1 / 12

Issues to Consider w.r.t Protocol Solution

Issues to Consider w.r.t Protocol Solution. - IETF54 -. Goal. Identify issues early enough to provide feedback to requirements Kick-start solution discussions Not to design the solution now!. UDP/ICMP/IP?. What would be PANA based on to encapsulate EAP? UDP ICMP IP ?. Session Hijacking.

tekla
Download Presentation

Issues to Consider w.r.t Protocol Solution

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Issues to Consider w.r.t Protocol Solution - IETF54 -

  2. Goal • Identify issues early enough to provide feedback to requirements • Kick-start solution discussions • Not to design the solution now! PANA WG, IETF 54, Solution Issues

  3. UDP/ICMP/IP? • What would be PANA based on to encapsulate EAP? • UDP • ICMP • IP • ? PANA WG, IETF 54, Solution Issues

  4. Session Hijacking • How do we prevent session hijacking? • Per-packet authentication by IPsec • Per-packet authentication by L2 where available • Frequent re-authentication of PaC PANA WG, IETF 54, Solution Issues

  5. PAA Discovery • How does the PaC discover PAA? • Sending multicast packet to a well-known address • Anycast • SLP • Piggybacking on router discovery, dhcp • PAA can contact PaC (i.e., PaC discovery, supplemental) PANA WG, IETF 54, Solution Issues

  6. Heartbeat • What would be the heartbeat mechanism of PANA? • PANA Hello/Bye messages • Ping (icmp echo request/reply) • Local re-authentication • Full re-authentication PANA WG, IETF 54, Solution Issues

  7. Limited Free Access • How will PANA be triggered when PaC attempts to access beyond “free zone”? • PAA (router) sends an ICMP error message to PaC • PAA sends PANA Start message to PaC • Can PaC know on its own to send PANA Start? PANA WG, IETF 54, Solution Issues

  8. Unlimited Access • After a successful PANA authentication, how does the PaC gain unlimited access? • EP updates its filters to let any packet from the PaC go through PANA WG, IETF 54, Solution Issues

  9. New IP Address after PANA • Reasons to get new IP address: • Another IP address with greater scope (e.g., global scope) • Obtain service provider specific IP address • If a new IP address needs to be assigned to PaC, how is this done? • PaC’s decision (policy) • PANA Success message can inform PaC • Router (co-located with PAA) can take an action PANA WG, IETF 54, Solution Issues

  10. Secure Medium Assumption • EAP’s secure medium assumption is no longer valid. How can we ensure protection against eavesdropping and spoofing on PANA? • PANA can recommend use of specific EAP methods when the underlying medium is not secure (e.g., EAP-TTLS, PEAP) • PANA develops its own protection (e.g., ISAKMP, TLS based) PANA WG, IETF 54, Solution Issues

  11. Multi-PAA Case • If there are multiple first-hop routers, how does PANA work? • Each router has a PAA and responds to discovery, and PaC does PANA with all • Each router has a PAA, each PAA responds to discovery, and PaC does PANA with one • Only one router has PAA PANA WG, IETF 54, Solution Issues

  12. Any other? PANA WG, IETF 54, Solution Issues

More Related