Regarding end-to-end security: I believe we should separate the procedure for establishing the keys from the actual protection. I could imagine a couple of different ways to establish the keys. Does that sound reasonable? On Jan 13, 2012, at 2:23 PM, Glen Zorn wrote: > On 1/13/2012 1:14 PM, Romascanu, Dan (Dan) wrote: > >> Thanks, Glen! Can we see (at least) a couple of more hands from people >> willing to participate in the editing of this document? > > Personally, I think that one editor is enough ;-). I think that we > could use some people providing technical expertise, though... > >> >> Dan >> >> >> >> -----Original Message----- >> From: Glen Zorn [mailto:glenzorn@xxxxxxxxx] >> Sent: Fri 1/13/2012 5:34 AM >> To: Romascanu, Dan (Dan) >> Cc: Stephen Farrell; jouni korhonen; jouni.korhonen@xxxxxxx; >> lionel.morand@xxxxxxxxxxxxxxxxxx; dime@xxxxxxxx; IETF-Discussion; >> iesg@xxxxxxxx >> Subject: Re: [Dime] WG Review: Recharter of Diameter Maintenance and >> Extensions (dime) >> >> On 1/12/2012 7:15 PM, Romascanu, Dan (Dan) wrote: >>> Hi, >>> >>> If a number of hands were raised now and the folks commanding them say >>> 'we are ready to work on this NOW' I would support including explicit >>> wording in the charter. >> >> Consider my hand raised. >> >> If this does not happen until the telechat next >>> week the current text is good enough to allow interested people to start >>> working on contributions that can be individual submissions. If these >>> submissions are consistent enough the WG can add the milestone later in >>> the charter and adopt the submissions as WG items. >>> >>> Dan >>> >>> >>> >>> >>> >>>> -----Original Message----- >>>> From: iesg-bounces@xxxxxxxx [mailto:iesg-bounces@xxxxxxxx] On Behalf >>> Of >>>> Stephen Farrell >>>> Sent: Thursday, January 12, 2012 2:13 PM >>>> To: jouni korhonen >>>> Cc: jouni.korhonen@xxxxxxx; lionel.morand@xxxxxxxxxxxxxxxxxx; >>>> dime@xxxxxxxx; IETF-Discussion; iesg@xxxxxxxx >>>> Subject: Re: WG Review: Recharter of Diameter Maintenance and >>>> Extensions (dime) >>>> >>>> >>>> Hi Jouni, >>>> >>>> Right, I'm trying to encourage this - I'm not trying >>>> to make it a gating function for the recharter. Its >>>> still worth doing though if we can find some victims >>>> with enough energy:-) >>>> >>>> I agree that the current charter text might not need >>>> to be modified, OTOH, if there were folks who wanted to >>>> do the work, a milestone might be good. I also agree >>>> that as of now, that addition is not warranted. >>>> >>>> Cheers, >>>> S >>>> >>>> On 01/12/2012 12:08 PM, jouni korhonen wrote: >>>>> >>>>> Stephen, >>>>> >>>>> This topic raises its head every now and then when a Dime >>>>> document arrives at IESG ;) Apart from that there has been >>>>> very little serious public discussion about it recently, >>>>> for some unknown reason to me. A detail worth pointing out >>>>> is that the support for the End-to-End security framework >>>>> (E2E-Sequence AVP and 'P'-bit in the AVP header) has been >>>>> deprecated in RFC3588bis (now in IESG). So we are "free" >>>>> to start from scratch. >>>>> >>>>> If there is enough serious energy and vision for pursuing >>>>> end-to-end security, I do not see current proposed charter >>>>> text prohibiting it: >>>>> >>>>> "- Maintaining and/or progressing, along the standards track, the >>>>> Diameter Base protocol and Diameter Applications. This includes >>>>> extensions to Diameter Base protocol that can be considered as >>>>> enhanced features or bug fixes." >>>>> >>>>> I would argue the end-to-end security is an enhanced feature for >>>>> Diameter base protocol that fixes a serious bug/flaw in security. >>>>> On the other hand, if an explicit note is needed about this topic >>>>> in the charter, I might hesitate to include such in this round. >>>>> I would first like to see some concrete movement& work around >>>>> this topic. >>>>> >>>>> - Jouni >>>>> >>>>> >>>>> >>>>> On Jan 11, 2012, at 7:31 PM, Stephen Farrell wrote: >>>>> >>>>>> >>>>>> Hi, >>>>>> >>>>>> During the IESG internal review of this I asked whether >>>>>> or not there was interest in trying to tackle end to >>>>>> end security for AVPs. I do know there is at least some >>>>>> interest in that but its not clear there's enough to >>>>>> warrant including it in the re-charter so I said I'd >>>>>> ask when the recharter went out for review... >>>>>> >>>>>> So - anyone interested in DIME solving that problem? >>>>>> (And willing and able to help do the work of course.) >>>>>> >>>>>> As of now, Diameter really only has hop-by-hop security >>>>>> which is ok in many cases but far from ideal (wearing >>>>>> my security hat) in some. >>>>>> >>>>>> Thanks, >>>>>> Stephen. >>>>>> >>>>>> On 01/11/2012 04:37 PM, IESG Secretary wrote: >>>>>>> A modified charter has been submitted for the Diameter Maintenance >>>> and >>>>>>> Extensions (dime) working group in the Operations and Management >>>> Area of >>>>>>> the IETF. The IESG has not made any determination as yet. The >>>> modified >>>>>>> charter is provided below for informational purposes only. Please >>>> send >>>>>>> your comments to the IESG mailing list (iesg@xxxxxxxx) by >>>> Wednesday, >>>>>>> January 18, 2012. >>>>>>> >>>>>>> Diameter Maintenance and Extensions (dime) >>>>>>> ----------------------------------------- >>>>>>> Current Status: Active >>>>>>> >>>>>>> Last Modified: 2012-01-10 >>>>>>> >>>>>>> Chairs: >>>>>>> Lionel Morand<lionel.morand@xxxxxxxxxxxxxxxxxx> >>>>>>> Jouni Korhonen<jouni.korhonen@xxxxxxx> >>>>>>> >>>>>>> Operations and Management Area Directors: >>>>>>> Dan Romascanu<dromasca@xxxxxxxxx> >>>>>>> Ronald Bonica<rbonica@xxxxxxxxxxx> >>>>>>> >>>>>>> Operations and Management Area Advisor: >>>>>>> Dan Romascanu<dromasca@xxxxxxxxx> >>>>>>> >>>>>>> Mailing Lists: >>>>>>> General Discussion: dime@xxxxxxxx >>>>>>> To Subscribe: >>> https://www.ietf.org/mailman/listinfo/dime >>>>>>> Archive: >>>>>>> http://www.ietf.org/mail-archive/web/dime/current/maillist.html >>>>>>> >>>>>>> Description of Working Group: >>>>>>> >>>>>>> The Diameter Maintenance and Extensions WG will focus on >>>> maintenance and >>>>>>> extensions to the Diameter protocol required to enable its use for >>>>>>> authentication, authorization, accounting, charging in network >>>> access, >>>>>>> provisioning of configuration information within the network, and >>>> for >>>>>>> new AAA session management uses within the extensibility rules of >>>> the >>>>>>> Diameter base protocol. >>>>>>> >>>>>>> The DIME working group plans to address the following items: >>>>>>> >>>>>>> - Maintaining and/or progressing, along the standards track, the >>>>>>> Diameter Base protocol and Diameter Applications. This includes >>>>>>> extensions to Diameter Base protocol that can be considered as >>>> enhanced >>>>>>> features or bug fixes. >>>>>>> >>>>>>> - Diameter application design guideline. This document will >>> provide >>>>>>> guidelines for design of Diameter extensions. It will detail when >>>> to >>>>>>> consider reusing an existing application and when to develop a new >>>>>>> application. >>>>>>> >>>>>>> - Protocol extensions for the management of Diameter entities. >>> This >>>> work >>>>>>> focuses on the standardization of Management Information Bases >>>> (MIBs) to >>>>>>> configure Diameter entities (such as the Diameter Base protocol or >>>>>>> Diameter Credit Control nodes). The usage of other management >>>> protocols >>>>>>> for configuring Diameter entities may be future work within the >>>> group. >>>>>>> >>>>>>> - Protocol extensions for bulk and grouped AAA session management. >>>> The >>>>>>> aim of this work is to study and standardize a solution for >>>> handling >>>>>>> groups of AAA sessions within the Diameter base protocol context. >>>> The >>>>>>> solution would define how to identify and handle grouped AAA >>>> sessions in >>>>>>> commands and operations. >>>>>>> >>>>>>> Additionally, Diameter-based systems require interoperability in >>>> order >>>>>>> to work. The working group, along with the AD, will need to >>>> evaluate any >>>>>>> potential extensions and require verification that the proposed >>>>>>> extension is needed, and is within the extensibility rules of >>>> Diameter >>>>>>> and AAA scope. Coordination with other IETF working groups and >>>> other >>>>>>> SDOs (e.g. 3GPP) will be used to ensure this. >>>>>>> >>>>>>> Goals and Milestones: >>>>>>> >>>>>>> Done - Submit the following two Diameter Mobility documents to >>>> the >>>>>>> IESG for consideration as a Proposed Standards:* >>>> 'Diameter >>>>>>> Mobile IPv6: Support for Home Agent to Diameter Server >>>>>>> Interaction' * 'Diameter Mobile IPv6: Support for >>>> Network >>>>>>> Access Server to Diameter Server Interaction' >>>>>>> Done - Submit 'Diameter API' to the IESG for consideration as >>>> an >>>>>>> Informational RFC >>>>>>> Done - Submit 'Quality of Service Parameters for Usage with >>>>>>> Diameter' to the IESG for consideration as a Proposed >>>>>>> Standard. >>>>>>> Done - Submit 'Diameter QoS Application' to the IESG for >>>>>>> consideration as a Proposed Standard >>>>>>> Done - Submit 'Diameter Support for EAP Re-authentication >>>>>>> Protocol' as DIME working group item >>>>>>> Done - Submit 'Diameter User-Name and Realm Based Request >>>> Routing >>>>>>> Clarifications' as DIME working group item >>>>>>> Done - Submit 'Diameter Proxy Mobile IPv6' as DIME working >>>> group >>>>>>> item >>>>>>> Done - Submit 'Quality of Service Attributes for Diameter' to >>>> the >>>>>>> IESG for consideration as a Proposed Standard >>>>>>> Done - Submit 'Diameter Proxy Mobile IPv6' to the IESG for >>>>>>> consideration as a Proposed Standard >>>>>>> Done - Submit 'Diameter User-Name and Realm Based Request >>>> Routing >>>>>>> Clarifications' to the IESG for consideration as a >>>> Proposed >>>>>>> Standard >>>>>>> Done - Submit 'Diameter NAT Control Application' as DIME >>>> working >>>>>>> group item >>>>>>> Done - Submit 'Diameter Capabilities Update' as DIME working >>>> group >>>>>>> item >>>>>>> Done - Submit 'Diameter Credit Control Application MIB' to the >>>>>>> IESG for consideration as an Informational RFC >>>>>>> Done - Submit 'Diameter Base Protocol MIB' to the IESG for >>>>>>> consideration as an Informational RFC >>>>>>> Done - Submit 'Diameter Capabilities Update' to the IESG for >>>>>>> consideration as a Proposed Standard >>>>>>> Done - Submit 'Diameter Extended NAPTR' as DIME working group >>>> item >>>>>>> Done - Submit 'Realm-Based Redirection In Diameter' as DIME >>>>>>> working group item >>>>>>> Done - Submit 'Diameter Support for Proxy Mobile IPv6 >>> Localized >>>>>>> Routing' as DIME working group item >>>>>>> Done - Submit 'Diameter Attribute-Value Pairs for >>> Cryptographic >>>>>>> Key Transport' as DIME working group item >>>>>>> Done - Submit 'Diameter Priority Attribute Value Pairs' as >>> DIME >>>>>>> working group item >>>>>>> Done - Submit 'Diameter IKEv2 PSK' as DIME working group item >>>>>>> Done - Submit Revision of 'Diameter Base Protocol' to the IESG >>>> for >>>>>>> consideration as a Proposed Standard >>>>>>> Done - Submit 'Diameter Attribute-Value Pairs for >>> Cryptographic >>>>>>> Key Transport' to the IESG for consideration as a >>>> Proposed >>>>>>> Standard >>>>>>> Done - Submit 'Diameter Priority Attribute Value Pairs' to the >>>>>>> IESG for consideration as a Proposed Standard >>>>>>> Done - Submit Revision of 'Diameter Network Access Server >>>>>>> Application - RFC 4005bis' as DIME working group item >>>>>>> Done - Submit 'Diameter NAT Control Application' to the IESG >>>> for >>>>>>> consideration as a Proposed Standard >>>>>>> Done - Submit 'Diameter IKEv2 PSK' to the IESG for >>>> consideration >>>>>>> as a Proposed Standard >>>>>>> Done - Submit 'Diameter Extended NAPTR' to the IESG for >>>>>>> consideration as a Proposed Standard >>>>>>> Done - Submit 'Diameter Support for Proxy Mobile IPv6 >>> Localized >>>>>>> Routing' to the IESG for consideration as a Proposed >>>>>>> Mar 2012 - Submit 'Realm-Based Redirection In Diameter' to the >>> IESG >>>>>>> for consideration as a Proposed Standard >>>>>>> Mar 2012 - Submit Revision of 'Diameter Network Access Server >>>>>>> Application - RFC 4005bis' to the IESG for >>>> consideration as a >>>>>>> Proposed Standard >>>>>>> May 2012 - Submit 'Diameter Application Design Guidelines' to the >>>> IESG >>>>>>> for consideration as a BCP document Standard >>>>>>> Jul 2012 - Submit 'Diameter Support for EAP Re-authentication >>>>>>> Protocol' to the IESG for consideration as a Proposed >>>>>>> Standard >>>>>>> Aug 2012 - Submit a document on 'Protocol extension for bulk and >>>> group >>>>>>> signaling' as a working group item >>>>>>> Aug 2013 - Submit a document on 'Protocol extension for bulk and >>>> group >>>>>>> signaling' to the IESG for consideration as a Proposed >>>>>>> Standard >>>>>>> _______________________________________________ >>>>>>> IETF-Announce mailing list >>>>>>> IETF-Announce@xxxxxxxx >>>>>>> https://www.ietf.org/mailman/listinfo/ietf-announce >>>>>>> >>>>>> _______________________________________________ >>>>>> Ietf mailing list >>>>>> Ietf@xxxxxxxx >>>>>> https://www.ietf.org/mailman/listinfo/ietf >>>>> >>> _______________________________________________ >>> DiME mailing list >>> DiME@xxxxxxxx >>> https://www.ietf.org/mailman/listinfo/dime >> >> > > _______________________________________________ > DiME mailing list > DiME@xxxxxxxx > https://www.ietf.org/mailman/listinfo/dime _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf