1 DHCP Authentication Discussion INTAREA meeting, 70th IETF Vancouver, Canada Jari Arkko and Ralph Droms.

Slides:



Advertisements
Similar presentations
Oct, 26 th, 2010 OGF 29, FVGA-WG: Firewall Virtualization for Grid Applications Firewall Virtualization for Grid Applications - Status update
Advertisements

Diameter Bulk Signaling draft-liebsch-dime-diameter-bulksig-00.txt M. Liebsch, G. Punz IETF81, Quebec Diameter Maintenance and Extensions (DIME) WG 28.
Dynamic Allocation of Shared IPv4 Addresses draft-csf-dhc-dynamic-shared-v4allocation-00 Q. Sun, Y. Cui, I. Farrer, Y. Lee, Q. Sun, M. Boucadair IETF 89,
Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made.
IP over ETH over IEEE draft-riegel-16ng-ip-over-eth-over Max Riegel
COS 420 DAY 22. Agenda Assignment 4 Corrected 2 B’s Assignment 5 posted Chap Due May 4 Final exam will be take home and handed out May 4 and Due.
DHCP: Dual-Stack Issues draft-ietf-dhc-dual-stack-01 Tim Chown dhc WG, IETF 60, San Diego, August 2, 2004.
DNS zone suffix option for DHCPv6 (draft-yan-dhc-dhcpv6-opt-dnszone-01.txt) IETF 61 (Washington, DC) Yinglan Jiang Renxiang Yan
1 EAP Usage Issues Feb 05 Jari Arkko. 2 Typical EAP Usage PPP authentication Wireless LAN authentication –802.1x and i IKEv2 EAP authentication.
1 AutoconfBOF2.PPT / Aug / Singh,Perkins,Clausen IETF Not Confidential Ad hoc network autoconfiguration: definition and problem statement (draft-singh-autoconf-adp-00.txt)
Using DHCPv6 for DNS Configuration in Hosts draft-ietf-droms-dnsconfig-dhcpv6-00.txt Ralph Droms.
Submission November 2003 Dorothy Stanley (Agere Systems) IETF Liaison Report November 2003 Dorothy Stanley – Agere Systems IEEE Liaison To/From.
DIME WG IETF 82 Dime WG Agenda & Status THURSDAY, November 17, 2011 Jouni Korhonen & Lionel Morand.
Prefix Delegation Protocol Selection T.J. Kniveton MEXT Working Group IETF 70 - December ’07 - Vancouver.
IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: IETF Liaison Report Date Submitted: March 17, 2011 Presented at IEEE session.
Authentication Mechanism for Port Control Protocol (PCP) draft-wasserman-pcp-authentication-01.txt Margaret Wasserman Sam Hartman Painless Security Dacheng.
IETF-71, Philadelphia PANA in DSL networks draft-morand-pana-panaoverdsl-01.txt Lionel Morand France Telecom Alper Yegin Samsung Yoshihiro Ohba Toshiba.
DHC WG IETF 55, 11/18/ /18/2002IETF 552 Agenda Administrivia, agenda bashingRalph Droms Use of IPsec for Securing DHCPv4 Messages Exchanged Between.
ARMD – Next Steps Next Steps. Why a WG There is a problem People want to work to solve the problem Scope of problem is defined Work items are defined.
EAP Extensions for EAP Re- authentication Protocol (ERP) draft-wu-hokey-rfc5296bis-01 Yang Shi Qin Wu Zhen Cao
Doc.: IEEE /0691r0 Submission May 2011 Dorothy Stanley, Aruba NetworksSlide 1 IEEE IETF Liaison Report Date: Authors:
BFD Working Group Document Status – IETF 78 Jeffrey Haas, Dave Ward,
Multiple Interfaces (MIF) WG IETF 79, Beijing, China Margaret Wasserman Hui Deng
SIP working group IETF#70 Essential corrections Keith Drage.
RFC 4477 DHCP: Dual-Stack Issues Speaker: Ching-Chen Chang Date:
November 2005IETF 64, Vancouver, Canada1 EAP-POTP The Protected One-Time Password EAP Method Magnus Nystrom, David Mitton RSA Security, Inc.
1 Background and Introduction. 2 Outline History Scope Administrative.
PANA Framework Prakash Jayaraman, Rafa Marin Lopez, Yoshihiro Ohba, Mohan Parthasarathy, Alper Yegin IETF 59.
ICOS BOF EAP Applicability Bernard Aboba IETF 62, Minneapolis, MN.
1 sip-aaa-req.PPT/ 16 Jul 2002 / John Loughney SIP-AAA Requirements John Loughney Gonzalo Camarillo IETF 54.
IETF-90 (Toronto) DHC WG Meeting Wednesday, July 23, GMT IETF-90 DHC WG1 Last Updated: 07/21/ :10 EDT.
DetNet WG 1 ST Meeting Chairs: Lou Berger Pat Thaler Secretary: Jouni Korhonen.
Ongoing/Planned Activities for Week of 4/29 Final UCR Crosswalk due COB 4/30 Hold two working sessions to complete UCR Crosswalk on 4/30 Hold working session.
Privecsg Privacy Recommendation PAR Proposal Date: [ ] Authors: NameAffiliationPhone Juan Carlos ZúñigaInterDigital
DSLF Subscriber Auth Requirements and IETF PANA Protocol PANA WG Chairs IETF 70 Dec 7, 2007 – Vancouver, Canada.
1 Network Selection Problem Definition Draft-ietf-eap-netsel-problem-01.txt Jari Arkko Bernard Aboba.
Design Guidelines Thursday July 26, 2007 Bernard Aboba IETF 69 Chicago, IL.
IETF #65 Network Discovery and Selection Problem draft-ietf-eap-netsel-problem-04 Farooq Bari Jouni Korhonen.
DHCP Vrushali sonar. Outline DHCP DHCPv6 Comparison Security issues Summary.
DHCP options for PAA Status report of draft-ietf-dhc-paa-option-01.txt Lionel Morand IETF-65, Dallas.
Internet Area Meeting 66th IETF Montreal, Canada Jari Arkko and Mark Townsley Mailing list:
IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: IETF Liaison Report Date Submitted: September 16, 2010 Presented at IEEE session.
1 Extensible Authentication Protocol (EAP) Working Group IETF-57.
IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: IETF Liaison Report Date Submitted: May 14, 2009 Presented at IEEE session.
IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: IETF Liaison Report Date Submitted: September 20, 2007 Presented.
1 IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: EAP Pre-authentication Problem Statement in IETF HOKEY WG Date Submitted: September,
DHCPv4 option for PANA Authentication Agents draft-suraj-dhcpv4-paa-option-00.txt DHC/PANA WG IETF-63 France, Paris.
PANA in DSL networks draft-morand-pana-panaoverdsl-00.txt Lionel Morand Roberta Maglione John Kaippallimalil Alper Yegin IETF-67, San Diego.
WREC Working Group IETF 49, San Diego Co-Chairs: Mark Nottingham Ian Cooper WREC Working Group.
Dhc WG 3/2/2004, IETF 59, Seoul. 3/2/2004dhc WG - IETF 59, Seoul2 Agenda Administrivia, Agenda bashing Ralph Droms 05 minutes DHCP Option for Proxy Server.
Doc.: IEEE /0122r0 Submission January 2012 Dorothy Stanley, Aruba NetworksSlide 1 IEEE IETF Liaison Report Date: Authors:
EAP WG EAP Key Management Framework Draft-ietf-eap-keying-05.txt Bernard Aboba Microsoft IETF 62, Minneapolis, MN.
Lightweight 4over6: An Extension to DS-Lite Architecture draft-cui-softwire-b4-translated-ds-lite-09 Y. Cui, Q. Sun, M. Boucadair, T. Tsou, Y. Lee and.
ITU Liaison on T-MPLS Stewart Bryant
Doc.: IEEE /2179r0 Submission July 2007 Steve Emeott, MotorolaSlide 1 Summary of Updates to MSA Overview and MKD Functionality Text Date:
<draft-ohba-pana-framework-00.txt>
Informing AAA about what lower layer protocol is carrying EAP
PANA in DSL networks draft-morand-pana-panaoverdsl-01.txt
PANA Issues and Resolutions
Interface extensions YANG & VLAN sub-interface YANG Status update
IEEE 802 OmniRAN EC SG July 2013 Conclusion
IEEE 802 OmniRAN EC SG July 2013 Conclusion
Lionel Morand DHCP options for PAA Lionel Morand
PANA Discussion in DSL Forum Warsaw Meeting
Jari Arkko Bernard Aboba
Discussions on FILS Authentication
IEEE MEDIA INDEPENDENT HANDOVER
IETF 87 DHC WG Berlin, Germany Thursday, 1 August, 2013
Link Layer Addresses Assignment Mechanism for DHCPv6
IEEE MEDIA INDEPENDENT HANDOVER
Presentation transcript:

1 DHCP Authentication Discussion INTAREA meeting, 70th IETF Vancouver, Canada Jari Arkko and Ralph Droms

2 Outline Introduction and background DSL community needs & proposal (Ric) Summary of discussion and analysis Discussion

3 Introduction and Background Moving away from PPPoE in DSL But still keeping some of the business models and infrastructure DSL Forum liaison to IETF (Jul & Oct) A number of different potential approaches (802.1X, PANA, DHCP,...) Considering DHC recharter Other SDOs and extensions

4 The Desired Outcome of Discussion Present the proposal on the table Discuss the architectural and protocol implications Sense of the room on the direction: –Yes/No for doing DHCP work on this –Maybe also guidance on alternatives (if no) and details (if yes) Decisions on list

5 Content Issues to think about Requirements from an IETF perspective Way Forward

6 Issues to Think About (1/2) Moving away from PPPoE is good Freedom to carry your CPE device to a location of your choosing is good IETF specification of extensions in this space is good, as opposed to vendor specific solutions Multi-SDO coordination can be fun

7 Issues to Think About (2/2) Potential solutions –Layer 2 solutions (IEEE liaison) –IP layer network access control solutions (PANA) –Subscriber authentication in DHCP with either CHAP or EAP DHCP drafts are in very early stages –Need significant work –Not here to discuss details – focus on architectural impact of doing something in a particular way Solutions cannot be evaluated merely by their e2e behaviour –The architecture at the home site matters (CPE vs. hosts) –Ability of the network in between to deal with the required signalling (1X, PANA, DHCP) –Future developments matter (IPv6, other updates, etc.)

8 Challenges in DHCP Solutions (1/2) Securing the DHCP transaction vs. using DHCP for access control –Preventing configuration does not prevent access if manual configuration is possible –Access to link vs. beyond the link A DHCP-based solution does not work with hosts that employ stateless IPv6 Server vs. relay responding to messages

9 Challenges in DHCP Solutions (2/2) Retransmission responsibility on the client vs. server side CHAP vs. EAP A number of other issues from the list: –MTU issues, OFFER vs. ACK, key binding, session ids,...

10 Acceptable Solution Requirements MUST solve the detailed technical issues MUST NOT place requirements on hosts: –Requiring hosts to support DHCP AUTH –Requiring all IPv6 hosts to support DHCPv6 MUST handle both IPv4 and IPv6 MUST be able to deal with backwards compatibility issues & fit the state machine MUST accurately describe the limitations and applicability of the solution MUST conform to existing DHCP RFCs

11 Way Forward Discussion now Sense of the room on the direction: –Yes/No for doing DHCP work on this –Maybe also guidance on alternatives (if no) and details (if yes) Consensus call on the list If a DHCP-based approach is chosen, revise draft and recharter DHC WG to include this effort If not, we will ask DSL Forum to think about other solutions (such as 802.1X)

12 Background Material Slides

13 Current status and analysis DSLF liaison statements have been discussed on int-area mailing list: www1.ietf.org/mail-archive/web/int-area/current/ –Initial question: msg00957.html –Followup: msg01171.html –Followup: msg01215.html Discussion has not demonstrated rough consensus either to accept or to reject the DSLF liaison statement request to develop extensions to DHCP Some detailed reviews of the specific proposal –Arkko: msg01245.html –Aboba: msg01257.html

14 Liaison Statement 2 "At this time, we would like to make the IETF aware that during our most recent DSL Forum quarterly meeting, the Architecture and Transport Working Group agreed to seriously consider adopting a mechanism such as that proposed in draft-pruss- dhcp-auth-dsl-01.txt or draft-zhao-dhc-user- authentication-02. We understand that the authors of these specifications intend to produce a combined document soon. The DSL Forum formally requests that the IETF adopt this as a work item, and would appreciate being advised of progress as soon as possible.” Combined draft: draft-pruss-dhcp-auth-dsl-02.txt

15 Questions We Asked When the Liaison Was Received How do we feel about this [request]? Is this a good idea, considering the DSL architecture? How will it affect DHCP the protocol? How would you go about making DHCP extensions so that they work best for all possible environments and not just DSL? Is anyone already working on the combined draft promised above? Are there any other choices that we should recommend instead? I would like to hold the discussion on this [request] in [the int-area] list until we've determined that the DHCP protocol is the right tool for the job.

16 Other Draft-iab-ip-config by Aboba and Thaler Slides from Dave Thaler's DHC WG presentation in IETF-68 There is an IPR declaration on draft- pruss

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.