Technical Summary:
An IPv4 or IPv6 host can use the Port Control Protocol (PCP) to
flexibly manage the IP address and port mapping information on
Network Address Translators (NATs) or firewalls, to facilitate
communication with remote hosts. However, the un-controlled
generation or deletion of IP address mappings on such network devices
may cause security risks and should be avoided. In some cases the
client may need to prove that it is authorized to modify, create or
delete PCP mappings. This document describes an in-band
authentication mechanism for PCP that can be used in those cases.
The Extensible Authentication Protocol (EAP) is used to perform
authentication between PCP devices.
Working Group Summary:
Was there anything in WG process that is worth noting? For example, was there
controversy about particular points or were there decisions where the consensus
was particularly rough?
There is strong consensus to use an EAP-based mechanism for security.
There was, however, significant controversy about whether to use PANA.
A consensus call was done on the list, and (rough) consensus was called by
by the chairs in close cooperation with the responsible AD, following the
advice outlined in what is now RFC 7282. The chairs reported the results
at IETF 87, with slides at
http://www.ietf.org/proceedings/87/slides/slides-87-pcp-11.pdf
where rough consensus was declared for not using PANA.
Document Quality:
Are there existing implementations of the protocol? Have a significant number
of vendors indicated their plan to implement the specification? Are there any
reviewers that merit special mention as having done a thorough review, e.g.,
one that resulted in important changes or a conclusion that the document had
no substantive issues?
There is at least one implementation of this protocol, and eventually
more are expected. Many individuals have reviewed various versions
of this document over a long period of time.
Personnel:
Who is the Document Shepherd?
Dave Thaler <dthaler@microsoft.com>
Who is the Responsible Area Director?
Brian Haberman <brian@innovationslab.net>