Re: [Dime] Comments on section 2 of new version draft-ietf-dime-erp-01

[Qin Wu <sunseawq at huawei.com>]

Hi, Sebastien:
----- Original Message ----- 
From: "Sebastien Decugis" <sdecugis at nict.go.jp>
Cc: <dime at ietf.org>
Sent: Friday, September 11, 2009 4:51 PM
Subject: Re: [Dime] Comments on section 2 of new version draft-ietf-dime-erp-01


> Hi again, comments inline...
> 
> 
>> We note in this document ERP/DER a Diameter-EAP-Request command with
>> the Application Id set to Diameter ERP application. On the same
>> model, we use ERP/DEA, EAP/DER and EAP/DEA.
>>
>> [Qin]: what does the same model mean? how about saying:
>> "
>> We note in this document ERP/DER *refer to* a Diameter-EAP-Request
>> Command with the
>> Application Id set to Diameter ERP application. *Similarly*, we use
>> ERP/DEA, EAP/DER
>> and EAP/DEA
>> "
> Agreed, my phrasing was quite bad :D I will change it to something
> better, such as what you are suggesting. Thank you for catching this.
> 
>> [Qin] I am wondering how EAP/DER and ERP/DER can be used in the same
>> one roundtrip exhange
>> between the authenticator, ER server and home EAP server. In my
>> understanding, when to use ERP/DER
>> and when to use EAP/DER depends on the deployment scenario and
>> bootstrapping mode. e.g., in implicit
>> bootstrapping mode, we use EAP/DER, in explicit bootstraping mode, we
>> use ERP/DER?
> This is explained in the explicit mechanism description later in the
> document... Basically the local ER server proxies the request and
> changes its application Id, so ERP/DER becomes EAP/DER.

[Qin]:
If only the local server support ERP, I think it is necessary for local ER server to change
its application ID from ERP to EAP.
However If the local server and home server both support ERP, I don't think 
it is necessary for local ER server to change its application ID from ERP to EAP, 
am I right?

>> another example when home EAP server does not support ERP
> In that case, the ER server cannot obtain the root key required for ERP
> function...
[Qin]: In the Implicit Bootstrapping, the local ER server can obtain the root key 
from the home EAP server through local AAA agent or proxy.You can check
the following errata report in the hokey ML:
http://www.ietf.org/mail-archive/web/hokey/current/msg01662.html 
In this scenario, the local ER can fetch root key from the local AAA agent or
the local AAA agent can manually install root key on the local ER, am I right?

>> and ER server support EAP, in this case,
>> EAP/DER and EAP/DEA can be used between ER server with EAP proxy
>> function support and home EAP server.
>> Am I right?
> I don't really understand what you are implying here, sorry. Can you
> clarify?

[Qin]: Sorry for your misunderstanding. I just want to figure out in which scenario EAP/DER
and EAP/DEA will be used? 
In my understanding, If the home server does not support ERP, the local ER server collocated with
the local AAA agent, we can use EAP/DER and EAP/DEA, in this sense, we need to change application ID from
EAP to ERP, as you mentioned above.

> Sebastien.
> 
> -- 
> Sebastien Decugis
> Research fellow
> Network Architecture Group
> NICT (nict.go.jp)
> 
> _______________________________________________
> DiME mailing list
> DiME at ietf.org
> https://www.ietf.org/mailman/listinfo/dime