RE: [Pana] AD review resolutions

["Alper Yegin" <alper.yegin at yegin.org>]

Backtracking the details of the issue:

------------8<----------

> >    It is possible that both the PAA and the PaC initiate the handshake
> >    procedure at the same time, i.e., the PAA sends a PANA-Start-Request
> >    message while the PaC sends a PANA-Client-Initiation message.  To
> >    resolve the race condition, the PAA SHOULD silently discard the
> >    PANA-Client-Initiation message received from the PaC after it has
> >    sent a PANA-Start-Request message.
> >
> What do you use to identify that the messages came from a "known" PAA 
> or PaC? Source IP address? Something in the PANA payload? EAP payload? 
> You need to be specific.

It's the IP address and port number of the peer. We shall state that.

-------------->8------------

So, apparently we were talking about the PCI and PSR crossing each other.
And the question boils down to "How can the PAA know that the PCI was sent
from the same PaC that PAA sent an unsolicited PSR to?" 

For that case, we cannot rely on Session-ID, as the PCI does not have one. 

We have to rely on the IP address. Now that I'm thinking, UDP port does not
help either, as the source port of PCI is an ephemeral port, whereas the
destination port of the PSR is the PANA port. 

...

Aside from identifying the source of the PCI, PAA can always rely on the
PANA Session-ID to identify the PaC. And PaC can rely on the PANA Session-ID
and the PAA IP address to identify the PAA. The asymmetry between the two
end points is due to the fact that the session-ID is assigned by the PAA. In
case PaC is talking to two different PAAs (e.g., on two different
interfaces), coincidentally both PAAs could have assigned the same
Session-ID and therefore the PAA IP address is also needed for positive
identification. 

Alper











> -----Original Message-----
> From: Mark Townsley [mailto:townsley at cisco.com]
> Sent: Wednesday, March 07, 2007 6:13 PM
> To: Yoshihiro Ohba
> Cc: Alper Yegin; pana at ietf.org
> Subject: Re: [Pana] AD review resolutions
> 
> Yoshihiro Ohba wrote:
> > On Tue, Mar 06, 2007 at 03:20:13PM +0200, Alper Yegin wrote:
> > (snip)
> >
> >> [6] How do the peers identify each other?
> >>
> >> Resolution: By looking at the IP address and port number. Make sure to
> >> document that.
> >>
> >
> > I thought the comment was only for PCI.  For other messages,
> > Session-Id and IP address of PAA would be sufficient to identify the
> > peers of the session, otherwise, PANA-Update with chaning PaC's IP
> > address would not work.
> >
> I believe Alper indicated that the session ID alone could be used.
> 
> There is, of course, an assumption here that the destination IP address
> has to be one that will cause the packet to arrive on the PAA. The
> subtlety is whether or not the PANA code is supposed to use the IP
> address as part of its session context lookup. I think not, but the text
> above makes me wonder if we agree.
> 
> - Mark
> > Yoshihiro Ohba
> >
> >


_______________________________________________
Pana mailing list
Pana at ietf.org
https://www1.ietf.org/mailman/listinfo/pana