[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HOKEY] I-D Action:draft-ietf-hokey-emsk-hierarchy-05.txt

To: "Glen Zorn" <gzorn at arubanetworks.com>
Subject: Re: [HOKEY] I-D Action:draft-ietf-hokey-emsk-hierarchy-05.txt
From: "Dan Harkins" <dharkins at lounge.org>
Date: Thu, 24 Apr 2008 11:11:51 -0700 (PDT)
Cc: tim.polk at nist.gov, hokey at ietf.org, hokey-chairs at tools.ietf.org
Delivered-to: ietfarch-hokey-web-archive at core3.amsl.com
Delivered-to: hokey at core3.amsl.com
Importance: Normal
In-reply-to: <A3DA4C2546E1614D8ACC896746CDCF290124971F at aruba-mx1.arubanetworks.com>
List-archive: <http://www.ietf.org/pipermail/hokey>
List-help: <mailto:hokey-request@ietf.org?subject=help>
List-id: HOKEY WG Mailing List <hokey.ietf.org>
List-post: <mailto:hokey@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/hokey>, <mailto:hokey-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/hokey>, <mailto:hokey-request@ietf.org?subject=unsubscribe>
References: <20080423151502.9080728C0F8 at core3.amsl.com> <6ea5275667f126519a244fdb669d8ef9.squirrel at www.trepanning.net> <A3DA4C2546E1614D8ACC896746CDCF29012496AC at aruba-mx1.arubanetworks.com> <afde2c1a298d8246468ea33d6e57403b.squirrel at www.trepanning.net> <A3DA4C2546E1614D8ACC896746CDCF290124971F at aruba-mx1.arubanetworks.com>
Sender: hokey-bounces at ietf.org
User-agent: SquirrelMail/1.4.14 [SVN]

On Thu, April 24, 2008 9:38 am, Glen Zorn wrote:
> Dan Harkins <mailto:dharkins at lounge.org> scribbled on Thursday, April
> 24, 2008 11:07 PM:
>
> ...
>
>>  Where is the issue list anyway? One would naively assume
>> that it would be the "issues" link off
>> http://tools.ietf.org/wg/hokey/ but there is nothing there.
>
> A while back ietf.org's list of working group charter pages got messed
> up & we lost the link from the site.  It's at
> http://www.ltsnet.net:8080/hokey/

  Excellent. Thanks.

>>  I understand comments can be rejected. Does one just infers
>> that a comment has been rejected because all of a sudden the
>> draft's status changes? Not knowing where the issue list
>> resides one could also infer that an issue was "lost". I
>> raised an issue in WGLC and heard nothing about resolution of
>> it and then all of a sudden I notice the draft is in IETF LC.
>
> I could have sworn that Charles had told you that there was, in his
> opinion (which I share, BTW), long-standing WG consensus on the
> structure of the key hierarchy.  Am I mistaken?

  He told me that when he, in his word reluctantly, created the issue.
And since both of you have decreed there is consensus then I guess
that settles it.

  But it is still quite hard to believe. Quite a few people thought the
DSRK was so you didn't have to do a full EAP exchange back to your home
AAA server when you visited a new "domain". To quote, just as one example,
Madjid: "The D in DSRK was marketed to mean administrative domain. It was
claimed to handle the roaming scenarios." Then the DSRK sort of morphed.
It was agreed that we would always do a full EAP exchange back to the home
AAA server when you visited a new "domain". Is this claimed consensus
on the bait or on the switch?

  So we got a DSRK but with no clear definition of what it was for so
then there was a huge discussion about a "key management domain" was. Not
about the utility or need for a DSRK, just about what a "key management
domain" was. Is that the claimed consensus? On what a "key management
domain" is?

  What is a DSRK? It is a root key "that is restricted to use in a specific
key management domain." And what is a key management domain? "A key
management domain is specified by the scope of a given root key."
Wonderfully circular.

  And when one brings up the issue of getting rid of the DSRK there is
restatement of the key hierarchy, baseless appeals to the charter, and
the standing up and knocking down of straw men.

  Here's a snippet from an email from Alan DeKok on Feb 3rd:
<start of snippet>

Lakshminath Dondeti wrote:
> On 2/2/2008 6:22 PM, Dan Harkins wrote:
>>   It was my understanding that we had consensus around the idea that
>> each time a peer went to a new domain he would do a full authentication
>> back to the home AAA server.
>
> I had the opposite understanding.  After it was pointed out that the key
> hierarchy was not complex at all and the dispute was about 1 level vs. 2
> levels, the discussion died down.

  I agree with Dan.  I had commented on this issue, too, and I did not
see any counter-argument.  It has nothing to do with a key hierarchy, so
I'm not sure why you brought that up.

<end of snippet>

  Right. No counter-argument. In fact, no real discussion on what a DSRK
is for or why it's needed. But somehow we have consensus on it. Very
curious.

>> Was the issue rejected? Was it lost? Dunno. Am I supposed to
>> just wait for an announcement of publication from the RFC
>> editor to find out about #45? That doesn't sound right.
>
> As I mentioned in my last message, the person to talk to about this is
> the AD.
>
>>
>>  If the process is intentionally opaque then that would be
>> nice to know. Just tell me and I'll just go away and grumble to
>> myself.
>
> What would you consider to be a transparent outcome?

  Some way to find out the resolution of an issue. An issue is raised
during LC and the the document advances. What happened to the issue? Was
it just ignored?

  I don't count straw man arguments or mere restatement that the key
hierarchy exists as demonstration of consensus in the WG or that the
issue I raised on the DSRK was rejected. The thread just died mostly
because it became somewhat pointless to raise the issue and get told about
the key hierarchy again. And then the draft is in IETF LC! So from my
viewpoint the issue was not resolved.

  If the chairmen believe an issue was officially rejected then how about
mentioning that on the list prior to shepherding the document into IETF
LC? And, while it is not strictly necessary, a smidge of justification for
the belief that consensus exists might be nice to mention too.

  I guess I would like ignoring a comment and rejecting a comment to be
discernible to the WG.

  regards,

  Dan.

_______________________________________________
HOKEY mailing list
HOKEY at ietf.org
https://www.ietf.org/mailman/listinfo/hokey

Follow-Ups:
- Re: [HOKEY] I-D Action:draft-ietf-hokey-emsk-hierarchy-05.txt
  - From: Glen Zorn

References:
- [HOKEY] I-D Action:draft-ietf-hokey-emsk-hierarchy-05.txt
  - From: Internet-Drafts
- Re: [HOKEY] I-D Action:draft-ietf-hokey-emsk-hierarchy-05.txt
  - From: Dan Harkins
- Re: [HOKEY] I-D Action:draft-ietf-hokey-emsk-hierarchy-05.txt
  - From: Glen Zorn
- Re: [HOKEY] I-D Action:draft-ietf-hokey-emsk-hierarchy-05.txt
  - From: Dan Harkins
- Re: [HOKEY] I-D Action:draft-ietf-hokey-emsk-hierarchy-05.txt
  - From: Glen Zorn

Prev by Date: Re: [HOKEY] I-D Action:draft-ietf-hokey-emsk-hierarchy-05.txt
Next by Date: Re: [HOKEY] I-D Action:draft-ietf-hokey-emsk-hierarchy-05.txt
Previous by thread: Re: [HOKEY] I-D Action:draft-ietf-hokey-emsk-hierarchy-05.txt
Next by thread: Re: [HOKEY] I-D Action:draft-ietf-hokey-emsk-hierarchy-05.txt
Index(es):
- Date
- Thread