[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: AAA-doctor review: Documents on Agenda for IESG August 19, 20 04 T elechat

To: "'jari.arkko@piuha.net'" <jari.arkko@piuha.net>
Subject: RE: AAA-doctor review: Documents on Agenda for IESG August 19, 20 04 T elechat
From: "Wijnen, Bert (Bert)" <bwijnen@lucent.com>
Date: Wed, 18 Aug 2004 20:27:32 +0200
Cc: "Aaa-Doctors (E-mail)" <aaa-doctors@ops.ietf.org>

Thanks Jari, I am doing some follow up on this.

Bert

> -----Original Message-----
> From: Jari Arkko [mailto:jari.arkko@piuha.net]
> Sent: Tuesday, August 17, 2004 11:02
> To: Wijnen, Bert (Bert)
> Cc: Aaa-Doctors (E-mail)
> Subject: Re: AAA-doctor review: Documents on Agenda for IESG 
> August 19,
> 2004 T elechat
> 
> 
> 
> I read two of your documents, and they generally seem
> fine. A couple of points or questions really:
> 
> >   o draft-ietf-dhc-subscriber-id-06.txt
> >     DHCP Subscriber ID Suboption for the DHCP Relay Agent 
> Option (Proposed 
> >     Standard) - 6 of 6 
> >     Note: Participant in PROTO Team pilot:. Working Group 
> Chair Followup of 
> >     DISCUSS Comments. 
> >     
http://www.ietf.org/internet-drafts/draft-ietf-proto-wgchair-discuss-pilot-01.txt 
>     Token: Margaret Wasserman

This document looks good. One question: There seems to be a
growing number of identifiers (client-id etc) for users in
the DHCP space. Is there some rule set to determine which of
the attributes and in which order are used when, say,
determining if the same or different IP address should be
handed to the client? For instance, if the client-id has
changed but the subscriber ID stays the same, what do you
do? Or is this all left to policy?

>   o draft-ietf-capwap-problem-statement-01.txt
>     CAPWAP Problem Statement (Informational) - 6 of 6 

This document is very good. One additional item that
could perhaps be discussed in the security considerations
section is related to problem #4, securing a distributed
set of access points. I think problem #4 implies that
people want to move some of the tasks of the APs to the
controller so that the compromise of an access point would
not compromise, say, a RADIUS shared secret or perhaps
not even some of the keys used to protect the link layer.
Security considederations does not point this out. It
does say something about looking into physical security,
but perhaps it could be expanded into that as well as
the assignment of security parameters to the different
parts of the system.

--Jari

Prev by Date: Re: AAA-doctor review: Documents on Agenda for IESG August 19, 2004 T elechat
Next by Date: FW: Evaluation: draft-ietf-dhc-subscriber-id-06.txt for PS
Previous by thread: AAA-doctor review: Documents on Agenda for IESG August 19, 2004 T elechat
Next by thread: FW: Evaluation: draft-ietf-dhc-subscriber-id-06.txt for PS
Index(es):
- Date
- Thread