Diameter Maintenance and Extensions WG
======================================

MONDAY, November 9, 2009
0900-1130  Morning Session I

Room: Cattleya East


* Status Update (Hannes)


* Diameter NAT Control Application (Sri Gundavelli)
          http://www.ietf.org/id/draft-ietf-dime-nat-control-01.txt

 o Sri Gundavelli presenting on behalf authors: NAT Control Application
 o input from WG reflected in the -01
 o IPv6 suppiort? (AFT Control, NAT66)?
 o none read -01 ;)
 o Volunteers to review the document
      - jouni, tom taylor, hannes, glen zorn
          
* Diameter ERP (Sébastien)
          http://www.ietf.org/id/draft-ietf-dime-erp-02.txt

 Issue #1 Handovers 
 Glen: Auth in ERP has little to do with Diameter
       There's means to inform NAS if change of authorization happens
 Glen: bad idea to couple ERP with a mobility applications
 Glen: why should home domain know about mobility in visited domain
 Tom: Home domain needs to knpw which business entity it is talking with,
      not really about the current point of attachment.
 Simon Mizikovsky: the security association is delegated to local AAA.. all
      mobility should be transparanet to it. 
      Accounting provided by acct client, where ever it is. 
 Glen: each auth generates a new session id, so acct must use the new session
      id. You cannot also assume the operator provides a homogenous network.
 Simon: example from ViMAX. Uses long time id to correlate accounting sessions
      accross different authentication sessions.
 Dirk: ViMAX introduced just another id for this purpose.
 Hannes: summary - home domain does not need to be aware
                 - not to couple with mobility
                 - ?
 
 Issue #2; authorization
 Glen: ERP Diam does not need to do synchronized authz.. Diam authz can be
       done in parallel otherwise you lose most benefits of ERP.
 Simon: ...
 Hannes: summary:
     - decouple auth and authz, and run them separately
 
         
* Realm-Based Redirection In Diameter (Tom)
          http://www.ietf.org/id/draft-ietf-dime-realm-based-redirect-02.txt
          
 o all redirect usage is ALL_REALM
 o new application
 o 1 person read -02
 Victor: has all recent comments been resolved.
 Tom: latest was the application id
 Hannes: reviewers before WGLC
    - Sebastien, jouni, glen, mark jones, victor
    
* The Diameter Capabilities Update Application (Glen)
          http://www.ietf.org/id/draft-ietf-dime-capablities-update-00.txt

 Glen: no progress since Stockholm
 Hannes: what comments received?
 Glen: Sebastien mentioned some security threats.. but glen thinks they are not.
    there is no problem to bring down and up connection again to fix possible security issue.
 Hannes: when a new revision?
 Glen: in Nov timeframe
 


Goal: Determine what is needed to finish the document.
          
* Diameter User-Name and Realm Based Request Routing Clarifications (Jouni)
  http://tools.ietf.org/html/draft-ietf-dime-nai-routing-04

 Done.

          Goal: Close remaining open issues.
          
-- NEW / NON-WG DOCUMENTS
          
* Diameter Extended NAPTR (Jouni)
  http://tools.ietf.org/id/draft-jones-dime-extended-naptr-00.txt

 o Poll for WG item adoption: 7 for this work in Dime.
 o No one against
 
* Diameter Priority AVPs (Ken)
  http://tools.ietf.org/id/draft-carlberg-dime-priority-avps-00.txt

 Tom to review.
          
* Diameter Parameter Query (Ray)
  http://tools.ietf.org/id/draft-winterbottom-dime-param-query-01.txt

 o Comes from emergency work.
 Tom: reflects to ERP issue whether the AAA server needs to know about the
      exact point of attachment,
 Hannes: for legal interception things you need to know these in real time.
 Simon: it's useful, but in terms of emergency it might not work, as the session
      could be established from a terminal that has no identity.
 Hannes: we are going to talk about unauth emergency services in EMU & ECRIT
 Dan: backs up Simon. Requirements needed from other WGs?
 
                   
* Diameter Attribute-Value Pairs for Cryptographic Key Transport (Qin)
  http://tools.ietf.org/id/draft-wu-dime-local-keytran

 o Qin asking for WG interest?
   - 3 likes it (glen, simon, ..)
 Sebastien: is it possible not define a group but just distinct AVPs so others
   could use them also directly
 Glen: does not see point in that
 Glen: the name does not need to be "EAP-Key".. should be something more
   generic. 
 No objections of any form.
 Glen: proposes for WG acceptance
 Hannes: to be confirmed on the mailing list.
 
* AAA Support for PMIP6 mobility entities Locating and Discovery during localized routing (Qin)
  http://tools.ietf.org/id/draft-wu-dime-pmip6-lr
          
  simon: inter-LMA.. can LMAs be in different networks
  glen: as long as security associations are in place, LMAs/MAGs can talk with
    each other independent in which network they are located.
  simon: which AAA meant here. The AAA of MN or the AAA of CN?
  glen: someone in the AAA tree ;)
  jouni: feature-vector could be used for authorization..
  glen: ok
  hannes: asking for WG opinion..
  jouni: for adopting the doc or working on it more?
  glen: doc does not need to be perfect for adopting to work on something
  dan: certain level of maturity of doc is needed ...
  ..discussion on document adoption principles..
  hannes: working on this problem space?
    - for 6
    - none objects
  
  
* draft-cakulev-ikev2-psk-diamter-00
       
 o Background on draft-ietf-dime-mip6-split, which now lacks PSK support
   Solution:
   - new application
   - new AVPs
   - new command
  Target:
   - X.S0058 WiMAX-eHRPD interworking; core network aspects
   - X.S0047 Mobile IPv6 enhancements
   - WiMAX NGW Stage3 interworking scenario

  Hannes: this was removed due some reasons earlier from -split
  jouni: it was requested by security folks in IESG
  hannes: let folks look this?
  simon: the procedures are already defined in SDO specific documents but it is
    intended to be used between access techs, so that's why we want IETF
    document describing it.
  qin: this could also be used in localized routing context..
  simon: current procedures are inplemented based on radius.
  jouni: should be checked with jari arkko and pasi eronen whether the new
    proposal is OK with them.. as they had issues with -split PSK earlier.
  glen: likes the document.
  hannes: supporting dirk, glen, tom, tina, qin and of course cakulev & simon
  hannes; reviewers?
  
* other stuff
     
  o Hannes speaking of making a bis of Diameter Credit Control RFC4006. Some of
    the known bugs should be fixed.
  
  o RFC3588bis proto writeup coming.
  
  o Design guidelines reviews:
    - Sebastien, tom, 
  
  o QoS Attributes still two DISCUSSes open
    - two other documents blocked by it (-split and -pmip)
  
  o MIBs
    - base updated but not uploaded
    - credit control still to be updated