Victor%20Fajardo,%20Yoshihiro%20Ohba%20and

1
PANA State Machine Issue Resolution(draft-ietf-pa
na-statemachine-01.txt)

• Victor Fajardo, Yoshihiro Ohba and
• Rafael Marin Lopez

2

• Issue 01
• EAP_Restart() not required as an initialization
  action in PaC statemachine since all exit actions
  from the OFFLINE state performs EAP_Restart()
• Resolution EAP_Restart() is removed in
  initialization action of PaC statemachine
• Issue 02
• Nonce, PPAC, PCAP and ISP information AVP are
  missing in PSR/PSA exchange in PAC statemachine
• Resolution No action. The AVPs are excluded for
  simplicity since it does not affect the state
  during the PSR/PSA exchange
• Issue 03
• During separate authentication, if the 1st EAP
  authentication succeeded and 2nd EAP
  authentication fails but PAA policy decides that
  access should be granted, the PAC statemachine
  closes the session

3

• Issue 03 (Continued)
• Resolution The EAP_FAILURE event in
  WAIT_EAP_RESULT state of the PaC statemachine has
  been modified from

EAP_FAILURE if (key_available())
CLOSED
PBA.insert_avp("MAC")
TxPBA() To EAP_FAILURE if
(key_available())
OPEN (SEPARATESet)
PBA.insert_avp("MAC") ppac_available()
if (CARRY_DEVICE_ID) (!PBR.exist_avp
PBA.insert_avp ("Protection-
("Device-Id") Capability")
PBA.insert_avp("PPAC") (PBR.exist_avp
TxPBA() ("Protection- Authorize()
Capability") SessionTimerStart()
pcap_supported()))
4

• Issue 04
• The PANA_PROTECTION_CAPABILITY_UNSUPPORTED error
  code is not supported in PaC and PAA
  statemachine. draft-ietf-pana-pana-10.txt
  specifies when this error code is sent.
• Resolution Added pcap_supported() procedure in
  PaC statemachines WAIT_EAP_RESULT state for
  every state transition leading to an OPEN state.
  Also added the following handlers when
  pcap_supported() procedure fails
• EAP_SUCCESS if (key_available())
  WAIT_PEA
• !ppac_available() PER.insert_avp("MAC")
• PER.RESULT_CODE
• PANA_PPAC_CAPABILITY_UNSUPP
  ORTED
• TxPER()
• RtxTimerStart()
• EAP_FAILURE if (key_available())
  WAIT_PEA
• (SEPARATESet) PER.insert_avp("MAC")
• (PBR.exist_avp PER.RESULT_CODE
• ("Protection- PANA_PROTECTION_
• Capability") CAPABILITY_UNSUPPORTED
  
• !pcap_supported()) TxPER()
• RtxTimerStart()

5

• Issue 05
• In STATEFUL_DISC state of PAA statemachine,
  re-transmission timer is not stopped in RxPSA
  event
• Resolution RtxTimerStop() is added in the exit
  action of RxPSA state transition in
  STATEFUL_DISC state of PAA FSM
• Issue 06
• In WAIT_EAP_MSG_IN_DISC, the state transition
  action should perform ISP selection.
• Resolution The EAP_RESPONSE events exit action
  now calls choose_isp() procedure. If the
  procedure succeeds then the appropriate
  PSA.insert_avp("ISP") procedure is also called
• Issue 07
• If EAP retransmission is not handled in
  WAIT_PAN_OR_PAR state of the PAA statemachine, a
  dead-lock situation can occur if the PaC moves to
  WAIT_PAA state because of an EAP_RESP_TIMEOUT
  event and the PaC has just sent a PAN without an
  EAP-Payload

6

• Issue 07 (Continued)
• Resolution An EAP_REQUEST entry in
  WAIT_PAN_OR_PAR in the PAA statemachine has been
  added as follows

EAP_REQUEST if (key_available())
WAIT_PAN_OR_PAR
PAR.insert_avp("MAC") if
(SEPARATESet)
PAR.S_flag1 if
(NAP_AUTHSet)
PAR.N_flag1
TxPAR()
RtxTimerStart()