it.
>
>When the local ER server (aka HOKEY server in the visited 
>domain) needs to retrieve the rDSRK material (i.e. it was not 
>bootstrapped already) this material can not be provided 
>directly by the Home ER server, because of the key hierarchy:
>
>EMSK (in Home EAP server)
>|
>+- rRK (in Home ERP server)
>|
>+- DSRK (in Home EAP server or a local server)
>    |
>   +- rDSRK (in local ERP server)
>
>There are two ways to get this material:
>- through the home ERP server (in this case the home ER server 
>receives visited domain specific keying material, which may 
>not be good)
>- directly with an exchange between local ERP server and home 
>EAP server.
>
>This second option would be shown as follow ( exchange (c) ):
>
>>   Diameter EAP +-------------+   Diameter EAP   +-------------+
>>                |             |                  |             |
>>  <------------>| Local       |<---------------->| Home        |
>>                | Diameter    |                  | Diameter    |
>>                | EAP Proxy   |                  | EAP Server  |
>>                |             |            ----->|             |
>>                +-------------+           /      +-------------+
>>                       ^                 /              ^
>>                    (a)| proprietary   (c)  proprietary |(b)
>>                       v               /                v
>>                +-------------+ <-----/          +-------------+
>>   Diameter ERP |             |                  |             |
>>                | Local       |    Diameter ERP  |  Home       |
>>  <------------>| Diameter    |<---------------->|  Diameter   |
>>                | ERP Server  |                  |  ERP Server |
>>                |             |                  |             |
>>                +-------------+                  +-------------+
>>   
>
>Note that the exchange (b) is needed anyway for the case when 
>the peer is in its home domain.
>
>
>Does anybody have some comments on this?
>
>Thank you,
>Sebastien.
>
>
>--
>Sebastien Decugis
>Research fellow
>Network Architecture Group
>NICT (nict.go.jp)
>
>_______________________________________________
>DiME mailing list
>DiME at ietf.org
>https://www.ietf.org/mailman/listinfo/dime
>

References:
- [Dime] DiME ERP: new Application ID or not ? (non-roaming case)
  - From: Julien Bournelle
- Re: [Dime] DiME ERP: new Application ID or not ? (non-roaming case)
  - From: Hannes Tschofenig
- Re: [Dime] DiME ERP: new Application ID or not ? (non-roaming case)
  - From: Julien Bournelle
- Re: [Dime] DiME ERP: new Application ID or not ? (non-roaming case)
  - From: Hannes Tschofenig
- Re: [Dime] DiME ERP: new Application ID or not ? (non-roaming case)
  - From: Julien Bournelle
- Re: [Dime] DiME ERP: new Application ID or not ? (non-roaming case)
  - From: Glen Zorn
- Re: [Dime] [HOKEY] DiME ERP: new Application ID or not ?(non-roaming case)
  - From: Hannes Tschofenig
- Re: [Dime] [HOKEY] DiME ERP: new Application ID or not ?(non-roaming case)
  - From: Qin Wu
- Re: [Dime] [HOKEY] DiME ERP: new Application ID or not ?(non-roaming case)
  - From: Julien Bournelle
- Re: [Dime] [HOKEY] DiME ERP: new Application ID or not ?(non-roamingcase)
  - From: Qin Wu
- [Dime] DiME ERP - Getting the message flows right
  - From: Hannes Tschofenig
- Re: [Dime] DiME ERP - Getting the message flows right
  - From: Sebastien Decugis

Prev by Date: Re: [Dime] DiME ERP - Getting the message flows right
Next by Date: [Dime] FW: RFC 5431 on Diameter ITU-T Rw Policy Enforcement Interface Application
Previous by thread: Re: [Dime] DiME ERP - Getting the message flows right
Next by thread: [Dime] FW: Evaluation: draft-jones-dime-3gpp-eps-command-codes-01.txt to Informational RFC
Index(es):
- Date
- Thread

Re: [Dime] DiME ERP - Getting the message flows right

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.