RE: The Emperor Has No Clothes: Is PANA actually useful?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Sam,

I wish you had approached the PANA WG first to get clarification on your
concerns and questions. And I wish the responsible AD had said "go to PANA
WG" rather than "don't go there" when you consulted him.

Even after the PANA WG was chartered, we went through your suggested
exercise twice with our AD (Thomas Narten), and got the problem statement
approved in RFC 4058.  No conditions have changed since than, so I am not
sure why we need to go through this exercise again at this stage (the
protocol documents passed AD review and getting readied for IESG review). 

I am sure if you ask a broad question like who is confused about a given
protocol, you'd always have many positive answers -- for various reasons.
Not sure if this is helpful. Having basic knowledge about network access
authentication and EAP is a prerequisite for anyone to understand what PANA
really does.

And for the question of where it would be used... One answer is already in
the IETF NEA BoF. It calls for EAPoverL3 transport. And the other answer is
in the DSL networks. If you have access to DSL Forum documents, I recommend
you look at dsl2006.174.02. The document lists requirements for network
access authentication protocol. PANA is a documented candidate and in fact
it is the only one that satisfies all of the requirements. 

I hope these answer your concerns.

Alper






> -----Original Message-----
> From: Sam Hartman [mailto:hartmans-ietf@xxxxxxx]
> Sent: Wednesday, May 24, 2006 8:12 AM
> To: ietf@xxxxxxxx
> Cc: pana-chairs@xxxxxxxxxxxxxx
> Subject: The Emperor Has No Clothes: Is PANA actually useful?
> 
> 
> 
> Hi.  Speaking as an individual, I'd like to make an explicit call for
> members of the IETF community not involved in the PANA working group
> to review draft-ietf-pana-framework.  Please speak up if you have done
> such a review or attempted such a review and been unsuccessful.  Let
> us know what you think PANA is intended to be useful for and whether
> you think it is actually useful.
> 
> My strong hunch is that we've chartered work for some reason, and now
> that the working group is nearing the end of its charter, we still
> don't understand why we want this thing we've built and whether it's a
> good idea.  People aren't screaming not so much because they are happy
> with results but because no one actually understands PANA.
> 
> I understand that there's a strong presumption that once chartered,
> work is useful.  I'd like to challenge this presumption enough to get
> people to actually read the document.  If people not involved in the
> effort sit down, read the document and understand what it's all about,
> my concern is satisfied.  But if enough people try to read the
> document, try to understand and fail, we're not done yet.  We
> certainly cannot have consensus to publish something we've tried and
> failed to understand.
> 
> It's not just me.  I've been trying to find people outside of PANA who
> claim to understand the effort and what it's good for and why
> link-layer solutions are not better.  When the first discussion of
> PANA hit the IESG, I asked other IESG members why PANA was a good idea
> and what problem it solved.  "Don't go there," was the advice I got
> from the responsible AD.
> 
> At that time (a year and a half ago) there was no one on the IESG who
> claimed to understand PANA or to think it was a good idea.
> 
> I'm fairly sure that with the possible exception of Jari (who is a
> technical advisor to PANA), that's still true.
> 
> 
> The security community has been trying to understand PANA.  I've sent
> multiple security reviewers at the PANA document.s They always come
> back fundamentally confused about what PANA is trying to do or about
> whether it is a good idea.  They end up focusing on some detail or
> another and asking for some minor part of the system to be fixed.  But
> I don't get the impression from the reviews they understand the
> overall picture; explicit discussion of this also indicates that they
> are not confident in their understanding nor do they know whether it
> is a good idea.
> 
> We keep running back over the same ground, still confused and still
> trying to muddle through to no real effect.
> 
> 
> I've tried to understand it myself.  I tried to understand in the BOF.
> It was very clear to me leaving the original PANA BOF that something
> was very confused.  Every year or so since I've tried to go back and
> figure out what I missed.  Eventually though I've started wondering
> whether the problem wasn't me, but was an actual lack of clarity.
> 
> So, folks can you please help us all out.  Especially if the internet
> area is not your primary focus, especially if you've never heard of
> PANA before, take a look at the framework document and all their other
> documents.  Do you get it?  Is it a good idea?
> 
> Thanks for your time.
> 
> P.S.  Again, this is me speaking as an individual.  At this late
> stage, it would be entirely inappropriate for me to take actions as an
> AD claiming that we didn't understand a problem without a strong
> community consensus.
> 
> 




_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]