The IESG has approved the following document: - 'Port Control Protocol (PCP) Authentication Mechanism' (draft-ietf-pcp-authentication-13.txt) as Proposed Standard This document is the product of the Port Control Protocol Working Group. The IESG contact persons are Brian Haberman and Terry Manderson. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-pcp-authentication/ Technical Summary: An IPv4 or IPv6 host can use the Port Control Protocol (PCP) to flexibly manage the IP address and port mapping information on Network Address Translators (NATs) or firewalls, to facilitate communication with remote hosts. However, the un-controlled generation or deletion of IP address mappings on such network devices may cause security risks and should be avoided. In some cases the client may need to prove that it is authorized to modify, create or delete PCP mappings. This document describes an in-band authentication mechanism for PCP that can be used in those cases. The Extensible Authentication Protocol (EAP) is used to perform authentication between PCP devices. Working Group Summary: Was there anything in WG process that is worth noting? For example, was there controversy about particular points or were there decisions where the consensus was particularly rough? There is strong consensus to use an EAP-based mechanism for security. There was, however, significant controversy about whether to use PANA. A consensus call was done on the list, and (rough) consensus was called by by the chairs in close cooperation with the responsible AD, following the advice outlined in what is now RFC 7282. The chairs reported the results at IETF 87, with slides at http://www.ietf.org/proceedings/87/slides/slides-87-pcp-11.pdf where rough consensus was declared for not using PANA. Document Quality: Are there existing implementations of the protocol? Have a significant number of vendors indicated their plan to implement the specification? Are there any reviewers that merit special mention as having done a thorough review, e.g., one that resulted in important changes or a conclusion that the document had no substantive issues? There is at least one implementation of this protocol, and eventually more are expected. Many individuals have reviewed various versions of this document over a long period of time. Personnel: Who is the Document Shepherd? Dave Thaler <dthaler@microsoft.com> Who is the Responsible Area Director? Brian Haberman <brian@innovationslab.net>
