DHCP Options for Protocol for Carrying Authentication for Network Access (PANA) Authentication Agents
RFC 5192
Yes
No Objection
Abstain
Note: This ballot was opened for revision 05 and is now closed.
Lars Eggert No Objection
(Jari Arkko; former steering group member) Yes
(Bill Fenner; former steering group member) No Objection
(Brian Carpenter; former steering group member) No Objection
(Cullen Jennings; former steering group member) No Objection
(Dan Romascanu; former steering group member) No Objection
(David Kessens; former steering group member) No Objection
(Jon Peterson; former steering group member) No Objection
(Lisa Dusseault; former steering group member) No Objection
(Mark Townsley; former steering group member) No Objection
> PANA Authentication Agent (PAA): > > The protocol entity in the access network whose responsibility > is to verify the credentials provided by a PANA client (PaC) > and authorize network access to the device associated with the > client and identified by a Device Identifier (DI). The latest version of draft-ietf-pana-pana removed "Device Identifier" from the protocol. The definition of PAA should be updated accordingly. Perhaps a cut and paste from draft-ietf-pana-pana-13.txt > > 7. Security Considerations > > The security considerations in [RFC2131], [RFC2132] and [RFC3315] > apply. If an adversary manages to modify the response from a DHCP > server or insert its own response, a PANA Client could be led to > contact a rogue PANA Authentication Agent, possibly one that then > intercepts call requests or denies service. "Call requests"?? I don't think this is a PANA, EAP or DHCP term. > > In most of the networks, the DHCP exchange that delivers the options s/the networks/networks > thank also Jari Arkko, Thomas Norten, Bernard Aboba that provided s/Norten/Narten
(Ross Callon; former steering group member) No Objection
(Ted Hardie; former steering group member) No Objection
(Russ Housley; former steering group member) Abstain
As far as I can tell, the issues that were raised about PANA in Last Call have not been fully sorted out. I do not think we should be assigning DHCP options to locate a PANA Authentication Agent until we are sure that the PANA protocol itself is going to be approved.
(Sam Hartman; former steering group member) Abstain