[09:00:37] --- jimsch1 has joined
[09:00:46] --- rjaksa has joined
[09:01:01] --- hartmans has joined
[09:03:55] --- mrichardson has joined
[09:04:03] <mrichardson> are there any documents for this BOF?
[09:04:10] <mrichardson> proposed charter?
[09:04:12] <mrichardson> statement of problem?
[09:04:32] --- sftcd has joined
[09:05:37] --- mrichardson has left
[09:05:46] --- kivinen has joined
[09:07:15] --- washad has joined
[09:07:25] <washad> there are many drafts
[09:08:20] --- bonninjm@jabber.org has joined
[09:08:20] --- woj has joined
[09:08:47] --- mrichardson has joined
[09:09:16] <mrichardson> can pointers to them be posted here, since they wasn't a linked-to BOF blurb in the agenda.
[09:09:46] --- jimsch1 has left
[09:10:15] --- HannesTschofenig has joined
[09:10:45] <HannesTschofenig> Can someone tell me what is happening?
[09:11:37] <woj> this new approach to the BoF is not very good. If anyone is in the room, could you please ask the chair to post/upload the docs?
[09:12:51] --- ja has joined
[09:12:52] --- miaofy has joined
[09:14:20] <rjaksa> 1. Agenda Bashing                                                                  5 min         All 2. Process explanation                                                           10 min       Bellovin 3. EAP-EXT                                                                            20 min       Dondeti 4. Pre-authentication                                                             20 min       Ohba 5. Handover keying                                                                20 min       Nakhjiri 6. Directed questioning                                                          80 min       Open
[09:15:34] <washad> draft-ohba-hokeyp-preauth-ps-00
[09:20:13] <rjaksa> current discussing http://www.ietf.org/internet-drafts/draft-dondeti-eapext-ps-00.txt
[09:20:19] --- fparent@jabber.org has joined
[09:20:43] --- richard.barnes has joined
[09:23:54] --- Melinda has joined
[09:25:40] <richard.barnes> Is there a scribe for this session?
[09:30:59] --- patchvonbraun has joined
[09:31:38] * mrichardson will scribe a small amount.
[09:31:44] <mrichardson> "What is pre-authentication"
[09:31:57] <rjaksa> now discussing http://www.ietf.org/internet-drafts/draft-ohba-hokeyp-preauth-ps-00.txt
[09:31:57] --- aboba has joined
[09:32:08] <mrichardson> unfortunately, I don't really get where we are going here.
[09:32:38] <mrichardson> pre-authentication moves the network access to before the L2-handoff.
[09:34:08] --- ldondeti has joined
[09:35:33] <mrichardson> okay, I think I get it... the mobile node does EAP with new network before leaving old network.
[09:36:16] <mrichardson> "Basic pre-auth AAA requirements"
[09:36:34] <mrichardson> -- AAA needs to know that this is a pre-authentication not normal authentication due to
[09:36:51] <mrichardson> --- single login, not allowed preauth, something about timeout.
[09:37:05] <mrichardson> --- AAA needs to know how long to hold session before timing out.
[09:37:15] <aboba> Distinction between Session-Timeout and Preauth-Timeout attributes in AAA.
[09:37:17] <mrichardson> s/---/--/
[09:38:03] <hartmans> Hmm, I thought this was the level of detail Steve explicitly said we'd not be getting to.
[09:38:32] <mrichardson> I guess the MN has some way to know which network it is moving to, I guess, it can already hear the new network?
[09:39:05] <hartmans> Or they also talk about talking to the new network over l3 even though they cannot connect to it yet.
[09:39:06] <aboba> For effective Preauth, typically the MN needs to discover the target before it can hear it (overlap area may not be large enough to complete pre-auth).
[09:39:46] <aboba> This is handled by some sort of Neighbor Report (e.g. 802.11k, 802.21, etc.)
[09:41:01] <ldondeti> Here is the first presentation: http://www.employees.org/~ldondeti/IETF66EAPExtv2.ppt
[09:41:16] <ldondeti> Please let me know if it's (not) accessible
[09:42:56] <rjaksa> got it...
[09:43:19] <ldondeti> cool
[09:43:22] --- vidya has joined
[09:44:09] <rjaksa> not discussing http://www.ietf.org/internet-drafts/draft-nakhjiri-hokey-hierarchy-02.txt
[09:44:21] <rjaksa> now discussing...
[09:59:39] --- nico has joined
[10:00:42] --- mrichardson has left
[10:01:12] <nico> PDF please
[10:01:38] --- mrichardson has joined
[10:02:08] <mrichardson> Idondeti, please product a PDF.
[10:02:58] --- mrichardson has left
[10:03:28] --- mrichardson has joined
[10:03:45] <ldondeti> http://www.employees.org/~ldondeti/IETF66EAPExtv2.pdf
[10:03:49] <nico> so, pre-auth here means something very different from what it means in Kerberos, yes?
[10:03:54] <nico> thank you
[10:04:04] <ldondeti> np
[10:04:04] <ldondeti> np
[10:04:05] <rjaksa> some of these slides are available in http://www3.ietf.org/proceedings/06mar/slides/hoakey-1/sld1.htm
[10:06:19] --- richard.barnes has left
[10:08:07] <rjaksa> presentations are over... now for the brainstorming or whatever...
[10:09:06] --- mrichardson has left
[10:09:26] <nico> ah, the last paragraph of draft-ohba-hokeyp-preauth-ps-00.txt defines the term "pre-authentication" in this context
[10:09:35] <aboba> The interrogation begins.
[10:09:47] <rjaksa> slides are available at http://www.cs.columbia.edu/~smb/hoakey/
[10:11:23] <rjaksa> the 3 presenters are sitting stage right; the interrogator is stage left
[10:11:57] <hartmans> Do we have people listening via audio
[10:12:25] <nico> so, the long and the short of it is: use an already established peer<->authenticator session and EMSK when the peer talks EAP to a new authenticator for handover, so that we're not really authenticating anything other than that the peer was already authenticated at the other point, that also being sufficient for authorization
[10:12:34] <nico> I might like audio
[10:12:41] <nico> where's the feed?
[10:12:48] <rjaksa> the court reporter is working on getting his notebook to display
[10:13:10] <woj> I'm on audio, but it would be better if presenters spoke into the mike
[10:13:52] <aboba> Fiddling with the video setup, assorted mumbling....
[10:14:12] <rjaksa> mics will be used
[10:14:44] <rjaksa> emacs editor started... the inquiry will begin
[10:14:49] <aboba> Problem we are trying to solve:
[10:15:05] <nico> got audio, thanks
[10:20:24] <nico> hum
[10:20:26] <nico> for
[10:20:42] <nico> hum for
[10:29:19] <nico> does this need a WG? Or can it be fit into EMU?
[10:30:27] <vidya> by definition, it is method agnostic and I don't think it fits into EMU
[10:30:52] <nico> but it looks like a pseudo-mechanism
[10:31:10] <nico> i.e., it's a mechanism from the peer's and authenticator's p.o.v.
[10:31:56] <vidya> sure, but regardless of the EAP method run in the first exchange, the goal is to re-authenticate via proof of possession of key material from the full exchange
[10:32:10] <nico> yes, but it's a pseudo-mechanism
[10:32:52] <nico> how much work will it take to get these docs out? does it warrant a WG or can it fit in EMU?
[10:32:56] <hartmans> No, it's not.
[10:33:09] <nico> sam: there's framework behind it
[10:33:10] <hartmans> It's mostly outside of EAP. At least with some proposals.
[10:33:24] <nico> ok, I'd only looked at one doc
[10:36:18] <ldondeti> so perhaps what's getting lost here is that while 802.11r has a solution, it's not clear whether 802.16 is going to use that as is
[10:36:26] <ldondeti> same goes for other SDOs
[10:36:51] <ldondeti> like someone was saying earlier, the IETF may be forum where we can do a solutions that works for everything
[10:37:24] --- richard.barnes has joined
[10:37:29] <ldondeti> so in case of 11r within ESS the 11r solution can be used (if domino effect is not an issue) and EAP-ER might be used if a STA roams beyond an ESS
[10:38:33] --- richard.barnes has left
[10:39:29] --- richard.barnes has joined
[10:39:38] --- richard.barnes has left
[10:39:50] --- richard.barnes has joined
[10:41:48] --- sftcd has left
[10:48:40] --- woj has left
[10:49:16] <aboba> Pronoun police.
[10:50:19] * hartmans is concerned that this will not converge in 40 minutes
[10:50:55] <ldondeti> I don't think so either
[10:51:31] --- richard.barnes has left: Logged out
[10:53:22] --- jimsch1 has joined
[10:54:06] --- jimsch1 has left
[10:56:12] --- nov has joined
[11:01:25] --- Melinda has left
[11:04:40] <vidya> a lot of questions with no resolution and we seem to be moving from one to another and back with no clarity
[11:07:26] --- danwing has joined
[11:07:36] --- HannesTschofenig has left
[11:09:09] --- stefans has joined
[11:10:01] --- nico has left
[11:16:53] --- sftcd has joined
[11:18:38] --- miaofy has left
[11:21:42] --- washad has left
[11:23:11] --- miaofy has joined
[11:23:17] --- kivinen has left
[11:25:30] --- patchvonbraun has left
[11:28:54] --- bonninjm@jabber.org has left
[11:31:47] --- hartmans has left
[11:32:39] --- aboba has left
[11:33:00] --- sftcd has left
[11:33:29] --- nov has left
[11:33:46] --- rjaksa has left
[11:33:57] --- fparent@jabber.org has left: Logged out
[11:34:18] --- ja has left
[11:34:33] --- vidya has left
[11:34:40] --- ldondeti has left
[11:40:25] --- danwing has left: Replaced by new connection
[11:41:35] --- miaofy has left
[13:03:47] --- stefans has left
[19:18:10] --- aboba has joined
[19:18:20] --- aboba has left