IETF 66 PANA WG Meeting ----------------------- Chair: Alper Yegin Minutes Taker: Julien Bournelle, Hannes Tschofenig MT: Mark Townsley AY: Alper Yegin YO: Yoshihiro Ohba LM: Lionel Morand JA: Jari Arkko SD: Subir Das GZ: Glen Zorn R.?: Robert ??? RM: Roberta Maglione 1. Agenda - 2 hours ------------------- No comments on the agenda 2. WG Document Status ---------------------- Presented by Alper Yegin - IETF Last Call pana-pana pana-fwk - pana-ipsec. Do we need to review it or not? MT: Will that doc change based on the reorganization? AY: After this discussion, it may change. MT: Ok we'll see it. 3. PANA FWK Status ------------------- Presented by Alper Yegin Slides: http://www3.ietf.org/proceedings/06jul/slides/pana-0.ppt last call completed + IETF ML * fwk-06 WiFi interaction Lots of clarifications Informational RFC preferred "associated" instead of "bound" IKEv1 is a MUST and IKEv2 is optional * Considerations - PAA-EP separation - PAA to EP protocol ? This is a gap to be filled but orthogonal to the base spec. - concern about SNMP for config. ? Deployments are not forced to use SNMP - case were the Link - Layer is already secured - pana-ipsec Details will be removed from the FWK document. We will keep it as a separate document. - L2 security Will remove the details from FWK document - Simplify the FWK doc. will remove lof of stuff: section 6,7,8,9 - Independent documents for WiFi and DSL networks are planned. - IEEE feedback IEEE feedback indicates that the uncontrolled port does not allow PANA. Conclusion: plan is to simplify the document MT: what about the separation of discovery AY: wait for yoshi's presentation about PANA spec. 4. PANA Spec update and issues ----------------------------- Presented by Yoshi Slides: http://www3.ietf.org/proceedings/06jul/slides/pana-1.ppt * Progress review done PAA discovery ------------- Yoshi proposes to keep the discovery in the spec. Mark thinks that it should be removed from the document. Jari suggests to only have DHCP. Additional methods can be defined in the future, if needed. Julien asks how it would work if there is no discovery specified. Mark: DHCP is described in a separate document. Jari: Does the base spec point to the dhcp spec. Julien: Yes. Jari: It could. But not needed. Mark: I don't see a problem with moving the DHCP document forward. If you can decide for a simple discovery mechanism then it would be a nice step forward. If you cannot make this decision then you might want to treat the aspect separately. Subir: You could decide to only support one discovery method. Mark: Is DHCP a good mechanism? You can still decide if you need additional mechanisms later. It is simple and practical. I don't see a problem with the document. Referencing DHCP from the base spec would be good. Lionel: I don't think we close the door for other discovery mechanisms. Comparison with SIP was given. Glen: I agree with DHCP as a discovery proposal. Julien: Should we then remove the PANA discovery message? Yoshi: No. It can use unicast. Jari: Make sure that the text focuses on unicast. Mark suggests to remove the discovery messages. He got the impression that would be a real simplification. No decision on this aspect was made. Remove NAP and ISP ------------------ Yoshi: Suggestion to remove it. Retransmission Timer ------------------- Conflict in the algorithm. Keep the DHCPv6 retransmission timer algorithm and delete TCP retransmission timer algorithm reference Minor issues (slide 8) 5. PANA-ipsec ------------- Presented by Yoshi instead of Mohan * SECDIR comments Ran Caneti and Lakshminath Hannes: If we remove the discovery messages as Mark suggested then Mohan needs to reflect this in the document as well. MT: if we remove things from other documents, we also need to take this into account for ipsec. 6. pana-snmp: ------------- Quick presentation by Yoshi minor updates: just one change, it is related to EP-PAA notification to notify the PaC presence ? JB: EP-PAA notification considered as a Discovery mechanism ? YO: i think we can keep it. 7. DHCP discovery mechanism --------------------------- presented by Lionel Morand Lionel briefly tasks about the draft updates and the discussions. Mark: Are there references from the PANA work to the DHCP document? Lionel: Currently, there aren't. Mark: Are there references from the DHCP document to the PANA document? Linonel: Yes, there is an informative reference. There is a discussion where the DHCP document is going to be. We had a similar with the MIP6 working group, says Alper. Will be decided after talking to the DHC chairs. 8/ PANA for Broadband Access ---------------------------- presented by Roberta Maglione Slides: http://www3.ietf.org/proceedings/06jul/slides/pana-2.ppt Roberta goes through her slides. She starts with a discussion about DSL access authentication scenarios. Richard Price: The entire access network is available to attacks. There is no real difference between the approaches. Lionel: For the flat rate scenario you don't need authentication. Roberta: Yes, you need. Lionel: I think that the requirement is to apply different charging policies based on the different services. Subir: What additional things do you need todo in PANA? Roberta: You have to add a few attributes regarding time stamps. Subir: He does not believe it. You are assuming that the start of the session is the start of the PANA successful authentication session. Roberta: I need the time when the accounting policy changes. Subir: Are you required to reauthenticate it when you run a new service? Mark: Is the flat rate session a PANA authenticated session? Roberta: Yes. Lionel: I guess you need to write a "PANA usage for DSL environment" document. Richard Price: You can use a number of solutions to accomplish the same goal. Alper: People interested in this scenario should get together. 9. PANA for the Mobile IPv6 Integrated case ------------------------------------------- Presented by Julien Bournelle Slides: http://www3.ietf.org/proceedings/06jul/slides/pana-3.ppt Does the group wants this? Subir: We already have the DHCP solution? Alper: DHCP would be one mechanism to use MIP6 bootstrapping. Mark: Why does someone wants to avoid using DHCP? Julien: It is an optimization. Lionel: Since we have DHCP for the discovery then there is sense in avoiding DHCP. Yoshi: We can avoid roundtrips. If we allow this solution then we should allow carrying many other DHCP options in PANA as well. Subir: What in terms of messaging can you really save? I don't think you can save a lot of messaging. Julien: There is another advantage. The home address could be encrypted. Subir: The PaC might have a security relationship with the PAA but not with the PaC. That could be another advantage. 10. Next steps -------------- Revise documents. Submit them to IESG. Mark: It is great that you guys are willing to make the changes.