Re: [Dime] Session-ID in draft-sdecugis-dime-diameter-erp-01

[Behcet Sarikaya <behcetsarikaya at yahoo.com>]

Hi all,
  ERP is executed after a full EAP authentication which uses one of the EAP methods. I don't think in that sense ERP is EAP method indepedent.
I think that Session-Id here refers to the EAP method generated Session-ID. RFC 5247 requires each EAP method to export a Session-ID. Most EAP methods have defined their way of generating Session-Ids.

Regards,

Behcet



----- Original Message ----
> From: Qin Wu <sunseawq at huawei.com>
> To: Sebastien Decugis <sdecugis at nict.go.jp>
> Cc: Behcet Sarikaya <sarikaya at ieee.org>; dime at ietf.org
> Sent: Tuesday, June 30, 2009 1:15:31 AM
> Subject: Re: [Dime] Session-ID in draft-sdecugis-dime-diameter-erp-01
> 
> Hi, Sebastien:
> 
> ----- Original Message ----- 
> From: "Sebastien Decugis" 
> To: "Qin Wu" 
> Cc: "Behcet Sarikaya" ; 
> Sent: Tuesday, June 30, 2009 10:34 AM
> Subject: Re: [Dime] Session-ID in draft-sdecugis-dime-diameter-erp-01
> 
> 
> > Hi Qin,
> > 
> >> I think Session-Id described in RFC5247 is applicable for EAP Session and 
> used between EAP peer and EAP server. Mobile device can be one example of EAP 
> peer. The Session-Id you mentioned is access authentication session and used 
> between AAA client and AAA server. I wonder whether they are the same thing.
> >> What am I missing?
> >>  
> > No, in my opinion these are two different concepts. For example, even
> > when EAP is not used, a Session-Id AVP is created in Diameter.
> 
> [Qin]: I agree,  In that sense, we need to define a generic session-Id in ERP 
> which is used between Diameter Client and Server, am I right?
> 
> >> In my opinion, each EAP authentication has a unique session-Id in relation to 
> the EAP method used, the Session-Id can be created by the EAP peer or EAP 
> server. Am I right?
> >>  
> > I was not aware that EAP methods also created a Session Id (or is it the
> > EMSK KeyName?). Anyway, AFAIK, usually Diameter Session-Id AVP are
> > created based on the User-Name, itself acquired from EAP Identity
> > Request/Response (in case of EAP authentication). This exchange is not
> > performed in the case of ERP (after a handover to a new NAS), so we
> > really need to define what the (Diameter) Session-Id AVP will be in this
> > case, and how it is created/retrieved. Session-Id AVP is mandatory in
> > most Diameter messages. That is what I tried to highlight in the draft.
> > I was not referring to the EAP Session Id, there.
> > 
> > I hope this clarifies,
> 
> [Qin]: Since ERP is method indpendent mechanism, In my opinion, we don't need to 
> consider Session Id created by method, right?
> Session Id created by method consist of Nonce or Rand which are used to generate 
> key materials,e.g.,EMSK.
> As regarding Diameter Session-Id, I have no objection to add it in ERP, However 
> I am not quite sure why we need to define such Session-Id?
> One obvious reason occured to me is used for accounting, am I right? is there 
> any other reason?
> 
> > Best regards,
> > Sebastien.
> > 
> > -- 
> > Sebastien Decugis
> > Research fellow
> > Network Architecture Group
> > NICT (nict.go.jp)
> >