Skip to main content

RADIUS Attributes for IEEE 802.16 Privacy Key Management Version 1 (PKMv1) Protocol Support
draft-zorn-radius-pkmv1-12

Revision differences

Document history

Date Rev. By Action
2012-08-22
12 (System) post-migration administrative database adjustment to the No Objection position for Pasi Eronen
2012-08-22
12 (System) post-migration administrative database adjustment to the No Objection position for Tim Polk
2012-08-22
12 (System) post-migration administrative database adjustment to the No Objection position for Adrian Farrel
2010-04-07
12 (System) IANA Action state changed to RFC-Ed-Ack from Waiting on RFC Editor
2010-03-31
12 (System) IANA Action state changed to Waiting on RFC Editor from In Progress
2010-03-31
12 (System) IANA Action state changed to In Progress from Waiting on Authors
2010-03-30
12 (System) IANA Action state changed to Waiting on Authors from In Progress
2010-03-30
12 Cindy Morgan State Changes to RFC Ed Queue from Approved-announcement sent by Cindy Morgan
2010-03-30
12 (System) IANA Action state changed to In Progress
2010-03-30
12 Amy Vezza IESG state changed to Approved-announcement sent
2010-03-30
12 Amy Vezza IESG has approved the document
2010-03-30
12 Amy Vezza Closed "Approve" ballot
2010-03-30
12 Amy Vezza State Changes to Approved-announcement to be sent from IESG Evaluation by Amy Vezza
2010-03-27
12 Pasi Eronen [Ballot Position Update] Position for Pasi Eronen has been changed to No Objection from Discuss by Pasi Eronen
2010-03-26
12 (System) New version available: draft-zorn-radius-pkmv1-12.txt
2010-03-07
11 (System) New version available: draft-zorn-radius-pkmv1-11.txt
2010-03-04
12 Dan Romascanu State Changes to IESG Evaluation from Waiting for AD Go-Ahead::AD Followup by Dan Romascanu
2010-02-24
12 Adrian Farrel [Ballot Position Update] Position for Adrian Farrel has been changed to No Objection from Discuss by Adrian Farrel
2010-02-22
12 Tim Polk [Ballot Position Update] Position for Tim Polk has been changed to No Objection from Undefined by Tim Polk
2010-02-22
12 Tim Polk [Ballot Position Update] Position for Tim Polk has been changed to Undefined from Discuss by Tim Polk
2010-02-20
12 Sam Weiler Request for Telechat review by SECDIR Completed. Reviewer: Donald Eastlake.
2010-02-19
12 Dan Romascanu State Changes to Waiting for AD Go-Ahead::AD Followup from IESG Evaluation::Revised ID Needed by Dan Romascanu
2010-02-19
12 (System) Removed from agenda for telechat - 2010-02-18
2010-02-18
12 Cindy Morgan State Changes to IESG Evaluation::Revised ID Needed from IESG Evaluation by Cindy Morgan
2010-02-18
12 Ralph Droms [Ballot comment]
Supporting Adrian's DISCUSS: why is this document Informational?
2010-02-18
12 Ralph Droms [Ballot Position Update] New position, No Objection, has been recorded by Ralph Droms
2010-02-18
12 Ross Callon [Ballot Position Update] New position, No Objection, has been recorded by Ross Callon
2010-02-18
12 Adrian Farrel
[Ballot discuss]
I don't have any objection to the existence or content of this document, but I don't understand why it is Informational.

It seems …
[Ballot discuss]
I don't have any objection to the existence or content of this document, but I don't understand why it is Informational.

It seems to define stuff for implementation, and it seems to do that defining within the IETF (i.e. it is not a report of work done elsewhere).

I will be happy to clear this Discuss on the call if someone can give a good reason.
2010-02-18
12 Ron Bonica [Ballot Position Update] New position, No Objection, has been recorded by Ron Bonica
2010-02-18
12 Adrian Farrel [Ballot Position Update] New position, Discuss, has been recorded by Adrian Farrel
2010-02-18
12 Russ Housley [Ballot Position Update] New position, No Objection, has been recorded by Russ Housley
2010-02-18
12 Tim Polk
[Ballot discuss]
This will probably be a trivial discuss to clear, but I have concerns about the hard size limits
for two of the attributes. …
[Ballot discuss]
This will probably be a trivial discuss to clear, but I have concerns about the hard size limits
for two of the attributes.

(1) In section 3.4, the PKM-Cryptosuite-List is defined with Len 2 + 3n < 39, where 'n'
is the number of cryptosuite identifiers.  That gives us n < 12.333... which seems a bit
odd.  Where does the n come from, and why is 12 the maximum number of cryptosuites?

(2) In section 3.7, PKM-AUTH-KEY is sized to convey a 128 bit key.  While I suspect that
PKMv1 may be limited to 128 bits, is there a reason to limit the attribute as well?  Support for
256 bit keys can be be achieved without crossing the magic 255 octet boundary, and might
help us avoid defining new attributes for PKMv2...
2010-02-18
12 Tim Polk [Ballot comment]
2010-02-18
12 Tim Polk
[Ballot discuss]
This is probably a trivial discuss, but I have concerns about the hard size limits for two
of the attributes.

(1) In section …
[Ballot discuss]
This is probably a trivial discuss, but I have concerns about the hard size limits for two
of the attributes.

(1) In section 3.4, the PKM-Cryptosuite-List is defined with Len 2 + 3n < 39, where 'n'
is the number of cryptosuite identifiers.  That gives us n < 12.333... which seems a bit
odd.  Where does the n come from, and why is 12 the maximum number of cryptosuites?

(2) In section 3.7, PKM-AUTH-KEY is sized to convey a 128 bit key.  While I suspect that
PKMv1 may be limited to 128 bits, is there a reason to limit the attribute as well?  Support for
256 bit keys can be be achieved without crossing the magic 255 octet boundary, and might
help us avoid defining new attributes for PKMv2...
2010-02-18
12 Tim Polk [Ballot Position Update] New position, Discuss, has been recorded by Tim Polk
2010-02-18
12 Tim Polk
[Ballot comment]
In section 3.4, the PKM-Cryptosuite-List is defined with Len 2 + 3n < 39, where 'n'
is the number of cryptosuite identifiers.  That …
[Ballot comment]
In section 3.4, the PKM-Cryptosuite-List is defined with Len 2 + 3n < 39, where 'n'
is the number of cryptosuite identifiers.  That gives us n < 12.333... which seems a bit
odd.  Where does the n come from, and why is 12 the maximum number of cryptosuites?
2010-02-18
12 Magnus Westerlund [Ballot Position Update] New position, No Objection, has been recorded by Magnus Westerlund
2010-02-18
12 Robert Sparks [Ballot Position Update] New position, No Objection, has been recorded by Robert Sparks
2010-02-17
12 Cullen Jennings [Ballot Position Update] New position, No Objection, has been recorded by Cullen Jennings
2010-02-17
12 Pasi Eronen
[Ballot comment]
Sections 3.1/3.2 say "It is possible that the size of the SS/CA
certificate may exceed the maximum size of a RADIUS attribute".
A …
[Ballot comment]
Sections 3.1/3.2 say "It is possible that the size of the SS/CA
certificate may exceed the maximum size of a RADIUS attribute".
A certificate compliant with 802.16-2004 is always longer than 255
bytes, so perhaps something like "the size usually exceeds" (or
"the size exceeds") would be more accurate.
2010-02-17
12 Pasi Eronen
[Ballot discuss]
I have reviewed draft-zorn-radius-pkmv1-10, and have one small concern
that I'd like to discuss before recommending approval of the document:

Section 6: …
[Ballot discuss]
I have reviewed draft-zorn-radius-pkmv1-10, and have one small concern
that I'd like to discuss before recommending approval of the document:

Section 6: "this document does not define a method for doing so
securely" sounds very strange, because the next sentence does define a
recommended method for doing exactly that.

That method is IMHO fine (while it's not perfect from security
point-of-view, it's not totally insecure or useless either -- and the
weaknesses are IMHO adequately described by the last sentence of the
paragraph), but since it's a key part of the specification, the use of
this attribute should be described in e.g. Section 3, and it should be
listed in Section 4.
2010-02-17
12 Pasi Eronen [Ballot Position Update] New position, Discuss, has been recorded by Pasi Eronen
2010-02-16
12 Lars Eggert [Ballot Position Update] New position, No Objection, has been recorded by Lars Eggert
2010-02-11
12 Sam Weiler Request for Telechat review by SECDIR is assigned to Donald Eastlake
2010-02-11
12 Sam Weiler Request for Telechat review by SECDIR is assigned to Donald Eastlake
2010-02-11
12 Dan Romascanu [Ballot Position Update] New position, Yes, has been recorded for Dan Romascanu
2010-02-11
12 Dan Romascanu Ballot has been issued by Dan Romascanu
2010-02-11
12 Dan Romascanu Created "Approve" ballot
2010-02-11
12 Dan Romascanu State Changes to IESG Evaluation from Waiting for AD Go-Ahead by Dan Romascanu
2010-02-11
12 Dan Romascanu Placed on agenda for telechat - 2010-02-18 by Dan Romascanu
2010-02-10
10 (System) New version available: draft-zorn-radius-pkmv1-10.txt
2010-02-09
09 (System) New version available: draft-zorn-radius-pkmv1-09.txt
2010-02-09
08 (System) New version available: draft-zorn-radius-pkmv1-08.txt
2010-02-08
07 (System) New version available: draft-zorn-radius-pkmv1-07.txt
2009-08-27
06 (System) New version available: draft-zorn-radius-pkmv1-06.txt
2009-08-22
12 Sam Weiler Request for Last Call review by SECDIR Completed. Reviewer: Donald Eastlake.
2009-08-19
12 (System) State has been changed to Waiting for AD Go-Ahead from In Last Call by system
2009-08-14
12 Amanda Baber
IANA comments:

Upon approval of this document, IANA will make the following
assignments in the "Radius Attribute Types" registry at
http://www.iana.org/assignments/radius-types

From the range 137-191 …
IANA comments:

Upon approval of this document, IANA will make the following
assignments in the "Radius Attribute Types" registry at
http://www.iana.org/assignments/radius-types

From the range 137-191
Value | Description | Reference
-------- + --------------------------------------- +---------
TBD1 | PKM-SS-Cert | [RFC-zorn-radius-pkmv1-04]
TBD2 | PKM-CA-Cert | [RFC-zorn-radius-pkmv1-04]
TBD3 | PKM-Config-Settings | [RFC-zorn-radius-pkmv1-04]
TBD4 | PKM-Cryptosuite-List | [RFC-zorn-radius-pkmv1-04]
TBD5 | PKM-SAID | [RFC-zorn-radius-pkmv1-04]
TBD6 | PKM-SA-Descriptor | [RFC-zorn-radius-pkmv1-04]
TBD7 | PKM-Auth-Key | [RFC-zorn-radius-pkmv1-04]

We understand the above to be the only IANA Action for this document.
2009-08-03
12 Sam Weiler Request for Last Call review by SECDIR is assigned to Donald Eastlake
2009-08-03
12 Sam Weiler Request for Last Call review by SECDIR is assigned to Donald Eastlake
2009-07-28
05 (System) New version available: draft-zorn-radius-pkmv1-05.txt
2009-07-22
12 Amy Vezza Last call sent
2009-07-22
12 Amy Vezza State Changes to In Last Call from Last Call Requested by Amy Vezza
2009-07-22
12 Dan Romascanu State Changes to Last Call Requested from Publication Requested by Dan Romascanu
2009-07-22
12 Dan Romascanu Last Call was requested by Dan Romascanu
2009-07-22
12 (System) Ballot writeup text was added
2009-07-22
12 (System) Last call text was added
2009-07-22
12 (System) Ballot approval text was added
2009-06-24
12 Dan Romascanu
PROTO write-up by Glen Zorn:

  (1.a)  Who is the Document Shepherd for this document?  Has the
      Document Shepherd personally reviewed this …
PROTO write-up by Glen Zorn:

  (1.a)  Who is the Document Shepherd for this document?  Has the
      Document Shepherd personally reviewed this version of the document
      and, in particular, does he or she believe this version is ready
      for forwarding to the IESG for publication?
Glen Zorn is the Document Shepherd; he has personally reviewed this version of the document and believes that this version is ready for forwarding to the IESG for publication.

  (1.b)  Has the document had adequate review both from key members of
      the interested community and others?  Does the Document Shepherd
      have any concerns about the depth or breadth of the reviews that
      have been performed?
The document has been reviewed by interested parties in the IETF radext WG and by both the WiMAX Forum NWG Security Team (attached) and the IEEE 802.16 Working Group (http://ieee802.org/16/liaison/docs/L80216-08_069r1.pdf).  The Document Shepherd has no concerns about the quality of the reviews.

  (1.c)  Does the Document Shepherd have concerns that the document
      needs more review from a particular or broader perspective, e.g.,
      security, operational complexity, someone familiar with AAA,
      internationalization or XML?
No.

  (1.d)  Does the Document Shepherd have any specific concerns or
      issues with this document that the Responsible Area Director
      and/or the IESG should be aware of?  For example, perhaps he or
      she is uncomfortable with certain parts of the document, or has
      concerns whether there really is a need for it.  In any event, if
      the interested community has discussed those issues and has
      indicated that it still wishes to advance the document, detail
      those concerns here.
No concerns.

  (1.e)  How solid is the consensus of the interested community behind
      this document?  Does it represent the strong concurrence of a few
      individuals, with others being silent, or does the interested
      community as a whole understand and agree with it?
The interested community may be divided into two constituencies: the standards community and the community consisting of those people and organizations implementing and deploying systems based upon fixed (as opposed to mobile) WiMAX (802.16-2004).  Outside the IETF, the standards community (including the IEEE 802.16 WG and the WiMAX Forum) seems to have moved on to the undeniably more glamorous (and hopefully, greener) pastures of mobile WiMAX but they have voiced no objection to this work.  On the other hand, this specification was developed at the request of implementers and in fact the first implementation was running before the -00 version of the draft was published; implementations of the draft have been deployed (using attributes drawn from the Experimental RADIUS Attribute namespace) in Africa and Southeast Asia.  This would seem to indicate strong support for the draft from that community.  Within the IETF, no objections have been raised to the publication of the document as an Informational RFC.


  (1.f)  Has anyone threatened an appeal or otherwise indicated extreme
      discontent?  If so, please summarize the areas of conflict in
      separate email messages to the Responsible Area Director.  (It
      should be in a separate email because this questionnaire is
      entered into the ID Tracker.)
No.

  (1.g)  Has the Document Shepherd personally verified that the
      document satisfies all ID nits?  (See
      http://www.ietf.org/ID-Checklist.html and
      http://tools.ietf.org/tools/idnits/).  Boilerplate checks are not
      enough; this check needs to be thorough.  Has the document met all
      formal review criteria it needs to, such as the MIB Doctor, media
      type and URI type reviews?
The idnits tool (http://tools.ietf.org/tools/idnits/idnits.pyht produces no errors or warnings and only one comment (about the obsolete reference, see below).

  (1.h)  Has the document split its references into normative and
      informative?  Are there normative references to documents that are
      not ready for advancement or are otherwise in an unclear state?
      If such normative references exist, what is the strategy for their
      completion?  Are there normative references that are downward
      references, as described in [RFC3967]?  If so, list these downward
      references to support the Area Director in the Last Call procedure
      for them [RFC3967].
All the references are correct; there is one intentionally obsolete reference (to RFC 2459), which is present to preserve alignment with the IEEE 802.16-2004 standard.

  (1.i)  Has the Document Shepherd verified that the document IANA
      consideration section exists and is consistent with the body of
      the document?  If the document specifies protocol extensions, are
      reservations requested in appropriate IANA registries?  Are the
      IANA registries clearly identified?  If the document creates a new
      registry, does it define the proposed initial contents of the
      registry and an allocation procedure for future registrations?
      Does it suggested a reasonable name for the new registry?  See
      [I-D.narten-iana-considerations-rfc2434bis].  If the document
      describes an Expert Review process has Shepherd conferred with the
      Responsible Area Director so that the IESG can appoint the needed
      Expert during the IESG Evaluation?
The IANA Considerations section is present and complete.

  (1.j)  Has the Document Shepherd verified that sections of the
      document that are written in a formal language, such as XML code,
      BNF rules, MIB definitions, etc., validate correctly in an
      automated checker?
N/A.

  (1.k)  The IESG approval announcement includes a Document
      Announcement Write-Up.  Please provide such a Document
      Announcement Writeup?  Recent examples can be found in the
      "Action" announcements for approved documents.  The approval
      announcement contains the following sections:

      Technical Summary

        This document defines a set of RADIUS Attributes which are designed
        to provide RADIUS support for IEEE 802.16 Privacy Key Management
        Version 1.

      Working Group Summary

        This document is not the product of an IETF Working Group.

      Document Quality

        There are at least two independent implementations of this draft; in
        addition, it has been reviewed by interested parties in the IETF radext WG 
        and by both the WiMAX Forum NWG Security Team and the IEEE 802.16 Working
        Group.  Special mention should be given to Alfred Hoenes for
        his excellent independent review.
2009-06-24
12 Dan Romascanu Draft Added by Dan Romascanu in state Publication Requested
2009-06-24
04 (System) New version available: draft-zorn-radius-pkmv1-04.txt
2009-06-20
12 (System) Document has expired
2008-12-17
03 (System) New version available: draft-zorn-radius-pkmv1-03.txt
2008-11-26
02 (System) New version available: draft-zorn-radius-pkmv1-02.txt
2008-10-18
01 (System) New version available: draft-zorn-radius-pkmv1-01.txt
2008-10-17
00 (System) New version available: draft-zorn-radius-pkmv1-00.txt