RE: IETF Last Call on Walled Garden Standard for the Internet
"Narayanan, Vidya" <vidyan@qualcomm.com> Mon, 17 March 2008 22:55 UTC
Return-Path: <ietf-bounces@ietf.org>
X-Original-To: ietfarch-ietf-archive@core3.amsl.com
Delivered-To: ietfarch-ietf-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3B2E528C426; Mon, 17 Mar 2008 15:55:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100.707
X-Spam-Level:
X-Spam-Status: No, score=-100.707 tagged_above=-999 required=5 tests=[AWL=-0.270, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, RDNS_NONE=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FKtk9o7MyLK1; Mon, 17 Mar 2008 15:55:53 -0700 (PDT)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 322C528C232; Mon, 17 Mar 2008 15:55:53 -0700 (PDT)
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 650BC28C232 for <ietf@core3.amsl.com>; Mon, 17 Mar 2008 15:55:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YjeYd2kN8agx for <ietf@core3.amsl.com>; Mon, 17 Mar 2008 15:55:50 -0700 (PDT)
Received: from wolverine02.qualcomm.com (wolverine02.qualcomm.com [199.106.114.251]) by core3.amsl.com (Postfix) with ESMTP id 5AB1C28C1F6 for <ietf@ietf.org>; Mon, 17 Mar 2008 15:55:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=qualcomm.com; i=vidyan@qualcomm.com; q=dns/txt; s=qcdkim; t=1205794414; x=1237330414; h=x-mimeole:content-class:mime-version:content-type: content-transfer-encoding:subject:date:message-id: in-reply-to:x-ms-has-attach:x-ms-tnef-correlator: thread-topic:thread-index:references:from:to:cc: x-originalarrivaltime:x-ironport-av; z=X-MimeOLE:=20Produced=20By=20Microsoft=20Exchange=20V6.5 |Content-class:=20urn:content-classes:message |MIME-Version:=201.0|Content-Type:=20text/plain=3B=0D=0A =09charset=3D"us-ascii"|Content-Transfer-Encoding:=20quot ed-printable|Subject:=20RE:=20IETF=20Last=20Call=20on=20W alled=20Garden=20Standard=20for=20the=20Internet|Date:=20 Mon,=2017=20Mar=202008=2015:53:33=20-0700|Message-ID:=20< C24CB51D5AA800449982D9BCB90325130142DA68@NAEX13.na.qualco mm.com>|In-Reply-To:=20<47DD9C35.9010805@gmail.com> |X-MS-Has-Attach:=20|X-MS-TNEF-Correlator:=20 |Thread-Topic:=20IETF=20Last=20Call=20on=20Walled=20Garde n=20Standard=20for=20the=20Internet|Thread-Index:=20AciHs 3/UbBuzVObXS2CxAufxkJ0gXgAyTJpQ|References:=20<Pine.LNX.4 .64.0803131624010.2965@internaut.com>=09<1696498986EFEC4D 9153717DA325CB721C416F@vaebe104.NOE.Nokia.com><47DA95AD.5 020709@qualcomm.com>=20<47DD9C35.9010805@gmail.com>|From: =20"Narayanan,=20Vidya"=20<vidyan@qualcomm.com>|To:=20<ie tf@ietf.org>|Cc:=20<aboba@internaut.com> |X-OriginalArrivalTime:=2017=20Mar=202008=2022:53:32.0466 =20(UTC)=20FILETIME=3D[B9841920:01C88881]|X-IronPort-AV: =20E=3DMcAfee=3Bi=3D"5200,2160,5253"=3B=20a=3D"1148944"; bh=luFdi4aZ069kXOJ21Z/QqUOzpNIJg+TN7KXlU+6yDr8=; b=aRs2tnL4KBm98lN21h5vPX9oKf/8fkYTW9tdzdbTsxH5gsppTOhSIxf+ Ys/P3aTgElYzwdIHDT3/cCotl7y1CwcBKB4KbYTQ5JJNS8M1023mxjK0F tZd0Zd7mKFEizOW+5qqTHITVMXmnK69G0SF9rxDOA5sZSOzGiiGgCl0Ck w=;
X-IronPort-AV: E=McAfee;i="5200,2160,5253"; a="1148944"
Received: from pdmz-ns-mip.qualcomm.com (HELO numenor.qualcomm.com) ([199.106.114.10]) by wolverine02.qualcomm.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 17 Mar 2008 15:53:33 -0700
Received: from msgtransport02.qualcomm.com (msgtransport02.qualcomm.com [129.46.61.151]) by numenor.qualcomm.com (8.14.2/8.14.2/1.0) with ESMTP id m2HMrXe6002302 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Mon, 17 Mar 2008 15:53:33 -0700
Received: from SANEXCAS03.na.qualcomm.com (sanexcas03.qualcomm.com [172.30.32.65]) by msgtransport02.qualcomm.com (8.14.2/8.14.2/1.0) with ESMTP id m2HMrW6s031902; Mon, 17 Mar 2008 15:53:32 -0700
Received: from NAEX13.na.qualcomm.com ([129.46.51.249]) by SANEXCAS03.na.qualcomm.com with Microsoft SMTPSVC(6.0.3790.3959); Mon, 17 Mar 2008 15:53:32 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Subject: RE: IETF Last Call on Walled Garden Standard for the Internet
Date: Mon, 17 Mar 2008 15:53:33 -0700
Message-ID: <C24CB51D5AA800449982D9BCB90325130142DA68@NAEX13.na.qualcomm.com>
In-Reply-To: <47DD9C35.9010805@gmail.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: IETF Last Call on Walled Garden Standard for the Internet
Thread-Index: AciHs3/UbBuzVObXS2CxAufxkJ0gXgAyTJpQ
References: <Pine.LNX.4.64.0803131624010.2965@internaut.com> <1696498986EFEC4D9153717DA325CB721C416F@vaebe104.NOE.Nokia.com><47DA95AD.5020709@qualcomm.com> <47DD9C35.9010805@gmail.com>
From: "Narayanan, Vidya" <vidyan@qualcomm.com>
To: ietf@ietf.org
X-OriginalArrivalTime: 17 Mar 2008 22:53:32.0466 (UTC) FILETIME=[B9841920:01C88881]
Cc: aboba@internaut.com
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: ietf-bounces@ietf.org
Errors-To: ietf-bounces@ietf.org
As much fun as I've had in catching up with this thread, I'd like to remind all of us that we, at the IETF, do not dictate the way systems get built in the real world. There are SDOs that have gone ahead and defined their own hierarchies out of the MSK and EMSK for various usages at higher layers. And, I use the term "usage" here, since "application" seems unclear in terms of layering - for the purposes of this document, "application" refers to anything that may be able to use EAP keying material and not literally Layer 7. Having said that, I find it interesting that some people here find it okay for Mobile IP to use EAP keying material, but not other applications. I have to deduce that this is because the term "applications" to many of us reminds us of real applications, rather than applications of the keying material. I don't see why the argument that using EAP-based keying material for applications would hinder them running over non-EAP capable interfaces would not apply to Mobile IP. Mobile IP is as much decoupled from a specific interface as any application is - so, does that mean it is okay to not be able to provide mobility across non-EAP capable interfaces using Mobile IP? That would certainly defeat the purpose of the protocol! Not to say that Mobile IP is THE solution to mobility, but let's save that discussion for another day. All said and done, here is what it boils down to - any application of EAP keying material to other services (using the term here to include things ranging from handoffs to mobility to L7 applications) is only feasible when those services are provided either by or through the provider handling network access. It is also only feasible when those services are only running over EAP-capable interfaces (well, without horrible abominations, anyway). So, if a network access provider requiring EAP is rolling out applications, I don't see a good reason why the application cannot use keys coming out of the EMSK. Our role at the IETF should be in defining the applicability of using such key material such that readers understand that this does not work when the application provider is independent of the network access provider or when the application runs over interfaces that do not do EAP. And, I believe our role ends there. Jari wrote "Tighten up the language in the hokey spec to not allow application keying, and we're done" and I don't believe we are. We can do that and just sit back and watch non-compliant key hierarchies propping up everywhere (and worry about interoperating with those when we write our next spec) or do the responsible thing, which would be to clearly define the applicability, along with providing an interoperable means of defining the key hierarchy for those usages that want to/can use it. Vidya _______________________________________________ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf
- Re: IETF Last Call on Walled Garden Standard for … Bernard Aboba
- Re: IETF Last Call on Walled Garden Standard for … Fred Baker
- Re: IETF Last Call on Walled Garden Standard for … Jari Arkko
- Re: IETF Last Call on Walled Garden Standard for … Bernard Aboba
- Re: IETF Last Call on Walled Garden Standard for … Hallam-Baker, Phillip
- RE: IETF Last Call on Walled Garden Standard for … Avi Lior
- RE: IETF Last Call on Walled Garden Standard for … Avi Lior
- EAP applicability (Was: Re: IETF Last Call on Wal… Jari Arkko
- RE: EAP applicability (Was: Re: IETF Last Call on… Avi Lior
- Re: EAP applicability (Was: Re: IETF Last Call on… Lakshminath Dondeti
- RE: IETF Last Call on Walled Garden Standard for … Pasi.Eronen
- Re: EAP applicability (Was: Re: IETF Last Call on… Theodore Tso
- Re: EAP applicability (Was: Re: IETF Last Call on… Jari Arkko
- Re: IETF Last Call on Walled Garden Standard for … Lakshminath Dondeti
- Re: IETF Last Call on Walled Garden Standard for … Brian E Carpenter
- Re: EAP applicability (Was: Re: IETF Last Call on… Dan Harkins
- RE: IETF Last Call on Walled Garden Standard for … Narayanan, Vidya
- Re: EAP applicability (Was: Re: IETF Last Call on… Bernard Aboba
- Re: IETF Last Call on Walled Garden Standard for … Harald Tveit Alvestrand
- Re: IETF Last Call on Walled Garden Standard for … Lakshminath Dondeti
- RE: IETF Last Call on Walled Garden Standard for … Narayanan, Vidya
- RE: IETF Last Call on Walled Garden Standard for … Avi Lior
- RE: IETF Last Call on Walled Garden Standard for … Avi Lior
- RE: IETF Last Call on Walled Garden Standard for … Avi Lior
- RE: IETF Last Call on Walled Garden Standard for … Dan Harkins
- Re: IETF Last Call on Walled Garden Standard for … Yoshihiro Ohba
- EMSK key hierarchy and the DSRK Dan Harkins
- Re: EMSK key hierarchy and the DSRK Lakshminath Dondeti
- Re: EMSK key hierarchy and the DSRK Dan Harkins
- RE: EAP applicability (Was: Re: IETF Last Call on… Avi Lior
- RE: EAP applicability (Was: Re: IETF Last Call on… Dan Harkins
- RE: EAP applicability (Was: Re: IETF Last Call on… Avi Lior
- Re: [HOKEY] EMSK key hierarchy and the DSRK Yoshihiro Ohba
- RE: IETF Last Call on Walled Garden Standard for … Pasi.Eronen
- Re: IETF Last Call on Walled Garden Standard for … Yoshihiro Ohba
- RE: IETF Last Call on Walled Garden Standard for … Pasi.Eronen
- RE: IETF Last Call on Walled Garden Standard for … Avi Lior