Re: AAA-doctor review: Documents on Agenda for IESG August 19, 2004 T elechat

[Jari Arkko <jari.arkko@piuha.net>]

I read two of your documents, and they generally seem
fine. A couple of points or questions really:

>   o draft-ietf-dhc-subscriber-id-06.txt
>     DHCP Subscriber ID Suboption for the DHCP Relay Agent Option (Proposed 
>     Standard) - 6 of 6 
>     Note: Participant in PROTO Team pilot:. Working Group Chair Followup of 
>     DISCUSS Comments. 
>     http://www.ietf.org/internet-drafts/draft-ietf-proto-wgchair-discuss-pilot-01.txt 
>     Token: Margaret Wasserman

This document looks good. One question: There seems to be a
growing number of identifiers (client-id etc) for users in
the DHCP space. Is there some rule set to determine which of
the attributes and in which order are used when, say,
determining if the same or different IP address should be
handed to the client? For instance, if the client-id has
changed but the subscriber ID stays the same, what do you
do? Or is this all left to policy?

>   o draft-ietf-capwap-problem-statement-01.txt
>     CAPWAP Problem Statement (Informational) - 6 of 6 

This document is very good. One additional item that
could perhaps be discussed in the security considerations
section is related to problem #4, securing a distributed
set of access points. I think problem #4 implies that
people want to move some of the tasks of the APs to the
controller so that the compromise of an access point would
not compromise, say, a RADIUS shared secret or perhaps
not even some of the keys used to protect the link layer.
Security considederations does not point this out. It
does say something about looking into physical security,
but perhaps it could be expanded into that as well as
the assignment of security parameters to the different
parts of the system.

--Jari