Handover Keying (hokey) Working Group MINUTES  

Chairs  : Glen Zorn (gwz@net-zen.net)

          Tina Tsou (tena@huawei.com)

URL     : http://tools.ietf.org/wg/hokey/

Minutes : Version 1.0 (draft)

Meeting : IETF 77; Anaheim, California USA

=========================================================

Session 1

Date    : Wednesday, 24 March 2010

Time    : 10:300–11:30

Location: California D

=========================================================

Welcome & Administrivia (10 minutes)

• Bluesheets
• Jabber scribe: Tim Polk
• Minute Taker: Sebastien Decugis

Document Status (5 minutes, Chairs)

All of the previous WG documents have either been published as RFCs or are in the hands of the RFC Editor.  One of the purposes of this meeting is to begin to choose a new set of documents to work on from the set of candidates.

 

Proposed New WG Drafts (40 minutes)

Hokey Architecture (Tom Taylor)

I-D       :   https://datatracker.ietf.org/doc/draft-hoeper-hokey-arch-design

Charts    :   http://www.ietf.org/proceedings/10mar/slides/hokey-2.ppt

Discussion:  

Slide 3:

- The list points to existing work, not all items are new.

 

Glen: Problem with the word "authenticator". Use "Network access point" instead.

 

Slide 4:

- model 1: We need a new L3 protocol to carry EAP packets.

 

Glen: Can use PANA instead of something new.

(Lady, sorry I did not get the name): Can we re-use another protocol instead of a new one (from other SDO)?

      In inter-technology handovers, we already do pre-authentication, so there are existing solutions.

Qin: Not sure about the new protocol in model 2...

Lionel: We can re-use PANA if running over IP.

Glen: Make-before-break: irrelevant. Break-before-make: OK.

 

- Model 2: between serving & candidate autehtnicator: what proto ? Diameter ? PANA?

 

- Model 3: Diameter OK but new AVP to be defined inside

 

Slide 6:

- for direct model, discovery must be resolved.

 

Slide 7, 8:

- These options can be transparent to the peer, or not...

 

Slide 9:

 

Glen as chair: cannot predict the future... will they deploy more than 1? Unknown...

Tom: then we must implement everything everywhere for interoperability.

Glen: ok... it s not the time to make this decision

Tom: this document is a guideline

Glen: no, it just describes the requirements

(Sorry, minute taker got lost in exchange Tom / Glen)

Tom: there is a big difference between models 1 and (2, 3).

     If we support more than 1 model, we might limit interoperability.

Glen: this must be discussed on the list.

Lionel: Can the solution to be defined support more than 1 model in the same way?

         For example, model 1 is a fallback in case of another attempt failed?

Qin: answer to Glen: it is easy to use L2 or L3 protocol to distinguish between the models.

Tom: major concern: interoperability!

Glen: mistake between inter & intra domain... inter domain was historically out of scope.

      In intra domain, you don't have an interoperability problem.

      You can arrange for deployment to bear with interoperability.

      It does not relate to architecture.

Tina: these are different scenarios

Lionel: it will depend on the capabilities of the serving domain. You need at least one solution.

      The 3 models are guidelines from the architecture

     

Slide 10:

- Problem: how to give the key to ER server.

  5296: assumes it is on the path of original EAP auth.

 

Glen: There a problem in the diagram. The EAP entities do not speak AAA.

      There is a (transparent) transport that can be anything (incl. AAA)

Tom: it is the job of the WG to specify how they talk

Glen: no, we just need to say that the EAP entities talk.

Tom: OK, will remove AAA and output a recommendation on the transport protocols.

Sib: For Diameter ERP, we need to know the entities talking and the message flow.

Lionel: we can just put EAP frames on the diagram. For authentication, it is OK to speak about EAP only.

     in "real" access, we need more information.

Glen: this document should only specify what is needed to support HOKEY. No telling how to do it.

Qin: to sum up: Diameter is not mandatory, you can use others

Glen: confirmed.

 

Slide 16:

 

Glen: how many people read the draft?

~ 7, 8 arms raised.

 

Glen: who would commit to really comment on the document, in the next month?

~ 5, 6 people

 

Glen: OK good, wait for comments, then we will discuss on the ML if we want to adopt in current shape.

 

Lionel: why it is not a WG document yet?

 

Glen: the work is in the charter, but the second bullet on the slide is not yet answered.

 

Tim: yes, we need to know it is going in the good direction before it becomes the WG document.

 

Glen: as chair, no problem with the document.

=========================================================

Session 2

Date    : Thursday, 25 March 2010

Time    : 15:10–16:10

Location: Huntington

=========================================================

Welcome & Administrivia (10 minutes)

• Jabber scribe: Tim Polk
• Minute Takers: Dorothy Stanley

 

Proposed New WG Drafts (45 minutes)

• EAP Re-authentication Protocol Extensions for Authenticated Anticipatory Keying (Zhen Cao, 15 minutes)

Internet-Draft: http://tools.ietf.org/html/draft-wang-hokey-erp-aak

Charts: http://www.ietf.org/proceedings/10mar/slides/hokey-3.ppt

Discussion:

• ERP is specified in RFC5296
• Protocol overview, see slides
• Review Packet and TLV extensions: Extend the EAP-Initiate message to indicate early authentication.
• Question on protocol overview slide, step 5. Why is the second line needed? May be additional steps.

• Shall we accept this as a WG work item?
• Chair asked for a hum re: is this a reasonable work item? Low hum. Objections? No objections. Confirm the decision to adopt this work item and document on the mailing list.
• Inter-domain handover vs. intra-domain. ERP cannot be used for inter-domain handover, only intra-domain handover. Work on inter-domain handover will require re-chartering.

§  The Local Domain Name DHCP Option (Qin Wu, 15 minutes)

Internet-Draft: http://tools.ietf.org/html/draft-wu-hokey-ldn-discovery

Charts:  http://www.ietf.org/proceedings/10mar/slides/hokey-1/hokey-1_files/frame.htm

Discussion:

• Local Domain Name Discovery has been discussed in IETF 75 & 76; the task was adopted as a WG item.
• Changes made to remove 2 scenarios for LDN allocations, added one new DHCP option.
• Review terminology – home domain, local domain, local domain name.
• Review Protocol operation for LDN discovery
• Chair asked for a hum of objections to adopting this document as the base version for the work item. No objection.
• How many people read the document? 3.
• Adopt, pending confirmation on the mailing list.

Wrap-Up (5 minutes, Chairs)