Not invent a new authentication protocol. Current thinkin - PowerPoint PPT Presentation

1 / 11
About This Presentation
Title:

Not invent a new authentication protocol. Current thinkin

Description:

Not invent a new authentication protocol. Current thinking: EAP is sufficient ... PANA WG will define requirements, not solutions. PANA WG, IETF 54, ... – PowerPoint PPT presentation

Number of Views:95
Avg rating:3.0/5.0
Slides: 12
Provided by: Tosh306
Category:

less

Transcript and Presenter's Notes

Title: Not invent a new authentication protocol. Current thinkin


1
PANA Requirements and Terminology
  • - IETF54 -

2
  • draft-ietf-pana-requirements-02.txt
  • Changes
  • Comments/questions

3
Authentication Protocol
  • Not invent a new authentication protocol
  • Current thinking EAP is sufficient
  • If extensions to EAP needed
  • PANA WG will define requirements, not solutions

4
EAP Issues
  • Device Identifier needs to be integrity protected
    in PANA request sent by PaC
  • EAP doesnt do that, but do we really need this?
  • If per-packet auth/encryption is not used,
    spoofing can happen anytime
  • If per-packet auth/encryption is used, checking
    DI is redundant

5
PAA and EP
  • PAA needs to communicate filters, etc. to EP
  • PAA and EP are co-located
  • Anything else is outside the scope of PANA

6
PAA Location
  • On the same IP link as PaC
  • Generally on the first-hop router
  • Discovery mechanism needed

7
IP Address Configuration
  • PaC can use PANA only after it has usable IP
    address (via DHCP, address autoconfig, etc..)
  • If PaC needs to reconfigure a new IP address
    after PANA, co-located PAA/router/dhcp_server
    will be helpful

8
Simplifying Assumptions
Internet
PAA/ EP/ First hop router (/DHCP)
PaC
PANA
9
Separation
First hop router (/DHCP)
EP
Internet
PaC
PANA
PAA
10
Heartbeat
  • Required for links that do not provide disconnect
    indication
  • Optional usage

11
Comments/Issues/Questions?
Write a Comment
User Comments (0)
About PowerShow.com