RE: The Emperor Has No Clothes: Is PANA actually useful?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello Sam,

Please find my inline specific replies.

> Hi.  Speaking as an individual, I'd like to make an explicit 
> call for members of the IETF community not involved in the 
> PANA working group to review draft-ietf-pana-framework.

Hmm, not involved in the PANA working group...
At least I am not actively contributing to the PANA group's I-Ds
even if I had several chances to join the working group discussion in
the form of offline or on-line, 
However, I can still say that I am not actively involved in the PANA
WG.
Therefore, I think I can share my view and thought on this thread.
  
> Please speak up if you have done such a review or attempted 
> such a review and been unsuccessful.  Let us know what you 
> think PANA is intended to be useful for and whether you think 
> it is actually useful.

I also understand the concern about PANA because in these days most
link layers provide their own link specific authentication facilities.
On that situation, the IP connectivity is not allowed before the link
specific authentication procedure is completed. 
So, I suppose that the arguments and criticisms about PANA are coming
from on this point .
However, I'd say that this fact can not throw out the advantage of
PANA which delivers the EAP over UDP, thus link independent
authentication procedure can happen.
Moreover, it can supplement the underlying network which is lack of
the authentication facility.
If one would like to try to stress about the other alternative,
oh,,,please do not go that way. 
PANA WG/IETF already have spent more than one year.
I think it is more productive to enhance our existing efforts rather
than throwing out this and taking the other direction from the bottom
line.
I hope I am misunderstanding the current situation and the implication
from my mind is incorrect.

> My strong hunch is that we've chartered work for some reason, 
> and now that the working group is nearing the end of its 
> charter, we still don't understand why we want this thing 
> we've built and whether it's a good idea.  People aren't 
> screaming not so much because they are happy with results but 
> because no one actually understands PANA.

At least, I am understanding what is PANA and what it aims for and
what it complements.

> 
> I understand that there's a strong presumption that once 
> chartered, work is useful.  I'd like to challenge this 
> presumption enough to get people to actually read the 
> document.  If people not involved in the effort sit down, 
> read the document and understand what it's all about, my 
> concern is satisfied.  But if enough people try to read the 
> document, try to understand and fail, we're not done yet.  We 
> certainly cannot have consensus to publish something we've 
> tried and failed to understand.

Same with my previous response.

> It's not just me.  I've been trying to find people outside of 
> PANA who claim to understand the effort and what it's good 
> for and why link-layer solutions are not better.  When the 
> first discussion of PANA hit the IESG, I asked other IESG 
> members why PANA was a good idea and what problem it solved.  
> "Don't go there," was the advice I got from the responsible AD.

How about joining the PANA WG's discussion and having a chance to
share the concern?
Though I am not a freak in the PANA WG, I think there are many folks
who can relieve the concern.

> At that time (a year and a half ago) there was no one on the 
> IESG who claimed to understand PANA or to think it was a good idea.
> 
> I'm fairly sure that with the possible exception of Jari (who 
> is a technical advisor to PANA), that's still true.
> 
> 
> The security community has been trying to understand PANA.  
> I've sent multiple security reviewers at the PANA document.s 
> They always come back fundamentally confused about what PANA 
> is trying to do or about whether it is a good idea.  They end 
> up focusing on some detail or another and asking for some 
> minor part of the system to be fixed.  But I don't get the 
> impression from the reviews they understand the overall 
> picture; explicit discussion of this also indicates that they 
> are not confident in their understanding nor do they know 
> whether it is a good idea.

IMHO, noted technical flaws from framework and protocol are different
with 
some peoples' observation that it is not fully understandable and it
is not a good idea.
It would be great if we can proceed the **technical discussions**
based on the texts
from PANA framework and protocol because it seems that we all have
reviewed those drafts.

Best Regards,
-Junghoon

> We keep running back over the same ground, still confused and 
> still trying to muddle through to no real effect.
> 
> 
> I've tried to understand it myself.  I tried to understand in the
BOF.
> It was very clear to me leaving the original PANA BOF that 
> something was very confused.  Every year or so since I've 
> tried to go back and figure out what I missed.  Eventually 
> though I've started wondering whether the problem wasn't me, 
> but was an actual lack of clarity.

> 
> So, folks can you please help us all out.  Especially if the 
> internet area is not your primary focus, especially if you've 
> never heard of PANA before, take a look at the framework 
> document and all their other documents.  Do you get it?  Is 
> it a good idea?
> 
> Thanks for your time.
> 
> P.S.  Again, this is me speaking as an individual.  At this 
> late stage, it would be entirely inappropriate for me to take 
> actions as an AD claiming that we didn't understand a problem 
> without a strong community consensus.
> 
> 
> 
> _______________________________________________
> Ietf mailing list
> Ietf@xxxxxxxx
> https://www1.ietf.org/mailman/listinfo/ietf


_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]