David Black's Gen-Art review feedback.
----- Forwarded message from [EMAIL PROTECTED] -----
X-VirusChecked: Checked
X-Env-Sender: [EMAIL PROTECTED]
X-Msg-Ref: server-2.tower-55.messagelabs.com!1181017142!23922125!1
X-StarScan-Version: 5.5.12.11; banners=-,-,-
X-Originating-IP: [128.222.32.20]
X-SpamReason: No, hits=0.0 required=7.0 tests=
From: [EMAIL PROTECTED]
Subject: Gen-ART review of draft-ietf-pana-framework-08.txt
To: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED]
Cc: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED]
X-OriginalArrivalTime: 05 Jun 2007 04:18:00.0083 (UTC)
FILETIME=[80907630:01C7A728]
X-PMX-Version: 4.7.1.128075, Antispam-Engine: 2.5.1.298604, Antispam-Data:
2007.6.4.205032
X-PerlMx-Spam: Gauge=, SPAM=0%, Reason='EMC_BODY_1+ -3, EMC_FROM_0+ -3,
NO_REAL_NAME 0, __C230066_P5 0, __CP_URI_IN_BODY 0, __CT 0, __CTE 0,
__CT_TEXT_PLAIN 0, __HAS_MSGID 0, __IMS_MSGID 0, __MIME_TEXT_ONLY 0,
__MIME_VERSION 0, __SANE_MSGID 0'
X-MIME-Autoconverted: from quoted-printable to 8bit by
toshi17.tari.toshiba.com id l554JAxI020531
X-UIDL: ~WL"!CN~!!*:[EMAIL PROTECTED]"!
I have been selected as the General Area Review Team (Gen-ART)
reviewer for this draft (for background on Gen-ART, please see
http://www.alvestrand.no/ietf/gen/art/gen-art-FAQ.html).
Please resolve these comments along with any other Last Call comments
you may receive.
Document: draft-ietf-pana-framework-08.txt
Reviewer: David L. Black
Review Date: June 4, 2007
IETF LC End Date: June 7, 2007
Summary:
This draft is on the right track but has open issues, described
in the review.
Comments:
This draft has changed significantly since it's -06 version that
I previously reviewed for Gen-ART. Sections 5-10 of the -06 draft
have been removed, resulting in a considerably higher level -08
document that is appropriate to publish as Informational (my
previous review of -06 had expressed a concern about whether it
should be standards track instead of informational). Much of
my previous Gen-ART review concerned portions of the -06 draft
that have been removed:
http://www.alvestrand.no/ietf/gen/reviews/draft-ietf-pana-framework-06-b
lack.txt
The following points from that review of -06 has not been addressed:
Section 3 could use a discussion about the relationship of the
access network to the network that PANA controls access to.
Figure 1 ought to show the latter (accessed) network as connected
to the EP, and a two-cloud ASCII diagram would be very useful.
Among other things, this would make it clear that the access
network is in general a shared access network
Section 4 talks about authentication at two levels - the lower
level (link native or IPsec) and EAP over PANA. It needs to
describe the recommended or required relationships between the
identities used for these authentications. If there is no
relationship, there is a potential vulnerability (particularly
in the IPsec scenario) to a man-in-the-middle attack where the
secure channel ends are not at the PaC and EP.
The latter concern needs to be noted in the Security Considerations
section, even if it is addressed elsewhere - the solution need
not be in this draft, but the identity correspondence problem
is an aspect of the PANA framework and needs to be noted as a
security consideration.
Thanks,
--David
----------------------------------------------------
David L. Black, Senior Technologist
EMC Corporation, 176 South St., Hopkinton, MA 01748
+1 (508) 293-7953 FAX: +1 (508) 293-7786
[EMAIL PROTECTED] Mobile: +1 (978) 394-7754
----------------------------------------------------
----- End forwarded message -----
_______________________________________________
Pana mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/pana
