Re: [Dime] Comments on section 3 of new version draft-ietf-dime-erp-01

To: dime at ietf.org
Subject: Re: [Dime] Comments on section 3 of new version draft-ietf-dime-erp-01
From: Sebastien Decugis <sdecugis at nict.go.jp>
Date: Mon, 14 Sep 2009 13:47:01 +0900
Delivered-to: dime at core3.amsl.com
In-reply-to: <00ae01ca34e6$74e3a980$260ca40a at china.huawei.com>
List-archive: <http://www.ietf.org/mail-archive/web/dime>
List-help: <mailto:dime-request@ietf.org?subject=help>
List-id: Diameter Maintanence and Extentions Working Group <dime.ietf.org>
List-post: <mailto:dime@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/dime>, <mailto:dime-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/dime>, <mailto:dime-request@ietf.org?subject=unsubscribe>
Openpgp: id=33D9F61D
References: <01e701ca3101$93daaa70$260ca40a at china.huawei.com> <4AAA14A8.20101 at nict.go.jp> <00ae01ca34e6$74e3a980$260ca40a at china.huawei.com>
User-agent: Thunderbird 2.0.0.23 (Windows/20090812)

Hi, again :)

> [Qin]: Since DSRK is calculated based the Domain name, given home domain name
> in the home domain I am wondering whether we can derive home domain specific DSRK
> based on the home domain name?
>   
It would seem quite logical, but the RFC5295/5296 currently specify a
different mechanism for the home domain (rRK)... So no, currently we
cannot do that unfortunately.

> [Qin]: Okay, I agree with your explainnation. However I have two followup comments as follows:
> 1. The home EAP server that uses ERP is the home ER server or not?
>   
Can you define the "home ER server" in the context of your question? We
don't use this in the document, I think this terminology is too vague,
sorry...
> 2. Who actually authorize the use of ERP, home EAP server or home ER server?
>   
The home EAP server when it derives the DSRK from the EMSK, and provide
it to a foreign ER server.

> [Qin]: I agree, without this assumption, it seems ERP exchange and EAP 
> Re-authentication operations on the peer, authenticator and server will
> be complicated.
> I wonder what do you think of the case where the home realm contains several
>  EAP servers described in the "open issues"section? Isn't it the same thing?
>   
Unfortunately, the architecture for EAP is already defined, so we cannot
change it, and it has different assumptions (which are justified because
each EAP server may support a different set of EAP methods). So, we have
to deal with it, as described in the open issues...

BR
Sebastien.

-- 
Sebastien Decugis
Research fellow
Network Architecture Group
NICT (nict.go.jp)

Follow-Ups:
- Re: [Dime] Comments on section 3 of new version draft-ietf-dime-erp-01
  - From: Qin Wu

References:
- [Dime] Comments on section 3 of new version draft-ietf-dime-erp-01
  - From: Qin Wu
- Re: [Dime] Comments on section 3 of new version draft-ietf-dime-erp-01
  - From: Sebastien Decugis
- Re: [Dime] Comments on section 3 of new version draft-ietf-dime-erp-01
  - From: Qin Wu

Prev by Date: Re: [Dime] Comments on section 2 of new version draft-ietf-dime-erp-01
Next by Date: Re: [Dime] Comments on abstract and section 1 of newversiondraft-ietf-dime-erp-01
Previous by thread: Re: [Dime] Comments on section 3 of new version draft-ietf-dime-erp-01
Next by thread: Re: [Dime] Comments on section 3 of new version draft-ietf-dime-erp-01
Index(es):
- Date
- Thread

Re: [Dime] Comments on section 3 of new version draft-ietf-dime-erp-01

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.