Hi Jouni,
Right, I'm trying to encourage this - I'm not trying
to make it a gating function for the recharter. Its
still worth doing though if we can find some victims
with enough energy:-)
I agree that the current charter text might not need
to be modified, OTOH, if there were folks who wanted to
do the work, a milestone might be good. I also agree
that as of now, that addition is not warranted.
Cheers,
S
On 01/12/2012 12:08 PM, jouni korhonen wrote:
Stephen,
This topic raises its head every now and then when a Dime
document arrives at IESG ;) Apart from that there has been
very little serious public discussion about it recently,
for some unknown reason to me. A detail worth pointing out
is that the support for the End-to-End security framework
(E2E-Sequence AVP and 'P'-bit in the AVP header) has been
deprecated in RFC3588bis (now in IESG). So we are "free"
to start from scratch.
If there is enough serious energy and vision for pursuing
end-to-end security, I do not see current proposed charter
text prohibiting it:
"- Maintaining and/or progressing, along the standards track, the
Diameter Base protocol and Diameter Applications. This includes
extensions to Diameter Base protocol that can be considered as
enhanced features or bug fixes."
I would argue the end-to-end security is an enhanced feature for
Diameter base protocol that fixes a serious bug/flaw in security.
On the other hand, if an explicit note is needed about this topic
in the charter, I might hesitate to include such in this round.
I would first like to see some concrete movement& work around
this topic.
- Jouni
On Jan 11, 2012, at 7:31 PM, Stephen Farrell wrote:
Hi,
During the IESG internal review of this I asked whether
or not there was interest in trying to tackle end to
end security for AVPs. I do know there is at least some
interest in that but its not clear there's enough to
warrant including it in the re-charter so I said I'd
ask when the recharter went out for review...
So - anyone interested in DIME solving that problem?
(And willing and able to help do the work of course.)
As of now, Diameter really only has hop-by-hop security
which is ok in many cases but far from ideal (wearing
my security hat) in some.
Thanks,
Stephen.
On 01/11/2012 04:37 PM, IESG Secretary wrote:
A modified charter has been submitted for the Diameter Maintenance and
Extensions (dime) working group in the Operations and Management Area of
the IETF. The IESG has not made any determination as yet. The modified
charter is provided below for informational purposes only. Please send
your comments to the IESG mailing list (iesg@xxxxxxxx) by Wednesday,
January 18, 2012.
Diameter Maintenance and Extensions (dime)
-----------------------------------------
Current Status: Active
Last Modified: 2012-01-10
Chairs:
Lionel Morand<lionel.morand@xxxxxxxxxxxxxxxxxx>
Jouni Korhonen<jouni.korhonen@xxxxxxx>
Operations and Management Area Directors:
Dan Romascanu<dromasca@xxxxxxxxx>
Ronald Bonica<rbonica@xxxxxxxxxxx>
Operations and Management Area Advisor:
Dan Romascanu<dromasca@xxxxxxxxx>
Mailing Lists:
General Discussion: dime@xxxxxxxx
To Subscribe: https://www.ietf.org/mailman/listinfo/dime
Archive:
http://www.ietf.org/mail-archive/web/dime/current/maillist.html
Description of Working Group:
The Diameter Maintenance and Extensions WG will focus on maintenance and
extensions to the Diameter protocol required to enable its use for
authentication, authorization, accounting, charging in network access,
provisioning of configuration information within the network, and for
new AAA session management uses within the extensibility rules of the
Diameter base protocol.
The DIME working group plans to address the following items:
- Maintaining and/or progressing, along the standards track, the
Diameter Base protocol and Diameter Applications. This includes
extensions to Diameter Base protocol that can be considered as enhanced
features or bug fixes.
- Diameter application design guideline. This document will provide
guidelines for design of Diameter extensions. It will detail when to
consider reusing an existing application and when to develop a new
application.
- Protocol extensions for the management of Diameter entities. This work
focuses on the standardization of Management Information Bases (MIBs) to
configure Diameter entities (such as the Diameter Base protocol or
Diameter Credit Control nodes). The usage of other management protocols
for configuring Diameter entities may be future work within the group.
- Protocol extensions for bulk and grouped AAA session management. The
aim of this work is to study and standardize a solution for handling
groups of AAA sessions within the Diameter base protocol context. The
solution would define how to identify and handle grouped AAA sessions in
commands and operations.
Additionally, Diameter-based systems require interoperability in order
to work. The working group, along with the AD, will need to evaluate any
potential extensions and require verification that the proposed
extension is needed, and is within the extensibility rules of Diameter
and AAA scope. Coordination with other IETF working groups and other
SDOs (e.g. 3GPP) will be used to ensure this.
Goals and Milestones:
Done - Submit the following two Diameter Mobility documents to the
IESG for consideration as a Proposed Standards:* 'Diameter
Mobile IPv6: Support for Home Agent to Diameter Server
Interaction' * 'Diameter Mobile IPv6: Support for Network
Access Server to Diameter Server Interaction'
Done - Submit 'Diameter API' to the IESG for consideration as an
Informational RFC
Done - Submit 'Quality of Service Parameters for Usage with
Diameter' to the IESG for consideration as a Proposed
Standard.
Done - Submit 'Diameter QoS Application' to the IESG for
consideration as a Proposed Standard
Done - Submit 'Diameter Support for EAP Re-authentication
Protocol' as DIME working group item
Done - Submit 'Diameter User-Name and Realm Based Request Routing
Clarifications' as DIME working group item
Done - Submit 'Diameter Proxy Mobile IPv6' as DIME working group
item
Done - Submit 'Quality of Service Attributes for Diameter' to the
IESG for consideration as a Proposed Standard
Done - Submit 'Diameter Proxy Mobile IPv6' to the IESG for
consideration as a Proposed Standard
Done - Submit 'Diameter User-Name and Realm Based Request Routing
Clarifications' to the IESG for consideration as a Proposed
Standard
Done - Submit 'Diameter NAT Control Application' as DIME working
group item
Done - Submit 'Diameter Capabilities Update' as DIME working group
item
Done - Submit 'Diameter Credit Control Application MIB' to the
IESG for consideration as an Informational RFC
Done - Submit 'Diameter Base Protocol MIB' to the IESG for
consideration as an Informational RFC
Done - Submit 'Diameter Capabilities Update' to the IESG for
consideration as a Proposed Standard
Done - Submit 'Diameter Extended NAPTR' as DIME working group item
Done - Submit 'Realm-Based Redirection In Diameter' as DIME
working group item
Done - Submit 'Diameter Support for Proxy Mobile IPv6 Localized
Routing' as DIME working group item
Done - Submit 'Diameter Attribute-Value Pairs for Cryptographic
Key Transport' as DIME working group item
Done - Submit 'Diameter Priority Attribute Value Pairs' as DIME
working group item
Done - Submit 'Diameter IKEv2 PSK' as DIME working group item
Done - Submit Revision of 'Diameter Base Protocol' to the IESG for
consideration as a Proposed Standard
Done - Submit 'Diameter Attribute-Value Pairs for Cryptographic
Key Transport' to the IESG for consideration as a Proposed
Standard
Done - Submit 'Diameter Priority Attribute Value Pairs' to the
IESG for consideration as a Proposed Standard
Done - Submit Revision of 'Diameter Network Access Server
Application - RFC 4005bis' as DIME working group item
Done - Submit 'Diameter NAT Control Application' to the IESG for
consideration as a Proposed Standard
Done - Submit 'Diameter IKEv2 PSK' to the IESG for consideration
as a Proposed Standard
Done - Submit 'Diameter Extended NAPTR' to the IESG for
consideration as a Proposed Standard
Done - Submit 'Diameter Support for Proxy Mobile IPv6 Localized
Routing' to the IESG for consideration as a Proposed
Mar 2012 - Submit 'Realm-Based Redirection In Diameter' to the IESG
for consideration as a Proposed Standard
Mar 2012 - Submit Revision of 'Diameter Network Access Server
Application - RFC 4005bis' to the IESG for consideration as a
Proposed Standard
May 2012 - Submit 'Diameter Application Design Guidelines' to the IESG
for consideration as a BCP document Standard
Jul 2012 - Submit 'Diameter Support for EAP Re-authentication
Protocol' to the IESG for consideration as a Proposed
Standard
Aug 2012 - Submit a document on 'Protocol extension for bulk and group
signaling' as a working group item
Aug 2013 - Submit a document on 'Protocol extension for bulk and group
signaling' to the IESG for consideration as a Proposed
Standard
_______________________________________________
IETF-Announce mailing list
IETF-Announce@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf-announce
_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf
_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf