Skip to main content

Pre-Authentication Support for the Protocol for Carrying Authentication for Network Access (PANA)
RFC 5873

Revision differences

Document history

Date Rev. By Action
2015-10-14
09 (System) Notify list changed from pana-chairs@ietf.org, draft-ietf-pana-preauth@ietf.org to pana-chairs@ietf.org
2012-08-22
09 (System) post-migration administrative database adjustment to the No Objection position for Pasi Eronen
2012-08-22
09 (System) post-migration administrative database adjustment to the No Objection position for Magnus Westerlund
2010-05-17
09 Amy Vezza State Changes to RFC Published from RFC Ed Queue by Amy Vezza
2010-05-17
09 Amy Vezza [Note]: 'RFC 5873' added by Amy Vezza
2010-05-14
09 (System) RFC published
2010-03-18
09 (System) IANA Action state changed to RFC-Ed-Ack from Waiting on RFC Editor
2010-03-18
09 (System) IANA Action state changed to Waiting on RFC Editor from In Progress
2010-03-18
09 (System) IANA Action state changed to In Progress from Waiting on Authors
2010-03-18
09 (System) IANA Action state changed to Waiting on Authors from In Progress
2010-03-15
09 Cindy Morgan State Changes to RFC Ed Queue from Approved-announcement sent by Cindy Morgan
2010-03-15
09 (System) IANA Action state changed to In Progress
2010-03-15
09 Amy Vezza IESG state changed to Approved-announcement sent
2010-03-15
09 Amy Vezza IESG has approved the document
2010-03-15
09 Amy Vezza Closed "Approve" ballot
2010-03-12
09 (System) Removed from agenda for telechat - 2010-03-11
2010-03-11
09 Cindy Morgan State Changes to Approved-announcement to be sent from IESG Evaluation::External Party by Cindy Morgan
2010-03-11
09 Magnus Westerlund [Ballot Position Update] Position for Magnus Westerlund has been changed to No Objection from Discuss by Magnus Westerlund
2010-03-11
09 Tim Polk [Ballot Position Update] New position, No Objection, has been recorded by Tim Polk
2010-02-25
09 Jari Arkko Placed on agenda for telechat - 2010-03-11 by Jari Arkko
2010-02-25
09 Jari Arkko State Changes to IESG Evaluation::External Party from IESG Evaluation::AD Followup by Jari Arkko
2010-02-25
09 Jari Arkko waiting for draft-arkko-pana-iana to complete
2010-02-10
09 Pasi Eronen [Ballot Position Update] Position for Pasi Eronen has been changed to No Objection from Discuss by Pasi Eronen
2010-02-09
09 (System) Sub state has been changed to AD Follow up from New Id Needed
2010-02-09
09 (System) New version available: draft-ietf-pana-preauth-09.txt
2010-01-21
09 Samuel Weiler Request for Last Call review by SECDIR Completed. Reviewer: Joseph Salowey.
2010-01-21
09 Cindy Morgan State Changes to IESG Evaluation::Revised ID Needed from IESG Evaluation by Cindy Morgan
2010-01-21
09 Magnus Westerlund
[Ballot discuss]
RFC 5191 says the following:

10.2.2.  Flags

  There are 16 bits in the Flags field of the PANA message header.
  This …
[Ballot discuss]
RFC 5191 says the following:

10.2.2.  Flags

  There are 16 bits in the Flags field of the PANA message header.
  This document assigns bit 0 ('R'), 1 ('S'), 2 ('C'), 3 ('A'), 4
  ('P'), and 5 ('I') in Section 6.2.  The remaining bits MUST only be
  assigned via a Standards Action [IANA].

So to my understanding this document can not be published as an experimental and get the E bit assigned.
2010-01-21
09 Magnus Westerlund [Ballot Position Update] New position, Discuss, has been recorded by Magnus Westerlund
2010-01-21
09 Pasi Eronen
[Ballot discuss]
I have reviewed draft-ietf-pana-preauth-08, and have couple of
questions that probably need some clarification in the document:

- How does pre-authentication interact …
[Ballot discuss]
I have reviewed draft-ietf-pana-preauth-08, and have couple of
questions that probably need some clarification in the document:

- How does pre-authentication interact with the IP Reconfiguration
and the 'I' bit? (E.g., when the CPAA becomes the SPAA, can it tell
the PaC to do IP reconfiguration?)

- PANA can be used with non-key-generating EAP methods; however, it
seems pre-authentication requires a PANA SA? (since otherwise there
would be nothing to securely link the PNR/PNA exchange to the
earlier authentication)
2010-01-21
09 Pasi Eronen
[Ballot discuss]
I have reviewed draft-ietf-pana-preauth-08, and have couple of
questions that probably need some clarification in the document:

- How does pre-authentication interact …
[Ballot discuss]
I have reviewed draft-ietf-pana-preauth-08, and have couple of
questions that probably need some clarification in the document:

- How does pre-authentication interact with the IP Reconfiguration
and the 'I' bit? (E.g., when the CPAA becomes the SPAA, can it tell
the PaC to do IP reconfiguration?)

- PANA can be used with non-key-generating EAP methods; however, it
seems pre-authentication really cannot? (since there would be nothing
to securely link the PNR/PNA exchange to the earlier authentication)
2010-01-21
09 Pasi Eronen [Ballot Position Update] New position, Discuss, has been recorded by Pasi Eronen
2010-01-20
09 Cullen Jennings [Ballot Position Update] New position, No Objection, has been recorded by Cullen Jennings
2010-01-20
09 Adrian Farrel [Ballot Position Update] New position, No Objection, has been recorded by Adrian Farrel
2010-01-20
09 Robert Sparks [Ballot Position Update] New position, No Objection, has been recorded by Robert Sparks
2010-01-19
09 Ralph Droms [Ballot Position Update] New position, No Objection, has been recorded by Ralph Droms
2010-01-19
09 Ralph Droms
[Ballot comment]
In section 6, I'm not clear what "authorized PaCs" are in this sentence:

  It is recommended that the authorized PaCs are limited …
[Ballot comment]
In section 6, I'm not clear what "authorized PaCs" are in this sentence:

  It is recommended that the authorized PaCs are limited to well-known
  IP networks for a given PAA.
2010-01-19
09 Lars Eggert [Ballot Position Update] New position, No Objection, has been recorded by Lars Eggert
2010-01-18
09 Russ Housley [Ballot Position Update] New position, No Objection, has been recorded by Russ Housley
2010-01-18
09 Ron Bonica [Ballot Position Update] New position, No Objection, has been recorded by Ron Bonica
2010-01-16
09 Alexey Melnikov [Ballot Position Update] New position, No Objection, has been recorded by Alexey Melnikov
2010-01-15
09 Jari Arkko State Changes to IESG Evaluation from Waiting for AD Go-Ahead by Jari Arkko
2010-01-15
09 Jari Arkko Note field has been cleared by Jari Arkko
2010-01-12
09 (System) State has been changed to Waiting for AD Go-Ahead from In Last Call by system
2010-01-07
09 Amanda Baber
IANA comments:

Upon approval of this document, IANA will make the following
assignment in the "Message Flags" registry at
http://www.iana.org/assignments/pana-parameters/pana-parameters.xhtml

Bit Code Description Reference
--- …
IANA comments:

Upon approval of this document, IANA will make the following
assignment in the "Message Flags" registry at
http://www.iana.org/assignments/pana-parameters/pana-parameters.xhtml

Bit Code Description Reference
--- ---- ------------------ --------------------
6 E prE-authentication [RFC-pana-preauth-08]
2009-12-18
09 Samuel Weiler Request for Last Call review by SECDIR is assigned to Joseph Salowey
2009-12-18
09 Samuel Weiler Request for Last Call review by SECDIR is assigned to Joseph Salowey
2009-12-15
09 Amy Vezza Last call sent
2009-12-15
09 Amy Vezza State Changes to In Last Call from Last Call Requested by Amy Vezza
2009-12-15
09 Jari Arkko Placed on agenda for telechat - 2010-01-21 by Jari Arkko
2009-12-15
09 Jari Arkko State Changes to Last Call Requested from AD Evaluation::AD Followup by Jari Arkko
2009-12-15
09 Jari Arkko Last Call was requested by Jari Arkko
2009-12-15
09 Jari Arkko [Ballot Position Update] New position, Yes, has been recorded for Jari Arkko
2009-12-15
09 Jari Arkko Ballot has been issued by Jari Arkko
2009-12-15
09 Jari Arkko Created "Approve" ballot
2009-12-15
09 (System) Ballot writeup text was added
2009-12-15
09 (System) Last call text was added
2009-12-15
09 (System) Ballot approval text was added
2009-12-15
09 Jari Arkko new version looks OK
2009-12-14
09 (System) Sub state has been changed to AD Follow up from New Id Needed
2009-12-14
08 (System) New version available: draft-ietf-pana-preauth-08.txt
2009-10-27
09 Jari Arkko State Changes to AD Evaluation::Revised ID Needed from AD Evaluation by Jari Arkko
2009-10-27
09 Jari Arkko
I have reviewed this document. The chairs believed that this draft could progress to the IESG, if certain scope reductions would be done and those …
I have reviewed this document. The chairs believed that this draft could progress to the IESG, if certain scope reductions would be done and those are now in effect in -07.

Section 3: you should make it clear at the beginning what you expect as the output of the discovery process. I believe you are expecting an IP address of the PAA. Similarly, you should state that the PANA exchange happens between the client and the CPAA (and not, for instance, somehow proxied via SPAA).

The security considerations section seems thin. I'm sure there are more aspects to consider. For instance, what about DoS attacks where an evil client creates unnecessary state in a large number of networks? What about opening firewalls up for PANA traffic from the Internet -- it would seem that at the very least, there's an issue of fraudulent clients attempting to start EAP negotiations, creating partial session entries in PANA, AAA, and EAP state machines.

802.21 is mentioned to be the default discovery mechanism. But the text that says this is very thin on how 802.21 should be used. And the reference is informative. Maybe there's a part of 802.21 that explains exactly how to do it and what attributes are used. But I doubt it. Perhaps it would be better to not claim that 802.21 is the default mechanism.

Overall, I think this draft is reasonably simple and can move forward. However, given that we have no real specification of the discovery phase, and given the general lack of wide-spread working group interest, I'd say Experimental extension is the right classification.
2009-10-27
09 Jari Arkko State Changes to AD Evaluation from Publication Requested by Jari Arkko
2009-10-27
09 Jari Arkko Draft Added by Jari Arkko in state Publication Requested
2009-10-11
07 (System) New version available: draft-ietf-pana-preauth-07.txt
2009-06-27
06 (System) New version available: draft-ietf-pana-preauth-06.txt
2009-04-13
05 (System) New version available: draft-ietf-pana-preauth-05.txt
2008-12-03
04 (System) New version available: draft-ietf-pana-preauth-04.txt
2008-10-24
03 (System) New version available: draft-ietf-pana-preauth-03.txt
2007-11-18
02 (System) New version available: draft-ietf-pana-preauth-02.txt
2006-03-16
(System) Posted related IPR disclosure: Toshiba America Research, Inc.'s Statement regardfing IPR claimed in draft-ietf-pana-preauth-01
2006-03-07
01 (System) New version available: draft-ietf-pana-preauth-01.txt
2005-10-14
00 (System) New version available: draft-ietf-pana-preauth-00.txt