[Pana] Re: Sam's IESG comments

To: Alper Yegin <alper.yegin at yegin.org>
Subject: [Pana] Re: Sam's IESG comments
From: Mark Townsley <townsley at cisco.com>
Date: Mon, 25 Jun 2007 19:07:32 +0200
Authentication-results: sj-dkim-2; header.From=townsley@cisco.com; dkim=pass ( sig from cisco.com/sjdkim2002 verified; );
Cc: 'Jari Arkko' <jari.arkko at piuha.net>, 'Sam Hartman' <hartmans-ietf at mit.edu>, pana at ietf.org
Dkim-signature: v=0.5; a=rsa-sha256; q=dns/txt; l=2560; t=1182807328; x=1183671328; c=relaxed/simple; s=sjdkim2002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=townsley@cisco.com; z=From:=20Mark=20Townsley=20<townsley@cisco.com> |Subject:=20Re=3A=20Sam's=20IESG=20comments |Sender:=20; bh=QfDowEFO+hSt/RdMp/xtAW27LAEthuj768FcST8WqMA=; b=0Bqqsr6P131wUuwNICv3KQEPTjCqMmjeCQJBjrjjZBX7UGEKKA1N8/B4TJAAPvj6IjQDJhiz PFqOBHMhrn1NXz2gpAmT83CVCjTRZYnq2QQYC9jmNaFsxBaqLnhSsgft;
In-reply-to: <0MKp8S-1I2SWu0w2E-0002tb@mrelay.perfora.net>
List-help: <mailto:pana-request@ietf.org?subject=help>
List-id: Protocol for carrying Authentication for Network Access <pana.ietf.org>
List-post: <mailto:pana@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/pana>, <mailto:pana-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/pana>, <mailto:pana-request@ietf.org?subject=unsubscribe>
References: <0MKp8S-1I2SWu0w2E-0002tb@mrelay.perfora.net>
User-agent: Thunderbird 1.5.0.12 (Macintosh/20070509)

Alper Yegin wrote:

The framework document says that sometimes a PAC is expected to
reconfigure its address after PANA.  The PANA protocol has no
normative discussion of this.  In order to get interoperable
implementations, you need to clearly indicate when address
configuration is required.  Perhaps you are deferring this to future
documents.  If so, then the framework should indicate that unless a
PAC implements a protocol extension that mandates address
reconfiguration and that protocol extension is used, then the PAC need
not do address configuration.  Or, if address reconfig is supported in
the base protocol, you need to have normative language describing it.

-> We had thought about it and even designed an AVP to tell PaC what
mechanism to use for re-configuration. Version 12 of the spec included not
only an indication that the PaC shall reconfigure a new IP address but also
the name of the mechanism to use (DHCPv4, DHCPv6, stateless addr. autconf,
IKEv2, etc.).

-> Then we realized we were stepping outside the scope of the access authentication, and we decided to remove it. We decided that anything with IP address configuration is outside the scope.

-> Would you suggest we re-introduce what we had but only with a one-bit info that says "PaC shall configure a new IP address" (without enumerating any specific address config mechanisms)?

Sam, the notification of an IP address change in the PANA protocol itself was among the items that we removed in order to reduce PANA's complexity. If the IP address changes for some reason, whether it is configured via DHCP, SA, IKE, IPCP, or manually, PANA would need to react like any other protocol that would be affected (e.g., TCP) by this. I believe we discussed that ending the current session and restarting PANA would be a perfectly reasonable thing to do, but not certain that this made it into the text.

You suggest that PANA try and indicate when address configuration is required. Trying to enumerate this is due to the number of environments PANA wishes to applicable in and the number of ways an address may be configured sends the author and the reader out into the weeds rather quickly. Rather, I believe in the base framework and protocol spec it is sufficient to say that the IP address may change, and if it does PANA needs to know this and may need to restart. Specific "PANA with Foo" specifications may make this recommendation more precise if need be.

- Mark

_______________________________________________
Pana mailing list
Pana at ietf.org
https://www1.ietf.org/mailman/listinfo/pana

Follow-Ups:
- [Pana] RE: Sam's IESG comments
  - From: Alper Yegin
- RE: [Pana] Re: Sam's IESG comments
  - From: MORAND Lionel RD-CORE-ISS

References:
- [Pana] Sam's IESG comments
  - From: Alper Yegin

Prev by Date: Re: [Pana] IESG Review of protocol and framework documents
Next by Date: RE: [Pana] Re: Sam's IESG comments
Previous by thread: Algorithm negotiation [was Re: [Pana] Sam's IESG comments]
Next by thread: RE: [Pana] Re: Sam's IESG comments
Index(es):
- Date
- Thread

[Pana] Re: Sam's IESG comments

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.