Re: [Dime] Comments on abstract and section 1 of new version draft-ietf-dime-erp-01

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Dime] Comments on abstract and section 1 of new version draft-ietf-dime-erp-01

Subject: Re: [Dime] Comments on abstract and section 1 of new version draft-ietf-dime-erp-01
From: Sebastien Decugis <sdecugis at nict.go.jp>
Date: Fri, 11 Sep 2009 17:44:34 +0900
Cc: dime at ietf.org
Delivered-to: dime at core3.amsl.com
In-reply-to: <01df01ca3101$7aba52c0$260ca40a at china.huawei.com>
List-archive: <http://www.ietf.org/mail-archive/web/dime>
List-help: <mailto:dime-request@ietf.org?subject=help>
List-id: Diameter Maintanence and Extentions Working Group <dime.ietf.org>
List-post: <mailto:dime@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/dime>, <mailto:dime-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/dime>, <mailto:dime-request@ietf.org?subject=unsubscribe>
Openpgp: id=33D9F61D
References: <01df01ca3101$7aba52c0$260ca40a at china.huawei.com>
User-agent: Thunderbird 2.0.0.23 (Windows/20090812)

Hello Qin,

Thank you for the detailed review. Please find my comments inline. Sorry
for my late answer.


> Abstract
> [Qin]:ERP authenticator and ERP server seems new terminologies, I am
> wondering
> whether we need to define these terminologies in the document?
> Actually as
> described in RFC5296, ER Server relevant to ERP server has already been
> defined, Is it necessary to define the same thing?
You are right, we must use consistent terminology with RFC5296. I will
change "ERP server" to "ER server" and replace "EAP/ERP authenticator"
with "Compatible authenticator". Do you agree with these changes?


> [Qin]: I agree implicit bootstrapping is not Re-authentication. However
> I am wondering whether explicit bootstrapping can still be viewed as
> Re-authentication?
> So whether dividing ERP into two step will cause a little confusion?
Explicit bootstrapping in a kind of special case: the re-authentication
happens between peer and home ER server, and also carries the key
material for the local ER server. Therefore it is a "step 2" for the
home server and "step 1" for the local server. In any case, the home
server must already be bootstrapped -- or collocated with the EAP
server, as we currently assume, and derive the key when it is needed.
But from a process point of view, I believe these two separate steps
still apply to any ERP exchange -- only the timing may be different with
some scenarios. Does this clarify the text?


Sebastien.

-- 
Sebastien Decugis
Research fellow
Network Architecture Group
NICT (nict.go.jp)

Follow-Ups:
- Re: [Dime] Comments on abstract and section 1 of new versiondraft-ietf-dime-erp-01
  - From: Qin Wu

References:
- [Dime] Comments on abstract and section 1 of new version draft-ietf-dime-erp-01
  - From: Qin Wu

Prev by Date: [Dime] Comments on section 3 of new version draft-ietf-dime-erp-01
Next by Date: Re: [Dime] Comments on section 2 of new version draft-ietf-dime-erp-01
Previous by thread: [Dime] Comments on abstract and section 1 of new version draft-ietf-dime-erp-01
Next by thread: Re: [Dime] Comments on abstract and section 1 of new versiondraft-ietf-dime-erp-01
Index(es):
- Date
- Thread

Re: [Dime] Comments on abstract and section 1 of new version draft-ietf-dime-erp-01

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.