Skip to main content

DHCP Options for Protocol for Carrying Authentication for Network Access (PANA) Authentication Agents
RFC 5192

Yes

(Jari Arkko)

No Objection

Lars Eggert
(Bill Fenner)
(Brian Carpenter)
(Cullen Jennings)
(Dan Romascanu)
(David Kessens)
(Jon Peterson)
(Lisa Dusseault)
(Ross Callon)
(Ted Hardie)

Abstain

(Sam Hartman)

Note: This ballot was opened for revision 05 and is now closed.

Lars Eggert No Objection

(Jari Arkko; former steering group member) Yes

Yes ()

                            

(Bill Fenner; former steering group member) No Objection

No Objection ()

                            

(Brian Carpenter; former steering group member) No Objection

No Objection ()

                            

(Cullen Jennings; former steering group member) No Objection

No Objection ()

                            

(Dan Romascanu; former steering group member) No Objection

No Objection ()

                            

(David Kessens; former steering group member) No Objection

No Objection ()

                            

(Jon Peterson; former steering group member) No Objection

No Objection ()

                            

(Lisa Dusseault; former steering group member) No Objection

No Objection ()

                            

(Mark Townsley; former steering group member) No Objection

No Objection (2007-01-09)
>       PANA Authentication Agent (PAA):
>
>          The protocol entity in the access network whose responsibility
>          is to verify the credentials provided by a PANA client (PaC)
>          and authorize network access to the device associated with the
>          client and identified by a Device Identifier (DI).

The latest version of draft-ietf-pana-pana removed "Device Identifier" 
from the protocol. The definition of PAA should be updated accordingly. Perhaps a cut and paste from draft-ietf-pana-pana-13.txt

>
> 7.  Security Considerations
>
>    The security considerations in [RFC2131], [RFC2132] and [RFC3315]
>    apply.  If an adversary manages to modify the response from a DHCP
>    server or insert its own response, a PANA Client could be led to
>    contact a rogue PANA Authentication Agent, possibly one that then
>    intercepts call requests or denies service.

"Call requests"?? I don't think this is a PANA, EAP or DHCP term.

>
>    In most of the networks, the DHCP exchange that delivers the options

s/the networks/networks

>    thank also Jari Arkko, Thomas Norten, Bernard Aboba that provided

s/Norten/Narten

(Ross Callon; former steering group member) No Objection

No Objection ()

                            

(Ted Hardie; former steering group member) No Objection

No Objection ()

                            

(Russ Housley; former steering group member) Abstain

Abstain (2007-01-11)
  As far as I can tell, the issues that were raised about PANA in Last
  Call have not been fully sorted out.  I do not think we should be
  assigning DHCP options to locate a PANA Authentication Agent until
  we are sure that the PANA protocol itself is going to be approved.

(Sam Hartman; former steering group member) Abstain

Abstain ()