Re: [Pana] status of wg documents
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Pana] status of wg documents
Hi Glen,
On 6/8/09 10:59 PM, "ext Glen Zorn" <gwz at net-zen.net> wrote:
> Basavaraj.Patil at nokia.com [mailto:Basavaraj.Patil at nokia.com] writes:
>
> ...
>
>> As I have said in an earlier email, I do not see IPsec essentially
>> being
>> used as a means to secure the access link (between the PaC and EP).
>> Either
>> the link technology itself has its own security mechanism or the client
>> simply uses IPsec VPNs if security is desired.
>
> Fair enough, though you leave out what is by far the most popular option (in
> the absence of a standard): none. However, I'm much more interested in the
> security of the PAA-EP link. RFC 5191 says that
>
> The protocol exchange between the PAA and EP for provisioning authorized
> PaC information on the EP must be protected for authentication, integrity,
> and replay protection.
We had a pretty lengthy discussion about this. The PAA/EP can be colocated
or could be separate. In the case where the PAA/EP are separate, the link
needs to be secured. The conclusion (in the WG) was that the security
mechanism between the PAA and EP is a choice of the deployment and hence
does not need to be specified.
>
> but I can't find anything in any document that says how to do this. What am
> I missing?
Does the above explanation help?
-Raj
>
> ...
>
>
Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.
