Protocol Action: 'Port Control Protocol (PCP) Authentication Mechanism' to Proposed Standard (draft-ietf-pcp-authentication-13.txt)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The IESG has approved the following document:
- 'Port Control Protocol (PCP) Authentication Mechanism'
  (draft-ietf-pcp-authentication-13.txt) as Proposed Standard

This document is the product of the Port Control Protocol Working Group.

The IESG contact persons are Brian Haberman and Terry Manderson.

A URL of this Internet Draft is:
https://datatracker.ietf.org/doc/draft-ietf-pcp-authentication/





Technical Summary:

   An IPv4 or IPv6 host can use the Port Control Protocol (PCP) to
   flexibly manage the IP address and port mapping information on
   Network Address Translators (NATs) or firewalls, to facilitate
   communication with remote hosts.  However, the un-controlled
   generation or deletion of IP address mappings on such network devices
   may cause security risks and should be avoided.  In some cases the
   client may need to prove that it is authorized to modify, create or
   delete PCP mappings.  This document describes an in-band
   authentication mechanism for PCP that can be used in those cases.
   The Extensible Authentication Protocol (EAP) is used to perform
   authentication between PCP devices.

Working Group Summary:

Was there anything in WG process that is worth noting? For example, was there 
controversy about particular points or were there decisions where the consensus
was particularly rough? 

   There is strong consensus to use an EAP-based mechanism for security.
   There was, however, significant controversy about whether to use PANA.
   A consensus call was done on the list, and (rough) consensus was called by
   by the chairs in close cooperation with the responsible AD, following the
   advice outlined in what is now RFC 7282.  The chairs reported the results
   at IETF 87, with slides at
   http://www.ietf.org/proceedings/87/slides/slides-87-pcp-11.pdf
   where rough consensus was declared for not using PANA.

Document Quality:

Are there existing implementations of the protocol? Have a significant number 
of vendors indicated their plan to implement the specification? Are there any 
reviewers that merit special mention as having done a thorough review, e.g., 
one that resulted in important changes or a conclusion that the document had 
no substantive issues?

    There is at least one implementation of this protocol, and eventually
    more are expected.  Many individuals have reviewed various versions
    of this document over a long period of time.

Personnel:

Who is the Document Shepherd? 

    Dave Thaler <dthaler@microsoft.com>

Who is the Responsible Area Director? 

    Brian Haberman <brian@innovationslab.net>




[Index of Archives]     [IETF]     [IETF Discussion]     [Linux Kernel]

  Powered by Linux