PANA vs. RADIUS/Diameter (RE: The Emperor Has No Clothes: Is PANA actually useful?)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

> Ever since PANA was first proposed, I did not understand why the IETF
> accepted it as a work item, because it seemed to me that it was
> duplicating existing capabilities (e.g., RADIUS, Diameter, etc.) and
> thereby needlessly increasing complexity system-wide.

Sigh.... This is why some people think it creates complexity?

PANA has nothing to do with duplicating RADIUS and Diameter. The relation
between PANA and RADIUS/Diameter is clearly documented across multiple
documents of this WG. For example, the framework document said:

      The PAA consults an authentication server in order to verify the
      credentials and rights of a PaC.  If the authentication server
      resides on the same node as the PAA, an API is sufficient for this
      interaction.  When they are separated (a much more common case in
      public access networks), a protocol needs to run between the two.
      AAA protocols like RADIUS [RFC2865] and Diameter [RFC3588] are
      commonly used for this purpose.

We even illustrated this in the same document:


                                                 RADIUS/
                                                 Diameter/
           +-----+       PANA        +-----+     LDAP/ API    +-----+
           | PaC |<----------------->| PAA |<---------------->| AS  |
           +-----+                   +-----+                  +-----+
              ^                         ^
              |                         |
              |         +-----+         |
         IKE/ +-------->| EP  |<--------+ SNMP/ API
      4-way handshake   +-----+



And we even put this in an FAQ! http://www.panasec.org/docs/PANA-FAQ.txt for
those that don't want to read the documents.

What else should we do? Record a reading of the documents and mail it to
everyone?

These are impossible to miss when someone reads the documents.

As in this, and several other examples in the latest threads, the answers
are there -- when people are looking for answers.

Alper









> 
> By this discussion, I surmise that you have greater insights than I.
> Hence this question to you:
> 
> "What 'bad thing' would happen should PANA not go forward?"
> 
> I suspect that this question has been answered many times. But could you
> please answer it using simple concepts for the benefit of those of us
> who aren't thinking deeply on a sleepy Friday evening? I am particularly
> interested in whether you believe end users require PANA and, if so,
> why? Thanks!
> 
> _______________________________________________
> Ietf mailing list
> Ietf@xxxxxxxx
> https://www1.ietf.org/mailman/listinfo/ietf



_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]