[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HOKEY] Comments on draft-ietf-hokey-preauth-ps-02

To: Glen Zorn <gzorn at arubanetworks.com>
Subject: Re: [HOKEY] Comments on draft-ietf-hokey-preauth-ps-02
From: Yoshihiro Ohba <yohba at tari.toshiba.com>
Date: Sun, 20 Apr 2008 01:17:06 -0400
Cc: hokey at ietf.org
Delivered-to: ietfarch-hokey-web-archive at core3.amsl.com
Delivered-to: hokey at core3.amsl.com
In-reply-to: <A3DA4C2546E1614D8ACC896746CDCF29011A2FBE at aruba-mx1.arubanetworks.com>
List-archive: <http://www.ietf.org/pipermail/hokey>
List-help: <mailto:hokey-request@ietf.org?subject=help>
List-id: HOKEY WG Mailing List <hokey.ietf.org>
List-post: <mailto:hokey@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/hokey>, <mailto:hokey-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/hokey>, <mailto:hokey-request@ietf.org?subject=unsubscribe>
References: <A3DA4C2546E1614D8ACC896746CDCF29011A2FBE at aruba-mx1.arubanetworks.com>
Sender: hokey-bounces at ietf.org
User-agent: Mutt/1.5.17+20080114 (2008-01-14)

Glen,

Thank you for the review.

On Thu, Apr 17, 2008 at 02:26:46AM -0700, Glen Zorn wrote:
> Editorial:
> Section 1 should be Section 8, just before "Acknowledgements"
> 
> Lots of grammatical errors.

Charles has the same editorial comments and we will address them 
in the next revision.

> 
> 
> Technical:
> A better exposition upon the trust relationships involved is required, I
> think.  For example, it's not clear to me how indirect pre-auth could
> work w/o a pre-existing trust relationship between the SA & CA.

Yes, some trust relationship will be required between serving network
and target network for indirect pre-authentication.  We will add text
on the trust relationships.

> 
> Just a couple of general questions about feasibility: Do we actually
> expect service providers to provision (let alone advertise) globally
> routable IP addresses in all their NASs?  Similarly, is it actually
> reasonable to expect all of one service provider's NASs to share trust
> relationships with all of another SP's NASs?
> 

For the first point, globally routable IP address may not be needed
for target authenticators in the case of indirect pre-authentication
and intra-domain direct pre-authentication.  We will revise Section
5.1 accordingly.

For the second point, I think that trust relationship among individual
authenticators may not be not needed.  Trust relationship among
neighboring domains may be sufficient.  A TA can perform reverse DNS
lookup to check if the SA has a domain name of a trusted domain.

Best Regards,
Yoshihiro Ohba

_______________________________________________
HOKEY mailing list
HOKEY at ietf.org
https://www.ietf.org/mailman/listinfo/hokey

References:
- [HOKEY] Comments on draft-ietf-hokey-preauth-ps-02
  - From: Glen Zorn

Prev by Date: Re: [HOKEY] WGLC: draft-ietf-hokey-preauth-ps-02
Next by Date: [HOKEY] I-D Action:draft-ietf-hokey-emsk-hierarchy-05.txt
Previous by thread: [HOKEY] Comments on draft-ietf-hokey-preauth-ps-02
Next by thread: [HOKEY] Protocol Action: 'EAP Extensions for EAP Re-authentication Protocol (ERP)' to Proposed Standard
Index(es):
- Date
- Thread