Re: WG Review: Recharter of Diameter Maintenance and Extensions (dime)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Stephen, Dan,

What if we just add a milestone to the charter to indicate that
end-to-end security is coming to our table? 

  Jul 2012 - Sumbit 'problem statement and requirements for Diameter
             end-to-end security framework' as Dime working group item.
  Dec 2012 - Submit 'problem statement and requirements for Diameter
             end-to-end security framework' to the IESG for consideration
             as an Informational RFC.

I would give some time folks to work this out.. and then when we actually
know what we and especially IETF external deployment folks want, we can
move to  solution part.. Seems like a relaxed milestone plan but I have
doubts it would progress any faster in real life even if milestones were
tighter ;)

- Jouni

On Jan 12, 2012, at 2:15 PM, Romascanu, Dan (Dan) wrote:

> Hi,
> 
> If a number of hands were raised now and the folks commanding them say
> 'we are ready to work on this NOW' I would support including explicit
> wording in the charter. If this does not happen until the telechat next
> week the current text is good enough to allow interested people to start
> working on contributions that can be individual submissions. If these
> submissions are consistent enough the WG can add the milestone later in
> the charter and adopt the submissions as WG items. 
> 
> Dan
> 
> 
> 
> 
> 
>> -----Original Message-----
>> From: iesg-bounces@xxxxxxxx [mailto:iesg-bounces@xxxxxxxx] On Behalf
> Of
>> Stephen Farrell
>> Sent: Thursday, January 12, 2012 2:13 PM
>> To: jouni korhonen
>> Cc: jouni.korhonen@xxxxxxx; lionel.morand@xxxxxxxxxxxxxxxxxx;
>> dime@xxxxxxxx; IETF-Discussion; iesg@xxxxxxxx
>> Subject: Re: WG Review: Recharter of Diameter Maintenance and
>> Extensions (dime)
>> 
>> 
>> Hi Jouni,
>> 
>> Right, I'm trying to encourage this - I'm not trying
>> to make it a gating function for the recharter. Its
>> still worth doing though if we can find some victims
>> with enough energy:-)
>> 
>> I agree that the current charter text might not need
>> to be modified, OTOH, if there were folks who wanted to
>> do the work, a milestone might be good. I also agree
>> that as of now, that addition is not warranted.
>> 
>> Cheers,
>> S
>> 
>> On 01/12/2012 12:08 PM, jouni korhonen wrote:
>>> 
>>> Stephen,
>>> 
>>> This topic raises its head every now and then when a Dime
>>> document arrives at IESG ;) Apart from that there has been
>>> very little serious public discussion about it recently,
>>> for some unknown reason to me. A detail worth pointing out
>>> is that the support for the End-to-End security framework
>>> (E2E-Sequence AVP and 'P'-bit in the AVP header) has been
>>> deprecated in RFC3588bis (now in IESG). So we are "free"
>>> to start from scratch.
>>> 
>>> If there is enough serious energy and vision for pursuing
>>> end-to-end security, I do not see current proposed charter
>>> text prohibiting it:
>>> 
>>> "- Maintaining and/or progressing, along the standards track, the
>>>    Diameter Base protocol and Diameter Applications. This includes
>>>    extensions to Diameter Base protocol that can be considered as
>>>    enhanced features or bug fixes."
>>> 
>>> I would argue the end-to-end security is an enhanced feature for
>>> Diameter base protocol that fixes a serious bug/flaw in security.
>>> On the other hand, if an explicit note is needed about this topic
>>> in the charter, I might hesitate to include such in this round.
>>> I would first like to see some concrete movement&  work around
>>> this topic.
>>> 
>>> - Jouni
>>> 
>>> 
>>> 
>>> On Jan 11, 2012, at 7:31 PM, Stephen Farrell wrote:
>>> 
>>>> 
>>>> Hi,
>>>> 
>>>> During the IESG internal review of this I asked whether
>>>> or not there was interest in trying to tackle end to
>>>> end security for AVPs. I do know there is at least some
>>>> interest in that but its not clear there's enough to
>>>> warrant including it in the re-charter so I said I'd
>>>> ask when the recharter went out for review...
>>>> 
>>>> So - anyone interested in DIME solving that problem?
>>>> (And willing and able to help do the work of course.)
>>>> 
>>>> As of now, Diameter really only has hop-by-hop security
>>>> which is ok in many cases but far from ideal (wearing
>>>> my security hat) in some.
>>>> 
>>>> Thanks,
>>>> Stephen.
>>>> 
>>>> On 01/11/2012 04:37 PM, IESG Secretary wrote:
>>>>> A modified charter has been submitted for the Diameter Maintenance
>> and
>>>>> Extensions (dime) working group in the Operations and Management
>> Area of
>>>>> the IETF.  The IESG has not made any determination as yet.  The
>> modified
>>>>> charter is provided below for informational purposes only.  Please
>> send
>>>>> your comments to the IESG mailing list (iesg@xxxxxxxx) by
>> Wednesday,
>>>>> January 18, 2012.
>>>>> 
>>>>> Diameter Maintenance and Extensions (dime)
>>>>> -----------------------------------------
>>>>> Current Status: Active
>>>>> 
>>>>> Last Modified: 2012-01-10
>>>>> 
>>>>> Chairs:
>>>>>     Lionel Morand<lionel.morand@xxxxxxxxxxxxxxxxxx>
>>>>>     Jouni Korhonen<jouni.korhonen@xxxxxxx>
>>>>> 
>>>>> Operations and Management Area Directors:
>>>>>     Dan Romascanu<dromasca@xxxxxxxxx>
>>>>>     Ronald Bonica<rbonica@xxxxxxxxxxx>
>>>>> 
>>>>> Operations and Management Area Advisor:
>>>>>     Dan Romascanu<dromasca@xxxxxxxxx>
>>>>> 
>>>>> Mailing Lists:
>>>>>     General Discussion: dime@xxxxxxxx
>>>>>     To Subscribe:
> https://www.ietf.org/mailman/listinfo/dime
>>>>>     Archive:
>>>>> http://www.ietf.org/mail-archive/web/dime/current/maillist.html
>>>>> 
>>>>> Description of Working Group:
>>>>> 
>>>>> The Diameter Maintenance and Extensions WG will focus on
>> maintenance and
>>>>> extensions to the Diameter protocol required to enable its use for
>>>>> authentication, authorization, accounting, charging in network
>> access,
>>>>> provisioning of configuration information within the network, and
>> for
>>>>> new AAA session management uses within the extensibility rules of
>> the
>>>>> Diameter base protocol.
>>>>> 
>>>>> The DIME working group plans to address the following items:
>>>>> 
>>>>> - Maintaining and/or progressing, along the standards track, the
>>>>> Diameter Base protocol and Diameter Applications. This includes
>>>>> extensions to Diameter Base protocol that can be considered as
>> enhanced
>>>>> features or bug fixes.
>>>>> 
>>>>> - Diameter application design guideline. This document will
> provide
>>>>> guidelines for design of Diameter extensions. It will detail when
>> to
>>>>> consider reusing an existing application and when to develop a new
>>>>> application.
>>>>> 
>>>>> - Protocol extensions for the management of Diameter entities.
> This
>> work
>>>>> focuses on the standardization of Management Information Bases
>> (MIBs) to
>>>>> configure Diameter entities (such as the Diameter Base protocol or
>>>>> Diameter Credit Control nodes). The usage of other management
>> protocols
>>>>> for configuring Diameter entities may be future work within the
>> group.
>>>>> 
>>>>> - Protocol extensions for bulk and grouped AAA session management.
>> The
>>>>> aim of this work is to study and standardize a solution for
>> handling
>>>>> groups of AAA sessions within the Diameter base protocol context.
>> The
>>>>> solution would define how to identify and handle grouped AAA
>> sessions in
>>>>> commands and operations.
>>>>> 
>>>>> Additionally, Diameter-based systems require interoperability in
>> order
>>>>> to work. The working group, along with the AD, will need to
>> evaluate any
>>>>> potential extensions and require verification that the proposed
>>>>> extension is needed, and is within the extensibility rules of
>> Diameter
>>>>> and AAA scope. Coordination with other IETF working groups and
>> other
>>>>> SDOs (e.g. 3GPP) will be used to ensure this.
>>>>> 
>>>>> Goals and Milestones:
>>>>> 
>>>>> Done     - Submit the following two Diameter Mobility documents to
>> the
>>>>>            IESG for consideration as a Proposed Standards:*
>> 'Diameter
>>>>>            Mobile IPv6: Support for Home Agent to Diameter Server
>>>>>            Interaction' * 'Diameter Mobile IPv6: Support for
>> Network
>>>>>            Access Server to Diameter Server Interaction'
>>>>> Done     - Submit 'Diameter API' to the IESG for consideration as
>> an
>>>>>            Informational RFC
>>>>> Done     - Submit 'Quality of Service Parameters for Usage with
>>>>>            Diameter' to the IESG for consideration as a Proposed
>>>>>            Standard.
>>>>> Done     - Submit 'Diameter QoS Application' to the IESG for
>>>>>            consideration as a Proposed Standard
>>>>> Done     - Submit 'Diameter Support for EAP Re-authentication
>>>>>            Protocol' as DIME working group item
>>>>> Done     - Submit 'Diameter User-Name and Realm Based Request
>> Routing
>>>>>            Clarifications' as DIME working group item
>>>>> Done     - Submit 'Diameter Proxy Mobile IPv6' as DIME working
>> group
>>>>>            item
>>>>> Done     - Submit 'Quality of Service Attributes for Diameter' to
>> the
>>>>>            IESG for consideration as a Proposed Standard
>>>>> Done     - Submit 'Diameter Proxy Mobile IPv6' to the IESG for
>>>>>            consideration as a Proposed Standard
>>>>> Done     - Submit 'Diameter User-Name and Realm Based Request
>> Routing
>>>>>            Clarifications' to the IESG for consideration as a
>> Proposed
>>>>>            Standard
>>>>> Done     - Submit 'Diameter NAT Control Application' as DIME
>> working
>>>>>            group item
>>>>> Done     - Submit 'Diameter Capabilities Update' as DIME working
>> group
>>>>>            item
>>>>> Done     - Submit 'Diameter Credit Control Application MIB' to the
>>>>>            IESG for consideration as an Informational RFC
>>>>> Done     - Submit 'Diameter Base Protocol MIB' to the IESG for
>>>>>            consideration as an Informational RFC
>>>>> Done     - Submit 'Diameter Capabilities Update' to the IESG for
>>>>>            consideration as a Proposed Standard
>>>>> Done     - Submit 'Diameter Extended NAPTR' as DIME working group
>> item
>>>>> Done     - Submit 'Realm-Based Redirection In Diameter' as DIME
>>>>>            working group item
>>>>> Done     - Submit 'Diameter Support for Proxy Mobile IPv6
> Localized
>>>>>            Routing' as DIME working group item
>>>>> Done     - Submit 'Diameter Attribute-Value Pairs for
> Cryptographic
>>>>>            Key Transport' as DIME working group item
>>>>> Done     - Submit 'Diameter Priority Attribute Value Pairs' as
> DIME
>>>>>            working group item
>>>>> Done     - Submit 'Diameter IKEv2 PSK' as DIME working group item
>>>>> Done     - Submit Revision of 'Diameter Base Protocol' to the IESG
>> for
>>>>>            consideration as a Proposed Standard
>>>>> Done     - Submit 'Diameter Attribute-Value Pairs for
> Cryptographic
>>>>>            Key Transport' to the IESG for consideration as a
>> Proposed
>>>>>            Standard
>>>>> Done     - Submit 'Diameter Priority Attribute Value Pairs' to the
>>>>>            IESG for consideration as a Proposed Standard
>>>>> Done     - Submit Revision of 'Diameter Network Access Server
>>>>>            Application - RFC 4005bis' as DIME working group item
>>>>> Done     - Submit 'Diameter NAT Control Application' to the IESG
>> for
>>>>>            consideration as a Proposed Standard
>>>>> Done     - Submit 'Diameter IKEv2 PSK' to the IESG for
>> consideration
>>>>>            as a Proposed Standard
>>>>> Done     - Submit 'Diameter Extended NAPTR' to the IESG for
>>>>>            consideration as a Proposed Standard
>>>>> Done     - Submit 'Diameter Support for Proxy Mobile IPv6
> Localized
>>>>>            Routing' to the IESG for consideration as a Proposed
>>>>> Mar 2012 - Submit 'Realm-Based Redirection In Diameter' to the
> IESG
>>>>>            for consideration as a Proposed Standard
>>>>> Mar 2012 - Submit Revision of 'Diameter Network Access Server
>>>>>            Application - RFC 4005bis' to the IESG for
>> consideration as a
>>>>>            Proposed Standard
>>>>> May 2012 - Submit 'Diameter Application Design Guidelines' to the
>> IESG
>>>>>            for consideration as a BCP document Standard
>>>>> Jul 2012 - Submit 'Diameter Support for EAP Re-authentication
>>>>>            Protocol' to the IESG for consideration as a Proposed
>>>>>            Standard
>>>>> Aug 2012 - Submit a document on 'Protocol extension for bulk and
>> group
>>>>>            signaling' as a working group item
>>>>> Aug 2013 - Submit a document on 'Protocol extension for bulk and
>> group
>>>>>            signaling' to the IESG for consideration as a Proposed
>>>>>            Standard
>>>>> _______________________________________________
>>>>> IETF-Announce mailing list
>>>>> IETF-Announce@xxxxxxxx
>>>>> https://www.ietf.org/mailman/listinfo/ietf-announce
>>>>> 
>>>> _______________________________________________
>>>> Ietf mailing list
>>>> Ietf@xxxxxxxx
>>>> https://www.ietf.org/mailman/listinfo/ietf
>>> 

_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]