Re: PPAC needed? (was RE: [Pana] Other suggestions for pana-pana)

To: Yoshihiro Ohba <yohba at tari.toshiba.com>
Subject: Re: PPAC needed? (was RE: [Pana] Other suggestions for pana-pana)
From: Mark Townsley <townsley at cisco.com>
Date: Sun, 08 Oct 2006 10:43:10 +0200
Authentication-results: rtp-dkim-1.cisco.com; header.From=townsley@cisco.com; dkim=pass ( sig from cisco.com verified; );
Cc: 'Mohan Parthasarathy' <mohanp at sbcglobal.net>, pana at ietf.org
Dkim-signature: a=rsa-sha1; q=dns; l=2173; t=1160296992; x=1161160992; c=relaxed/simple; s=rtpdkim1001; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=townsley@cisco.com; z=From:Mark=20Townsley=20<townsley@cisco.com> |Subject:Re=3A=20PPAC=20needed?=20(was=20RE=3A=20[Pana]=20Other=20suggestions=20f or=20pana-pana) |To:Yoshihiro=20Ohba=20<yohba@tari.toshiba.com>; X=v=3Dcisco.com=3B=20h=3DutPhkxxx38ISv2PMh8oqW4cjSV0=3D; b=bnKVDIRyc+ZeRYuBmg3sAXjIitQTIzXSO30EbPmsq+5GGwvlMv38TcKx6N00dvN6CL8K231z A/rvbieYVab8QS00NLBzuModTuU9EoO88Oc+FhqC1uo8ZunwWpgpIIIX;
In-reply-to: <20061008034042.GB17806@steelhead>
List-help: <mailto:pana-request@ietf.org?subject=help>
List-id: Protocol for carrying Authentication for Network Access <pana.ietf.org>
List-post: <mailto:pana@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/pana>, <mailto:pana-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/pana>, <mailto:pana-request@ietf.org?subject=unsubscribe>
References: <20061006205921.63284.qmail@web80608.mail.yahoo.com> <0MKp2t-1GWKH92UQ0-0000mX@mrelay.perfora.net> <20061008034042.GB17806@steelhead>
User-agent: Thunderbird 1.5.0.7 (Macintosh/20060909)

Yoshihiro Ohba wrote:
> Alper,
>
> I think Mohan is proposing that the access network that uses PANA is
> expected to be designed such that PaC does not require to change its
> IP address used for PANA communication before and after PANA
>   
That would be dramatically simpler.
> authentication (PaC may acquire additional IP addresses after
> successful PANA authentication, though).
>   
Couldn't the PAA signal DHCP to terminate the lease and offer a new IP
address in this case? Why can't the PaC be passive here?

- Mark
> Yoshihiro Ohba
>
>
> On Sun, Oct 08, 2006 at 01:04:03AM +0300, Alper Yegin wrote:
>   
>>> If the initial address (PRPA) is not a link-local address, then you can
>>> use it both before and after PANA. Either it is a private address that
>>> gets NATed or a public address. If the underlying
>>> protection (e.g. IPsec) needs another address, it may have to get another
>>> address which PANA does not have to worry about it i guess.
>>> Missing something ?
>>>       
>> You only talked about the IPsec case.
>>
>> But for example in DSL case, the PaC cannot know whether the PRPA is good
>> for post-PANA data communication or not. Unless the PRPA is a link-local
>> address, the PaC cannot tell one way or the other. And there is no IKE/IPsec
>> in that case.
>>
>> Alper
>>
>>
>>
>>
>>     
>>> -mohan
>>>
>>>
>>> ----- Original Message ----
>>> From: Alper Yegin <alper.yegin at yegin.org>
>>> To: Mohan Parthasarathy <mohanp at sbcglobal.net>; Yoshihiro Ohba
>>> <yohba at tari.toshiba.com>; Mark Townsley <townsley at cisco.com>
>>> Cc: pana at ietf.org
>>> Sent: Friday, October 6, 2006 1:19:37 PM
>>> Subject: RE: PPAC needed? (was RE: [Pana] Other suggestions for pana-pana)
>>>
>>> Mohan,
>>>
>>>       
>>>> So,
>>>> we can
>>>> potentially make it by restricting what sort of an address it obtains
>>>> before running
>>>> PANA so that it does not require a new one after (it can be outside the
>>>> PANA spec)
>>>>         
>>> I'm not sure I understand this proposal. Can you please elaborate?
>>>
>>> Thanks.
>>>
>>> Alper
>>>
>>>
>>>
>>>
>>>       
>>
>>     
>
>   

_______________________________________________
Pana mailing list
Pana at ietf.org
https://www1.ietf.org/mailman/listinfo/pana

Follow-Ups:
- RE: PPAC needed? (was RE: [Pana] Other suggestions for pana-pana)
  - From: Alper Yegin

References:
- Re: PPAC needed? (was RE: [Pana] Other suggestions for pana-pana)
  - From: Mohan Parthasarathy
- RE: PPAC needed? (was RE: [Pana] Other suggestions for pana-pana)
  - From: Alper Yegin
- Re: PPAC needed? (was RE: [Pana] Other suggestions for pana-pana)
  - From: Yoshihiro Ohba

Prev by Date: Re: Global Session-id (was RE: [Pana] Other suggestions for pana-pana)
Next by Date: RE: PPAC needed? (was RE: [Pana] Other suggestions for pana-pana)
Previous by thread: Re: PPAC needed? (was RE: [Pana] Other suggestions for pana-pana)
Next by thread: RE: PPAC needed? (was RE: [Pana] Other suggestions for pana-pana)
Index(es):
- Date
- Thread

Re: PPAC needed? (was RE: [Pana] Other suggestions for pana-pana)

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.