IETF Protocol for carrying Authentication for Network Access

Alper Yegin | 1 Jun 2011 10:32

Re: Explicit error indication

Yoshi,

I'm afraid my worries are coming true. I was worried that this would grow on
us. Now we are talking about supporting different classes of error cases.
Most probably we'd have to define bunch of error types. We'll try to be
complete there. And then there are also case handling (e.g., whether session
id is available, etc.). On top of that, defining general error messaging in
this "extension" draft is not the right thing. That better have a separate
base, if we decide to do such a work. One more thing: this impacts the PaC.
Relaying did not have any impact on the PaC until that.

On top of that, defining such error signaling is something we had debated
long time in the base spec development and had agreed to remove. And again
we had the same discussion in the context of PANA-relay, and then again
decided to remove. Both after long debates and coming to conscious
decisions. Such error messages are not useful for protocol operation, it is
only good for debugging. As far as I know, we don't do these kind of error
signaling in our IETF protocols. Silent discarding and optionally logging an
error is what we do.

I'm recapping Jari's email below. I'd like to go with his "I don't mind that
we skip specifying this functionality now.", and take care of his "At the
very least, we should
specify what happens if you end up receiving an already relayed message." as
follows:

	If the PRE is not configured with any PAA information, it SHALL
silently discard the 
	incoming PANA messages and it MAY log an error.

(Continue reading)

headers

Yoshihiro Ohba | 1 Jun 2011 12:10

Re: Explicit error indication

Alper,

If Jari is ok with your suggested text, there is no reason for me to
object it.

Regards,
Yoshihiro Ohba

(2011/06/01 17:32), Alper Yegin wrote:
> Yoshi,
> 
> I'm afraid my worries are coming true. I was worried that this would grow on
> us. Now we are talking about supporting different classes of error cases.
> Most probably we'd have to define bunch of error types. We'll try to be
> complete there. And then there are also case handling (e.g., whether session
> id is available, etc.). On top of that, defining general error messaging in
> this "extension" draft is not the right thing. That better have a separate
> base, if we decide to do such a work. One more thing: this impacts the PaC.
> Relaying did not have any impact on the PaC until that.
> 
> On top of that, defining such error signaling is something we had debated
> long time in the base spec development and had agreed to remove. And again
> we had the same discussion in the context of PANA-relay, and then again
> decided to remove. Both after long debates and coming to conscious
> decisions. Such error messages are not useful for protocol operation, it is
> only good for debugging. As far as I know, we don't do these kind of error
> signaling in our IETF protocols. Silent discarding and optionally logging an
> error is what we do.
> 
> I'm recapping Jari's email below. I'd like to go with his "I don't mind that

(Continue reading)

headers

Yoshihiro Ohba | 9 Jun 2011 05:46

Fwd: [IANA #454490] Last Call: <draft-ohba-pana-relay-03.txt> (Protocol for Carrying Authentication for Network Access (PANA) Relay Element) to Proposed Standard

We have received the following question from IANA.

Since the 'R' (Request) bit is not set for PANA-Relay, I think it
should be filled with "Ans" (not "Req").

BTW, I've found that PCI, for which the 'R' (Request) bit is not set,
is filled with "Req" in the IANA registry.  I think this should have
been filled with "Ans" as well.

Any opinions?

Yoshihiro Ohba

-------- Original Message --------
Subject: [IANA #454490] Last Call: <draft-ohba-pana-relay-03.txt>
(Protocol for Carrying Authentication for Network Access (PANA) Relay
Element) to Proposed Standard
Date: Wed, 08 Jun 2011 20:37:04 +0000
From: Amanda Baber via RT <drafts-lastcall <at> iana.org>
Reply-To: drafts-lastcall <at> iana.org
CC: paduffy <at> cisco.com, samitac2 <at> gmail.com,
robert.cragie <at> gridmerge.com, yoshihiro.ohba <at> toshiba.co.jp,
alper.yegin <at> yegin.org, iesg <at> ietf.org

IESG:

IANA has reviewed draft-ohba-pana-relay-03.txt and has the following
comments:

IANA has questions about the IANA Actions in this document.

(Continue reading)

headers

Alper Yegin | 10 Jun 2011 09:58

Re: Fwd: [IANA #454490] Last Call: <draft-ohba-pana-relay-03.txt> (Protocol for Carrying Authentication for Network Access (PANA) Relay Element) to Proposed Standard

I didn't understand why IANA assignment cares about the Req/Ans bit. Is it really needed for IANA assignments?

If we need to use it, one option is to put “not applicable for PCI and PRY”.

And if that’s not acceptable/practical, then I’d say marking both PCI and PRY with Req is OK. We could perceive them as requests that do not expect answers. They are one-way messages. This is more logical to me than to define an answer for which there is no outstanding request.

Alper

> -----Original Message-----

> From: pana-bounces <at> ietf.org [mailto:pana-bounces <at> ietf.org] On Behalf Of

> Yoshihiro Ohba

> Sent: Thursday, June 09, 2011 6:47 AM

> To: pana <at> ietf.org

> Subject: [Pana] Fwd: [IANA #454490] Last Call: <draft-ohba-pana-relay-

> 03.txt> (Protocol for Carrying Authentication for Network Access (PANA)

> Relay Element) to Proposed Standard

> We have received the following question from IANA.

> Since the 'R' (Request) bit is not set for PANA-Relay, I think it

> should be filled with "Ans" (not "Req").

> BTW, I've found that PCI, for which the 'R' (Request) bit is not set,

> is filled with "Req" in the IANA registry. I think this should have

> been filled with "Ans" as well.

> Any opinions?

> Yoshihiro Ohba

> -------- Original Message --------

> Subject: [IANA #454490] Last Call: <draft-ohba-pana-relay-03.txt>

> (Protocol for Carrying Authentication for Network Access (PANA) Relay

> Element) to Proposed Standard

> Date: Wed, 08 Jun 2011 20:37:04 +0000

> From: Amanda Baber via RT <drafts-lastcall <at> iana.org>

> Reply-To: drafts-lastcall <at> iana.org

> CC: paduffy <at> cisco.com, samitac2 <at> gmail.com,

> robert.cragie <at> gridmerge.com, yoshihiro.ohba <at> toshiba.co.jp,

> alper.yegin <at> yegin.org, iesg <at> ietf.org

> IESG:

> IANA has reviewed draft-ohba-pana-relay-03.txt and has the following

> comments:

> IANA has questions about the IANA Actions in this document.

> IANA understands that, upon approval of this document, there are two

> IANA Actions that must be completed.

> First, in the Message Types registry in the Protocol for Carrying

> Authentication for Network Access (PANA) Parameters registry located

> at:

> http://www.iana.org/assignments/pana-parameters/pana-parameters.xml

> a single, new message type will be added as follows:

> Value [ TBD ]

> Name: PANA-Relay

> IANA QUESTION --> How should the following field in the registry be

> filled in?

> Req/Ans: [ ??? ]

> Abbrev: PRY

> Reference: [ RFC-to-be ]

> IANA notes that the authors request the value "5" for the Value of this

> Message Type.

> Second, in the AVP Codes registry in the the Protocol for Carrying

> Authentication for Network Access (PANA) Parameters registry located

> at:

> http://www.iana.org/assignments/pana-parameters/pana-parameters.xml

> two new AVP Codes will be added as follows:

> Code: [tbd2]

> Attribute name: PaC-Information AVP

> Reference: [ RFC-to-be ]

> Code: [tbd3]

> Attribute name: Relayed-Message AVP

> Reference: [ RFC-to-be ]

> IANA notes that the authors have requested codes "10" and "11" for

> [tbd2] and [tbd3] respectively.

> IANA understands that these two actions are the only ones required upon

> approval of this document.

> Note: The actions requested in this document will not be completed

> until the document has been approved for publication as an RFC. This

> message is only to confirm what actions will be performed.

> Thanks,

> Amanda Baber

> IANA

> On Wed May 25 13:37:06 2011, noreply <at> ietf.org wrote:

> >

> > The IESG has received a request from an individual submitter to

> consider

> > the following document:

> > - 'Protocol for Carrying Authentication for Network Access (PANA)

> Relay

> > Element'

> > <draft-ohba-pana-relay-03.txt> as a Proposed Standard

> >

> > The IESG plans to make a decision in the next few weeks, and solicits

> > final comments on this action. Please send substantive comments to

> the

> > ietf <at> ietf.org mailing lists by 2011-06-22. Exceptionally, comments

> may be

> > sent to iesg <at> ietf.org instead. In either case, please retain the

> > beginning of the Subject line to allow automated sorting.

> >

> > Abstract

> >

> > This document specifies Protocol for carrying Authentication for

> > Network Access (PANA) Relay Element functionality which enables PANA

> > messaging between a PANA Client (PaC) and a PANA Authentication Agent

> > (PAA) where the two nodes cannot reach each other by means of regular

> > IP routing.

> >

> > The file can be obtained via

> > http://datatracker.ietf.org/doc/draft-ohba-pana-relay/

> >

> > IESG discussion can be tracked via

> > http://datatracker.ietf.org/doc/draft-ohba-pana-relay/

> >

> > No IPR declarations have been submitted directly on this I-D.

> >

> _______________________________________________

> Pana mailing list

> Pana <at> ietf.org

> https://www.ietf.org/mailman/listinfo/pana

_______________________________________________
Pana mailing list
Pana <at> ietf.org
https://www.ietf.org/mailman/listinfo/pana

headers

Yoshihiro Ohba | 11 Jun 2011 08:28

Re: Fwd: [IANA #454490] Last Call: <draft-ohba-pana-relay-03.txt> (Protocol for Carrying Authentication for Network Access (PANA) Relay Element) to Proposed Standard

Alper,

(2011/06/10 16:58), Alper Yegin wrote:
> I didn't understand why IANA assignment cares about the Req/Ans bit. 
> Is it really needed for IANA assignments?

I agree, Req/Ans distinction may not be needed for IANA assignments.

> 
> If we need to use it, one option is to put “not applicable for PCI and 
> PRY”.
> 
> And if that’s not acceptable/practical, then I’d say marking both PCI 
> and PRY with Req is OK. We could perceive them as requests that do not 
> expect answers. They are one-way messages. This is more logical to me 
> than to define an answer for which there is no outstanding request.
> 

I agree to respond with IANA that Req/Ans distinction is not
applicable for PCI and PRY, with a back up plan of marking both PCI
and PRY as Req.

Thanks,
Yoshihiro Ohba

> Alper
> 
>  > -----Original Message-----
> 
>  > From: pana-bounces <at> ietf.org [mailto:pana-bounces <at> ietf.org] On Behalf Of
> 
>  > Yoshihiro Ohba
> 
>  > Sent: Thursday, June 09, 2011 6:47 AM
> 
>  > To: pana <at> ietf.org
> 
>  > Subject: [Pana] Fwd: [IANA #454490] Last Call: <draft-ohba-pana-relay-
> 
>  > 03.txt> (Protocol for Carrying Authentication for Network Access (PANA)
> 
>  > Relay Element) to Proposed Standard
> 
>  >
> 
>  > We have received the following question from IANA.
> 
>  >
> 
>  > Since the 'R' (Request) bit is not set for PANA-Relay, I think it
> 
>  > should be filled with "Ans" (not "Req").
> 
>  >
> 
>  > BTW, I've found that PCI, for which the 'R' (Request) bit is not set,
> 
>  > is filled with "Req" in the IANA registry. I think this should have
> 
>  > been filled with "Ans" as well.
> 
>  >
> 
>  > Any opinions?
> 
>  >
> 
>  > Yoshihiro Ohba
> 
>  >
> 
>  > -------- Original Message --------
> 
>  > Subject: [IANA #454490] Last Call: <draft-ohba-pana-relay-03.txt>
> 
>  > (Protocol for Carrying Authentication for Network Access (PANA) Relay
> 
>  > Element) to Proposed Standard
> 
>  > Date: Wed, 08 Jun 2011 20:37:04 +0000
> 
>  > From: Amanda Baber via RT <drafts-lastcall <at> iana.org>
> 
>  > Reply-To: drafts-lastcall <at> iana.org
> 
>  > CC: paduffy <at> cisco.com, samitac2 <at> gmail.com,
> 
>  > robert.cragie <at> gridmerge.com, yoshihiro.ohba <at> toshiba.co.jp,
> 
>  > alper.yegin <at> yegin.org, iesg <at> ietf.org
> 
>  >
> 
>  > IESG:
> 
>  >
> 
>  > IANA has reviewed draft-ohba-pana-relay-03.txt and has the following
> 
>  > comments:
> 
>  >
> 
>  > IANA has questions about the IANA Actions in this document.
> 
>  >
> 
>  > IANA understands that, upon approval of this document, there are two
> 
>  > IANA Actions that must be completed.
> 
>  >
> 
>  > First, in the Message Types registry in the Protocol for Carrying
> 
>  > Authentication for Network Access (PANA) Parameters registry located
> 
>  > at:
> 
>  >
> 
>  > http://www.iana.org/assignments/pana-parameters/pana-parameters.xml
> 
>  >
> 
>  > a single, new message type will be added as follows:
> 
>  >
> 
>  > Value [ TBD ]
> 
>  > Name: PANA-Relay
> 
>  >
> 
>  > IANA QUESTION --> How should the following field in the registry be
> 
>  > filled in?
> 
>  > Req/Ans: [ ??? ]
> 
>  >
> 
>  > Abbrev: PRY
> 
>  > Reference: [ RFC-to-be ]
> 
>  >
> 
>  > IANA notes that the authors request the value "5" for the Value of this
> 
>  > Message Type.
> 
>  >
> 
>  > Second, in the AVP Codes registry in the the Protocol for Carrying
> 
>  > Authentication for Network Access (PANA) Parameters registry located
> 
>  > at:
> 
>  >
> 
>  > http://www.iana.org/assignments/pana-parameters/pana-parameters.xml
> 
>  >
> 
>  > two new AVP Codes will be added as follows:
> 
>  >
> 
>  > Code: [tbd2]
> 
>  > Attribute name: PaC-Information AVP
> 
>  > Reference: [ RFC-to-be ]
> 
>  >
> 
>  > Code: [tbd3]
> 
>  > Attribute name: Relayed-Message AVP
> 
>  > Reference: [ RFC-to-be ]
> 
>  >
> 
>  > IANA notes that the authors have requested codes "10" and "11" for
> 
>  > [tbd2] and [tbd3] respectively.
> 
>  >
> 
>  > IANA understands that these two actions are the only ones required upon
> 
>  > approval of this document.
> 
>  >
> 
>  > Note: The actions requested in this document will not be completed
> 
>  > until the document has been approved for publication as an RFC. This
> 
>  > message is only to confirm what actions will be performed.
> 
>  >
> 
>  > Thanks,
> 
>  >
> 
>  > Amanda Baber
> 
>  > IANA
> 
>  >
> 
>  > On Wed May 25 13:37:06 2011, noreply <at> ietf.org wrote:
> 
>  > >
> 
>  > > The IESG has received a request from an individual submitter to
> 
>  > consider
> 
>  > > the following document:
> 
>  > > - 'Protocol for Carrying Authentication for Network Access (PANA)
> 
>  > Relay
> 
>  > > Element'
> 
>  > > <draft-ohba-pana-relay-03.txt> as a Proposed Standard
> 
>  > >
> 
>  > > The IESG plans to make a decision in the next few weeks, and solicits
> 
>  > > final comments on this action. Please send substantive comments to
> 
>  > the
> 
>  > > ietf <at> ietf.org mailing lists by 2011-06-22. Exceptionally, comments
> 
>  > may be
> 
>  > > sent to iesg <at> ietf.org instead. In either case, please retain the
> 
>  > > beginning of the Subject line to allow automated sorting.
> 
>  > >
> 
>  > > Abstract
> 
>  > >
> 
>  > >
> 
>  > > This document specifies Protocol for carrying Authentication for
> 
>  > > Network Access (PANA) Relay Element functionality which enables PANA
> 
>  > > messaging between a PANA Client (PaC) and a PANA Authentication Agent
> 
>  > > (PAA) where the two nodes cannot reach each other by means of regular
> 
>  > > IP routing.
> 
>  > >
> 
>  > >
> 
>  > >
> 
>  > > The file can be obtained via
> 
>  > > http://datatracker.ietf.org/doc/draft-ohba-pana-relay/
> 
>  > >
> 
>  > > IESG discussion can be tracked via
> 
>  > > http://datatracker.ietf.org/doc/draft-ohba-pana-relay/
> 
>  > >
> 
>  > >
> 
>  > > No IPR declarations have been submitted directly on this I-D.
> 
>  > >
> 
>  > >
> 
>  >
> 
>  >
> 
>  >
> 
>  >
> 
>  > _______________________________________________
> 
>  > Pana mailing list
> 
>  > Pana <at> ietf.org
> 
>  > https://www.ietf.org/mailman/listinfo/pana
>

headers

Ralph Droms | 23 Jun 2011 17:09

Re: Fwd: [IANA #454490] Last Call: <draft-ohba-pana-relay-03.txt> (Protocol for Carrying Authentication for Network Access (PANA) Relay Element) to Proposed Standard

On Fri, Jun 10, 2011 at 3:58 AM, Alper Yegin <alper.yegin <at> yegin.org> wrote:

I didn't understand why IANA assignment cares about the Req/Ans bit. Is it really needed for IANA assignments?

The Req/Ans column is needed to differentiate some of the messages, e.g., PAR and PAN, which have different abbreviations but share the same message code.

If we need to use it, one option is to put “not applicable for PCI and PRY”.

Reading RFC 5191 and the registry, I suggest that the Message Types registry needs to be clarified a little, so that the column currently labeled Req/Ans is tied directly to the 'R' Message Flag in the Message Flags registry. Giving the exact value for the 'R' flag in that column seems more direct. Perhaps rename "Req/Ans" to "R Message Flag", with values in the column of '1', '0' or 'N/A' (the latter for PCI and PRE messages; although PCI is a little tricky as its ABNF is defined without "REQ" and I don't know if that ABNF implies the R Message Flag MUST be 0 or if it's a "don't care").

- Ralph

And if that’s not acceptable/practical, then I’d say marking both PCI and PRY with Req is OK. We could perceive them as requests that do not expect answers. They are one-way messages. This is more logical to me than to define an answer for which there is no outstanding request.

Alper

> -----Original Message-----

> From: pana-bounces <at> ietf.org [mailto:pana-bounces <at> ietf.org] On Behalf Of

> Yoshihiro Ohba

> Sent: Thursday, June 09, 2011 6:47 AM

> To: pana <at> ietf.org

> Subject: [Pana] Fwd: [IANA #454490] Last Call: <draft-ohba-pana-relay-

> 03.txt> (Protocol for Carrying Authentication for Network Access (PANA)

> Relay Element) to Proposed Standard

>

> We have received the following question from IANA.

>

> Since the 'R' (Request) bit is not set for PANA-Relay, I think it

> should be filled with "Ans" (not "Req").

>

> BTW, I've found that PCI, for which the 'R' (Request) bit is not set,

> is filled with "Req" in the IANA registry. I think this should have

> been filled with "Ans" as well.

>

> Any opinions?

>

> Yoshihiro Ohba

>

> -------- Original Message --------

> Subject: [IANA #454490] Last Call: <draft-ohba-pana-relay-03.txt>

> (Protocol for Carrying Authentication for Network Access (PANA) Relay

> Element) to Proposed Standard

> Date: Wed, 08 Jun 2011 20:37:04 +0000

> From: Amanda Baber via RT <drafts-lastcall <at> iana.org>

> Reply-To: drafts-lastcall <at> iana.org

> CC: paduffy <at> cisco.com, samitac2 <at> gmail.com,

> robert.cragie <at> gridmerge.com, yoshihiro.ohba <at> toshiba.co.jp,

> alper.yegin <at> yegin.org, iesg <at> ietf.org

>

> IESG:

>

> IANA has reviewed draft-ohba-pana-relay-03.txt and has the following

> comments:

>

> IANA has questions about the IANA Actions in this document.

>

> IANA understands that, upon approval of this document, there are two

> IANA Actions that must be completed.

>

> First, in the Message Types registry in the Protocol for Carrying

> Authentication for Network Access (PANA) Parameters registry located

> at:

>

> http://www.iana.org/assignments/pana-parameters/pana-parameters.xml

>

> a single, new message type will be added as follows:

>

> Value [ TBD ]

> Name: PANA-Relay

>

> IANA QUESTION --> How should the following field in the registry be

> filled in?

> Req/Ans: [ ??? ]

>

> Abbrev: PRY

> Reference: [ RFC-to-be ]

>

> IANA notes that the authors request the value "5" for the Value of this

> Message Type.

>

> Second, in the AVP Codes registry in the the Protocol for Carrying

> Authentication for Network Access (PANA) Parameters registry located

> at:

>

> http://www.iana.org/assignments/pana-parameters/pana-parameters.xml

>

> two new AVP Codes will be added as follows:

>

> Code: [tbd2]

> Attribute name: PaC-Information AVP

> Reference: [ RFC-to-be ]

>

> Code: [tbd3]

> Attribute name: Relayed-Message AVP

> Reference: [ RFC-to-be ]

>

> IANA notes that the authors have requested codes "10" and "11" for

> [tbd2] and [tbd3] respectively.

>

> IANA understands that these two actions are the only ones required upon

> approval of this document.

>

> Note: The actions requested in this document will not be completed

> until the document has been approved for publication as an RFC. This

> message is only to confirm what actions will be performed.

>

> Thanks,

>

> Amanda Baber

> IANA

>

> On Wed May 25 13:37:06 2011, noreply <at> ietf.org wrote:

> >

> > The IESG has received a request from an individual submitter to

> consider

> > the following document:

> > - 'Protocol for Carrying Authentication for Network Access (PANA)

> Relay

> > Element'

> > <draft-ohba-pana-relay-03.txt> as a Proposed Standard

> >

> > The IESG plans to make a decision in the next few weeks, and solicits

> > final comments on this action. Please send substantive comments to

> the

> > ietf <at> ietf.org mailing lists by 2011-06-22. Exceptionally, comments

> may be

> > sent to iesg <at> ietf.org instead. In either case, please retain the

> > beginning of the Subject line to allow automated sorting.

> >

> > Abstract

> >

> >

> > This document specifies Protocol for carrying Authentication for

> > Network Access (PANA) Relay Element functionality which enables PANA

> > messaging between a PANA Client (PaC) and a PANA Authentication Agent

> > (PAA) where the two nodes cannot reach each other by means of regular

> > IP routing.

> >

> >

> >

> > The file can be obtained via

> > http://datatracker.ietf.org/doc/draft-ohba-pana-relay/

> >

> > IESG discussion can be tracked via

> > http://datatracker.ietf.org/doc/draft-ohba-pana-relay/

> >

> >

> > No IPR declarations have been submitted directly on this I-D.

> >

> >

>

>

>

>

> _______________________________________________

> Pana mailing list

> Pana <at> ietf.org

> https://www.ietf.org/mailman/listinfo/pana

_______________________________________________
Pana mailing list
Pana <at> ietf.org
https://www.ietf.org/mailman/listinfo/pana

_______________________________________________
Pana mailing list
Pana <at> ietf.org
https://www.ietf.org/mailman/listinfo/pana

headers

Yoshihiro Ohba | 23 Jun 2011 17:20

Re: Fwd: [IANA #454490] Last Call: <draft-ohba-pana-relay-03.txt> (Protocol for Carrying Authentication for Network Access (PANA) Relay Element) to Proposed Standard

I agree with Ralph's suggestion to rename "Req/Ans" to "R Message
Flag".   In that case, the value in the column shall be either '1' or
'0' (and no 'N/A').

Regards,
Yoshihiro Ohba

(2011/06/24 0:09), Ralph Droms wrote:
> 
> 
> On Fri, Jun 10, 2011 at 3:58 AM, Alper Yegin <alper.yegin <at> yegin.org 
> <mailto:alper.yegin <at> yegin.org>> wrote:
> 
>     __ __
> 
>     __ __
> 
>     I didn't understand why IANA assignment cares about the Req/Ans
>     bit. Is it really needed for IANA assignments?
> 
> 
> The Req/Ans column is needed to differentiate some of the messages, 
> e.g., PAR and PAN, which have different abbreviations but share the 
> same message code.
> 
>     ____
> 
>     __ __
> 
>     If we need to use it, one option is to put “not applicable for PCI
>     and PRY”.
> 
> 
> Reading RFC 5191 and the registry, I suggest that the Message Types 
> registry needs to be clarified a little, so that the column currently 
> labeled Req/Ans is tied directly to the 'R' Message Flag in the 
> Message Flags registry.  Giving the exact value for the 'R' flag in 
> that column seems more direct.  Perhaps rename "Req/Ans" to "R Message 
> Flag", with values in the column of '1', '0' or 'N/A' (the latter for 
> PCI and PRE messages; although PCI is a little tricky as its ABNF is 
> defined without "REQ" and I don't know if that ABNF implies the R 
> Message Flag MUST be 0 or if it's a "don't care").
> 
> - Ralph
> 
> 
> 
>     ____
> 
>     __ __
> 
>     And if that’s not acceptable/practical, then I’d say marking both
>     PCI and PRY with Req is OK. We could perceive them as requests
>     that do not expect answers. They are one-way messages. This is
>     more logical to me than to define an answer for which there is no
>     outstanding request.____
> 
>     __ __
> 
>     Alper____
> 
>     __ __
> 
>     __ __
> 
>     __ __
> 
>     __ __
> 
>     __ __
> 
>     __ __
> 
>     __ __
> 
>     __ __
> 
>     __ __
> 
>     __ __
> 
>      > -----Original Message-----
> 
>      > From: pana-bounces <at> ietf.org <mailto:pana-bounces <at> ietf.org>
>     [mailto:pana-bounces <at> ietf.org <mailto:pana-bounces <at> ietf.org>] On
>     Behalf Of
> 
>      > Yoshihiro Ohba
> 
>      > Sent: Thursday, June 09, 2011 6:47 AM
> 
>      > To: pana <at> ietf.org <mailto:pana <at> ietf.org>
> 
>      > Subject: [Pana] Fwd: [IANA #454490] Last Call:
>     <draft-ohba-pana-relay-
> 
>      > 03.txt> (Protocol for Carrying Authentication for Network
>     Access (PANA)
> 
>      > Relay Element) to Proposed Standard
> 
>      >
> 
>      > We have received the following question from IANA.
> 
>      >
> 
>      > Since the 'R' (Request) bit is not set for PANA-Relay, I think it
> 
>      > should be filled with "Ans" (not "Req").
> 
>      >
> 
>      > BTW, I've found that PCI, for which the 'R' (Request) bit is
>     not set,
> 
>      > is filled with "Req" in the IANA registry.  I think this should
>     have
> 
>      > been filled with "Ans" as well.
> 
>      >
> 
>      > Any opinions?
> 
>      >
> 
>      > Yoshihiro Ohba
> 
>      >
> 
>      > -------- Original Message --------
> 
>      > Subject: [IANA #454490] Last Call: <draft-ohba-pana-relay-03.txt>
> 
>      > (Protocol for Carrying Authentication for Network Access (PANA)
>     Relay
> 
>      > Element) to Proposed Standard
> 
>      > Date: Wed, 08 Jun 2011 20:37:04 +0000
> 
>      > From: Amanda Baber via RT <drafts-lastcall <at> iana.org
>     <mailto:drafts-lastcall <at> iana.org>>
> 
>      > Reply-To: drafts-lastcall <at> iana.org
>     <mailto:drafts-lastcall <at> iana.org>
> 
>      > CC: paduffy <at> cisco.com <mailto:paduffy <at> cisco.com>,
>     samitac2 <at> gmail.com <mailto:samitac2 <at> gmail.com>,
> 
>      > robert.cragie <at> gridmerge.com
>     <mailto:robert.cragie <at> gridmerge.com>, yoshihiro.ohba <at> toshiba.co.jp
>     <mailto:yoshihiro.ohba <at> toshiba.co.jp>,
> 
>      > alper.yegin <at> yegin.org <mailto:alper.yegin <at> yegin.org>,
>     iesg <at> ietf.org <mailto:iesg <at> ietf.org>
> 
>      >
> 
>      > IESG:
> 
>      >
> 
>      > IANA has reviewed draft-ohba-pana-relay-03.txt and has the
>     following
> 
>      > comments:
> 
>      >
> 
>      > IANA has questions about the IANA Actions in this document.
> 
>      >
> 
>      > IANA understands that, upon approval of this document, there
>     are two
> 
>      > IANA Actions that must be completed.
> 
>      >
> 
>      > First, in the Message Types registry in the Protocol for Carrying
> 
>      > Authentication for Network Access (PANA) Parameters registry
>     located
> 
>      > at:
> 
>      >
> 
>      > http://www.iana.org/assignments/pana-parameters/pana-parameters.xml
> 
>      >
> 
>      > a single, new message type will be added as follows:
> 
>      >
> 
>      > Value [ TBD ]
> 
>      > Name: PANA-Relay
> 
>      >
> 
>      > IANA QUESTION --> How should the following field in the registry be
> 
>      > filled in?
> 
>      > Req/Ans: [ ??? ]
> 
>      >
> 
>      > Abbrev: PRY
> 
>      > Reference: [ RFC-to-be ]
> 
>      >
> 
>      > IANA notes that the authors request the value "5" for the Value
>     of this
> 
>      > Message Type.
> 
>      >
> 
>      > Second, in the AVP Codes registry in the the Protocol for Carrying
> 
>      > Authentication for Network Access (PANA) Parameters registry
>     located
> 
>      > at:
> 
>      >
> 
>      > http://www.iana.org/assignments/pana-parameters/pana-parameters.xml
> 
>      >
> 
>      > two new AVP Codes will be added as follows:
> 
>      >
> 
>      > Code: [tbd2]
> 
>      > Attribute name: PaC-Information AVP
> 
>      > Reference: [ RFC-to-be ]
> 
>      >
> 
>      > Code: [tbd3]
> 
>      > Attribute name: Relayed-Message AVP
> 
>      > Reference: [ RFC-to-be ]
> 
>      >
> 
>      > IANA notes that the authors have requested codes "10" and "11" for
> 
>      > [tbd2] and [tbd3] respectively.
> 
>      >
> 
>      > IANA understands that these two actions are the only ones
>     required upon
> 
>      > approval of this document.
> 
>      >
> 
>      > Note:  The actions requested in this document will not be completed
> 
>      > until the document has been approved for publication as an RFC.
>     This
> 
>      > message is only to confirm what actions will be performed.
> 
>      >
> 
>      > Thanks,
> 
>      >
> 
>      > Amanda Baber
> 
>      > IANA
> 
>      >
> 
>      > On Wed May 25 13:37:06 2011, noreply <at> ietf.org
>     <mailto:noreply <at> ietf.org> wrote:
> 
>      > >
> 
>      > > The IESG has received a request from an individual submitter to
> 
>      > consider
> 
>      > > the following document:
> 
>      > > - 'Protocol for Carrying Authentication for Network Access (PANA)
> 
>      > Relay
> 
>      > >    Element'
> 
>      > > <draft-ohba-pana-relay-03.txt> as a Proposed Standard
> 
>      > >
> 
>      > > The IESG plans to make a decision in the next few weeks, and
>     solicits
> 
>      > > final comments on this action. Please send substantive
>     comments to
> 
>      > the
> 
>      > > ietf <at> ietf.org <mailto:ietf <at> ietf.org> mailing lists by
>     2011-06-22. Exceptionally, comments
> 
>      > may be
> 
>      > > sent to iesg <at> ietf.org <mailto:iesg <at> ietf.org> instead. In
>     either case, please retain the
> 
>      > > beginning of the Subject line to allow automated sorting.
> 
>      > >
> 
>      > > Abstract
> 
>      > >
> 
>      > >
> 
>      > > This document specifies Protocol for carrying Authentication for
> 
>      > > Network Access (PANA) Relay Element functionality which
>     enables PANA
> 
>      > > messaging between a PANA Client (PaC) and a PANA
>     Authentication Agent
> 
>      > > (PAA) where the two nodes cannot reach each other by means of
>     regular
> 
>      > > IP routing.
> 
>      > >
> 
>      > >
> 
>      > >
> 
>      > > The file can be obtained via
> 
>      > > http://datatracker.ietf.org/doc/draft-ohba-pana-relay/
> 
>      > >
> 
>      > > IESG discussion can be tracked via
> 
>      > > http://datatracker.ietf.org/doc/draft-ohba-pana-relay/
> 
>      > >
> 
>      > >
> 
>      > > No IPR declarations have been submitted directly on this I-D.
> 
>      > >
> 
>      > >
> 
>      >
> 
>      >
> 
>      >
> 
>      >
> 
>      > _______________________________________________
> 
>      > Pana mailing list
> 
>      > Pana <at> ietf.org <mailto:Pana <at> ietf.org>
> 
>      > https://www.ietf.org/mailman/listinfo/pana
> 
> 
>     _______________________________________________
>     Pana mailing list
>     Pana <at> ietf.org <mailto:Pana <at> ietf.org>
>     https://www.ietf.org/mailman/listinfo/pana
> 
>

headers

Jari Arkko | 23 Jun 2011 19:40

IESG discussions on draft-ohba-pana-relay

We discussed this draft today. The remaining Discuss was about how 
mandatory we should make IPsec. You had discussed about a SHOULD with 
Stephen. I suggested that while interoperability is useful and 
mandatory-to-implement mechanisms are good for it, we also have to talk 
about how much value we bring with a security mechanism. In this case 
there are some issues like MITMs able to block PANA packets. However, 
some of these vulnerabilities are not helped by relay - PAA security, as 
the relay can still do bad things, and because ARP/ND vulnerabilities 
between the client and relay in any case make it possible to become a 
MITM. Stephen had some suggested text that I agree with:

"PRE/PAA security is OPTIONAL since PANA messages are designed to be 
used in untrusted networks, but if cryptographic mechanism is supported, 
it SHOULD be IPsec."

Jari

headers

Yoshihiro Ohba | 24 Jun 2011 00:44

Re: IESG discussions on draft-ohba-pana-relay

+1.

Yoshihiro Ohba

(2011/06/24 3:11), Robert Cragie wrote:
> I have no objection to either the text below or what was agreed with 
> Stephen earlier. On balance, I think the text below is preferable.
> 
> Robert
> 
> On 23/06/2011 6:47 PM, Samita Chakrabarti wrote:
>> As a co-author of the document, I am fine with the suggested text 
>> below.
>>
>> -Samita
>>
>> -----Original Message-----
>> From: Jari Arkko [mailto:jari.arkko <at> piuha.net]
>> Sent: Thursday, June 23, 2011 10:41 AM
>> To: Yoshihiro Ohba; pana <at> ietf.org
>> Cc: Stephen Farrell; draft-ohba-pana-relay <at> tools.ietf.org
>> Subject: IESG discussions on draft-ohba-pana-relay
>>
>> We discussed this draft today. The remaining Discuss was about how 
>> mandatory we should make IPsec. You had discussed about a SHOULD 
>> with Stephen. I suggested that while interoperability is useful and 
>> mandatory-to-implement mechanisms are good for it, we also have to 
>> talk about how much value we bring with a security mechanism. In 
>> this case there are some issues like MITMs able to block PANA 
>> packets. However, some of these vulnerabilities are not helped by 
>> relay - PAA security, as the relay can still do bad things, and 
>> because ARP/ND vulnerabilities between the client and relay in any 
>> case make it possible to become a MITM. Stephen had some suggested 
>> text that I agree with:
>>
>> "PRE/PAA security is OPTIONAL since PANA messages are designed to be 
>> used in untrusted networks, but if cryptographic mechanism is 
>> supported, it SHOULD be IPsec."
>>
>> Jari
>>
>>
>

headers

Yoshihiro Ohba | 24 Jun 2011 02:12

Re: Fwd: [IANA #454490] Last Call: <draft-ohba-pana-relay-03.txt> (Protocol for Carrying Authentication for Network Access (PANA) Relay Element) to Proposed Standard

This table looks good to me.

Thanks,
Yoshihiro Ohba

(2011/06/24 3:13), Robert Cragie wrote:
> Too hasty with the cut and paste (too many PTR/PTA). Revised table:
> 
> Value        | R flag | Abbrev | Name                      | Reference |
> ------------------------------------------------------------------------
>   0           |        |        | Reserved                  | [RFC5191] |
>   1           | 0      | PCI    | PANA-Client-Initiation    | [RFC5191] |
>   2           | 1      | PAR    | PANA-Auth-Request         | [RFC5191] |
>   2           | 0      | PAN    | PANA-Auth-Answer          | [RFC5191] |
>   3           | 1      | PTR    | PANA-Termination-Request  | [RFC5191] |
>   3           | 0      | PTA    | PANA-Termination-Answer   | [RFC5191] |
>   4           | 1      | PNR    | PANA-Notification-Request | [RFC5191] |
>   4           | 0      | PNA    | PANA-Notification-Answer  | [RFC5191] |
>   5           | 0      | PRY    | PANA-Relay                | [RFCxxxx] |
>   6-65519     |        |        | Unassigned                | [RFC5191] |
>   65520-65535 |        |        | Reserved (Experimental)   | [RFC5191] |
> 
> On 23/06/2011 6:59 PM, Robert Cragie wrote:
>> As a follow up: as I read it in RFC 5191, the ABNF for PCI 
>> explicitly sets the R flag to 0. In some respects, given the 
>> definition of the R flag, this implies PCI is an answer, which is 
>> not really true. I don't know how important that is; it is used 
>> primarily for subclassifying a Message Type.
>>
>> On that basis, I think the table needs to look something like:
>>
>> Value        | R flag | Abbrev | Name                      | Reference |
>> ------------------------------------------------------------------------
>>  0           |        |        | Reserved                  | [RFC5191] |
>>  1           | 0      | PCI    | PANA-Client-Initiation    | [RFC5191] |
>>  2           | 1      | PAR    | PANA-Auth-Request         | [RFC5191] |
>>  2           | 0      | PAN    | PANA-Auth-Answer          | [RFC5191] |
>>  3           | 1      | PTR    | PANA-Termination-Request  | [RFC5191] |
>>  3           | 0      | PTA    | PANA-Termination-Answer   | [RFC5191] |
>>  4           | 1      | PTR    | PANA-Notification-Request | [RFC5191] |
>>  4           | 0      | PTA    | PANA-Notification-Answer  | [RFC5191] |
>>  5           | 0      | PRY    | PANA-Relay                | [RFCxxxx] |
>>  6-65519     |        |        | Unassigned                | [RFC5191] |
>>  65520-65535 |        |        | Reserved (Experimental)   | [RFC5191] |
>>
>>
>> Robert
>>
>> On 23/06/2011 6:26 PM, Robert Cragie wrote:
>>> Ralph,
>>>
>>> I like your suggestion for the Message Types registry. I guess 
>>> there is an assumption if the field is not declared in the ABNF it 
>>> becomes the same as reserved and thus follows the "set to zero and 
>>> ignored on receipt" rule. Does this need to be explicitly stated 
>>> anywhere?
>>>
>>> Robert
>>>
>>

2	January 2013
1	November 2012
1	May 2012
2	April 2012
2	March 2012
10	February 2012
4	December 2011
6	October 2011
3	September 2011
16	June 2011
9	May 2011
4	February 2011
4	January 2011
10	December 2010
23	November 2010
2	August 2010
8	March 2010
4	February 2010
4	January 2010
7	December 2009
8	November 2009
11	October 2009
1	August 2009
4	July 2009
30	June 2009
27	April 2009
5	March 2009
10	February 2009
38	January 2009
7	December 2008
4	November 2008
7	October 2008
2	September 2008
1	August 2008
1	July 2008
3	May 2008
2	April 2008
8	March 2008
7	February 2008
3	January 2008
40	December 2007
8	November 2007
4	October 2007
12	September 2007
6	August 2007
16	July 2007
36	June 2007
12	May 2007
72	April 2007
51	March 2007
29	February 2007
22	December 2006
17	November 2006
148	October 2006
34	September 2006
19	August 2006
8	July 2006
44	June 2006

Mon	Tue	Wed	Thu	Fri	Sat	Sun

		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30