Stephen, This topic raises its head every now and then when a Dime document arrives at IESG ;) Apart from that there has been very little serious public discussion about it recently, for some unknown reason to me. A detail worth pointing out is that the support for the End-to-End security framework (E2E-Sequence AVP and 'P'-bit in the AVP header) has been deprecated in RFC3588bis (now in IESG). So we are "free" to start from scratch. If there is enough serious energy and vision for pursuing end-to-end security, I do not see current proposed charter text prohibiting it: "- Maintaining and/or progressing, along the standards track, the Diameter Base protocol and Diameter Applications. This includes extensions to Diameter Base protocol that can be considered as enhanced features or bug fixes." I would argue the end-to-end security is an enhanced feature for Diameter base protocol that fixes a serious bug/flaw in security. On the other hand, if an explicit note is needed about this topic in the charter, I might hesitate to include such in this round. I would first like to see some concrete movement & work around this topic. - Jouni On Jan 11, 2012, at 7:31 PM, Stephen Farrell wrote: > > Hi, > > During the IESG internal review of this I asked whether > or not there was interest in trying to tackle end to > end security for AVPs. I do know there is at least some > interest in that but its not clear there's enough to > warrant including it in the re-charter so I said I'd > ask when the recharter went out for review... > > So - anyone interested in DIME solving that problem? > (And willing and able to help do the work of course.) > > As of now, Diameter really only has hop-by-hop security > which is ok in many cases but far from ideal (wearing > my security hat) in some. > > Thanks, > Stephen. > > On 01/11/2012 04:37 PM, IESG Secretary wrote: >> A modified charter has been submitted for the Diameter Maintenance and >> Extensions (dime) working group in the Operations and Management Area of >> the IETF. The IESG has not made any determination as yet. The modified >> charter is provided below for informational purposes only. Please send >> your comments to the IESG mailing list (iesg@xxxxxxxx) by Wednesday, >> January 18, 2012. >> >> Diameter Maintenance and Extensions (dime) >> ----------------------------------------- >> Current Status: Active >> >> Last Modified: 2012-01-10 >> >> Chairs: >> Lionel Morand<lionel.morand@xxxxxxxxxxxxxxxxxx> >> Jouni Korhonen<jouni.korhonen@xxxxxxx> >> >> Operations and Management Area Directors: >> Dan Romascanu<dromasca@xxxxxxxxx> >> Ronald Bonica<rbonica@xxxxxxxxxxx> >> >> Operations and Management Area Advisor: >> Dan Romascanu<dromasca@xxxxxxxxx> >> >> Mailing Lists: >> General Discussion: dime@xxxxxxxx >> To Subscribe: https://www.ietf.org/mailman/listinfo/dime >> Archive: >> http://www.ietf.org/mail-archive/web/dime/current/maillist.html >> >> Description of Working Group: >> >> The Diameter Maintenance and Extensions WG will focus on maintenance and >> extensions to the Diameter protocol required to enable its use for >> authentication, authorization, accounting, charging in network access, >> provisioning of configuration information within the network, and for >> new AAA session management uses within the extensibility rules of the >> Diameter base protocol. >> >> The DIME working group plans to address the following items: >> >> - Maintaining and/or progressing, along the standards track, the >> Diameter Base protocol and Diameter Applications. This includes >> extensions to Diameter Base protocol that can be considered as enhanced >> features or bug fixes. >> >> - Diameter application design guideline. This document will provide >> guidelines for design of Diameter extensions. It will detail when to >> consider reusing an existing application and when to develop a new >> application. >> >> - Protocol extensions for the management of Diameter entities. This work >> focuses on the standardization of Management Information Bases (MIBs) to >> configure Diameter entities (such as the Diameter Base protocol or >> Diameter Credit Control nodes). The usage of other management protocols >> for configuring Diameter entities may be future work within the group. >> >> - Protocol extensions for bulk and grouped AAA session management. The >> aim of this work is to study and standardize a solution for handling >> groups of AAA sessions within the Diameter base protocol context. The >> solution would define how to identify and handle grouped AAA sessions in >> commands and operations. >> >> Additionally, Diameter-based systems require interoperability in order >> to work. The working group, along with the AD, will need to evaluate any >> potential extensions and require verification that the proposed >> extension is needed, and is within the extensibility rules of Diameter >> and AAA scope. Coordination with other IETF working groups and other >> SDOs (e.g. 3GPP) will be used to ensure this. >> >> Goals and Milestones: >> >> Done - Submit the following two Diameter Mobility documents to the >> IESG for consideration as a Proposed Standards:* 'Diameter >> Mobile IPv6: Support for Home Agent to Diameter Server >> Interaction' * 'Diameter Mobile IPv6: Support for Network >> Access Server to Diameter Server Interaction' >> Done - Submit 'Diameter API' to the IESG for consideration as an >> Informational RFC >> Done - Submit 'Quality of Service Parameters for Usage with >> Diameter' to the IESG for consideration as a Proposed >> Standard. >> Done - Submit 'Diameter QoS Application' to the IESG for >> consideration as a Proposed Standard >> Done - Submit 'Diameter Support for EAP Re-authentication >> Protocol' as DIME working group item >> Done - Submit 'Diameter User-Name and Realm Based Request Routing >> Clarifications' as DIME working group item >> Done - Submit 'Diameter Proxy Mobile IPv6' as DIME working group >> item >> Done - Submit 'Quality of Service Attributes for Diameter' to the >> IESG for consideration as a Proposed Standard >> Done - Submit 'Diameter Proxy Mobile IPv6' to the IESG for >> consideration as a Proposed Standard >> Done - Submit 'Diameter User-Name and Realm Based Request Routing >> Clarifications' to the IESG for consideration as a Proposed >> Standard >> Done - Submit 'Diameter NAT Control Application' as DIME working >> group item >> Done - Submit 'Diameter Capabilities Update' as DIME working group >> item >> Done - Submit 'Diameter Credit Control Application MIB' to the >> IESG for consideration as an Informational RFC >> Done - Submit 'Diameter Base Protocol MIB' to the IESG for >> consideration as an Informational RFC >> Done - Submit 'Diameter Capabilities Update' to the IESG for >> consideration as a Proposed Standard >> Done - Submit 'Diameter Extended NAPTR' as DIME working group item >> Done - Submit 'Realm-Based Redirection In Diameter' as DIME >> working group item >> Done - Submit 'Diameter Support for Proxy Mobile IPv6 Localized >> Routing' as DIME working group item >> Done - Submit 'Diameter Attribute-Value Pairs for Cryptographic >> Key Transport' as DIME working group item >> Done - Submit 'Diameter Priority Attribute Value Pairs' as DIME >> working group item >> Done - Submit 'Diameter IKEv2 PSK' as DIME working group item >> Done - Submit Revision of 'Diameter Base Protocol' to the IESG for >> consideration as a Proposed Standard >> Done - Submit 'Diameter Attribute-Value Pairs for Cryptographic >> Key Transport' to the IESG for consideration as a Proposed >> Standard >> Done - Submit 'Diameter Priority Attribute Value Pairs' to the >> IESG for consideration as a Proposed Standard >> Done - Submit Revision of 'Diameter Network Access Server >> Application - RFC 4005bis' as DIME working group item >> Done - Submit 'Diameter NAT Control Application' to the IESG for >> consideration as a Proposed Standard >> Done - Submit 'Diameter IKEv2 PSK' to the IESG for consideration >> as a Proposed Standard >> Done - Submit 'Diameter Extended NAPTR' to the IESG for >> consideration as a Proposed Standard >> Done - Submit 'Diameter Support for Proxy Mobile IPv6 Localized >> Routing' to the IESG for consideration as a Proposed >> Mar 2012 - Submit 'Realm-Based Redirection In Diameter' to the IESG >> for consideration as a Proposed Standard >> Mar 2012 - Submit Revision of 'Diameter Network Access Server >> Application - RFC 4005bis' to the IESG for consideration as a >> Proposed Standard >> May 2012 - Submit 'Diameter Application Design Guidelines' to the IESG >> for consideration as a BCP document Standard >> Jul 2012 - Submit 'Diameter Support for EAP Re-authentication >> Protocol' to the IESG for consideration as a Proposed >> Standard >> Aug 2012 - Submit a document on 'Protocol extension for bulk and group >> signaling' as a working group item >> Aug 2013 - Submit a document on 'Protocol extension for bulk and group >> signaling' to the IESG for consideration as a Proposed >> Standard >> _______________________________________________ >> IETF-Announce mailing list >> IETF-Announce@xxxxxxxx >> https://www.ietf.org/mailman/listinfo/ietf-announce >> > _______________________________________________ > Ietf mailing list > Ietf@xxxxxxxx > https://www.ietf.org/mailman/listinfo/ietf _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf