[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HOKEY] WGLC: draft-ietf-hokey-preauth-ps-02

To: Preetida.Vinayakray-Jani at nokia.com
Subject: Re: [HOKEY] WGLC: draft-ietf-hokey-preauth-ps-02
From: Ashutosh Dutta <adutta at research.telcordia.com>
Date: Sat, 29 Mar 2008 07:26:23 -0400
Cc: hokey at ietf.org
Delivered-to: ietfarch-hokey-web-archive at core3.amsl.com
Delivered-to: hokey at core3.amsl.com
In-reply-to: <83CD3A5F85DE7D43B6A5CC37CCBAEECE053CB6FF at esebe104.NOE.Nokia.com>
List-archive: <http://www.ietf.org/pipermail/hokey>
List-help: <mailto:hokey-request@ietf.org?subject=help>
List-id: HOKEY WG Mailing List <hokey.ietf.org>
List-post: <mailto:hokey@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/hokey>, <mailto:hokey-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/hokey>, <mailto:hokey-request@ietf.org?subject=unsubscribe>
References: <47E5A685.4010706 at cs.umd.edu> <83CD3A5F85DE7D43B6A5CC37CCBAEECE053CB6FF at esebe104.NOE.Nokia.com>
Sender: hokey-bounces at ietf.org
User-agent: Thunderbird 1.5.0.14 (Windows/20071210)

Hi Preeti,
           Thanks for your review and useful feedback. Please see my 
comments inline marked as AD. If you have any more comments please let 
us know.

Preetida.Vinayakray-Jani at nokia.com wrote:
> Hi:
> 
> Pl. find following in ref. to subjected draft.
> 
> Draft:
> Section 3: Problem Statement
> 
> => Understanding that this is problem statement draft, this section
> requires to deliver the subjected goal. Although problem statement
> discussion covers e.g. performance issues very specific to 802.11 only,
> inter-access handover, inter-authetnicator, intra-domain/subnet...etc. 
> 1. A consistent usage of single term like inter-domain or inter-subnet
> may provide more clear view of prob. statement

AD. Inter-domain (Inter-administrative domain) handover usually involves 
inter-subnet handover. We can probably make it clear in the draft.

> 2. Also text reelvant to perfomance issue like handover latency can be
> extended more in terms of subjected scope as provided details are more
> focused on intra-technology handover. i.e how handover latency in terms
> security context feasible in terms of inter-domain or inter-subnet?

AD. Reference MQ7 (e.g., Mobiquitous paper by Rafa et al.) discusses the 
details of authentication related latency involved during inter-domain 
handover.

> 3. Categorizing the problem statement with different scenario can
> provide direct mapping with usage sceanrios - section 4.
> 
> Draft:
> Section 4...4.1 ..4.2
> 
> => 1. It seems the 4.1 scenario simply involves the normal
> authentication procedure? In my view there is no pre-authetnication
> scenario here, isn't it? If there are some security context transferred
> by MN prior to its association with CA then it is of no use, as CA may
> not accept such security context without consulting Home AAA. Then in
> such case simple authentication procedure will be followed. Or am I
> missing something?

AD. Section 4.1 does involve pre-authentication, but it does not take 
the help of the serving authenticator (SA) and directly talks to the 
candidate authenticator (CA), since MN has the knowledge of CA. However 
the mobile does it before it hands over to the new network.

> 
> 2. In indirect pre-autnetication, it is asusmed that there will be
> pre-exisitng trust between SA and CA. To me this scenario is analogus to
> fast handover in MIP, with proxy-solicitation msg. However keeping MIP
> aside, even if MN receives IP level details of CA through SA, the
> performed pre-authentication can be partial as MN still needs to
> associate CA first before using IP level security. Any comments?   

AD. The draft does not make any assumption regarding pre-established  SA 
between SA and CA, as SA (Serving Authenticator) acts like a proxy and 
forwards the packets to CA (Candidate Authenticator). MN does not 
directly communicate with CA, but SA does communicate with CA in case of 
indirect pre-authentication. So the role of CA and SA are little 
different than PAR and NAR that you have mentioned for FMIPv6.

I do not understand quite well about the partial pre-authentication of 
MN. Could you please clarify it little more?

> Draft:
> Section 5... 5.1.....5.2
> 
> =>Authenticator discovery protocols will different from any secure DNA?
> If MN is directly involved with pre-authentication then it may be, if
> not then SA may act as proxy node for such discovery protcol? Any views?

AD. In case of direct authentication, candidate authenticator (CA) 
discovery can be done at a more granular level using discovery mechanism 
such as IEEE 802.21 IS (Information Service).

> In context binding, 2nd para - First apporach (1st four lines) are
> relevant to indirect binding isn't it? 

AD. It could be applied to both types of authentication.

> Thanks
> Preeti

Regards
Ashutosh
>  
> _______________________________________________
> HOKEY mailing list
> HOKEY at ietf.org
> https://www.ietf.org/mailman/listinfo/hokey
_______________________________________________
HOKEY mailing list
HOKEY at ietf.org
https://www.ietf.org/mailman/listinfo/hokey

Follow-Ups:
- Re: [HOKEY] WGLC: draft-ietf-hokey-preauth-ps-02
  - From: Preetida.Vinayakray-Jani

References:
- [HOKEY] WGLC: draft-ietf-hokey-preauth-ps-02
  - From: Charles Clancy
- Re: [HOKEY] WGLC: draft-ietf-hokey-preauth-ps-02
  - From: Preetida.Vinayakray-Jani

Prev by Date: [HOKEY] I-D Action:draft-ietf-hokey-erx-14.txt
Next by Date: Re: [HOKEY] EMSK Issue
Previous by thread: Re: [HOKEY] WGLC: draft-ietf-hokey-preauth-ps-02
Next by thread: Re: [HOKEY] WGLC: draft-ietf-hokey-preauth-ps-02
Index(es):
- Date
- Thread