Presentation is loading. Please wait.

Presentation is loading. Please wait.

Qin Wu Zhen Cao Yang Shi Baohong He

Published byMark van der Wolf Modified over 5 years ago

Similar presentations

Presentation on theme: "Qin Wu Zhen Cao Yang Shi Baohong He"— Presentation transcript:

1 Qin Wu Zhen Cao Yang Shi Baohong He
EAP Extensions for EAP Re-authentication Protocol draft-ietf-hokey-rfc5296bis-02 Qin Wu Zhen Cao Yang Shi Baohong He 2019/8/6 AVT IETF 80 Prague

2 Outline History Changes Issues Moving Forwarding 2019/8/6
Being Adopted after IETF 79, Beijing 00 version WG draft submitted before IETF 80, Prague Remaining issues waiting for being addressed How FEC is taken into account in this draft how Distribution source in the SSM case react to different reports 2019/8/6 AVT IETF 80 Prague

3 History “Submit a revision of RFC 5296 ” is an Hokey goal for July 2010 Glen Zorn wrote the initial draft for this document and provided useful reviews. The version 02 is submitted before this meeting. Address some remaining issues discussed in the last meeting 2019/8/6 AVT IETF 80 Prague

4 Changes since previous versions
Change using MAY in section to using SHOULD. Mandate sending the EAP-Initiate/Re-auth-Start message instead of optional Update obsolete reference RFC4306 into RFC5996 Allow local server respond to the peer directly without forwarding the ERP message to the home domain 2019/8/6 AVT IETF 80 Prague

5 Issue – simplify bootstrapping
Deprecate the flag ‘B’ Pro: In implicit bootstrapping, ‘B’ flag is useless since peer will not send out ERP message; In Explicit bootstrapping, ‘B’ flag can be used to trigger local ER server go back to home domain. Con: In both above cases, local ER server can decide if forward ERP message to the home domain according to if the local server has keying materials for the peer. Mandate including both the name of the home domain and one of the local domain in ERP requests the local ER server decide if respond directly to the peer by comparing the domain name in the request with its own domain name Need to assign two new TLVs to carry both home domain and local domain. the local ER server decide if respond directly to the peer by comparing the realm part of keyName-NAI with its own domain name. 2019/8/6 AVT IETF 80 Prague

6 Issue-May vs Should in RFC5296bis
RFC 5296 uses "SHOULD" several times in section 5.2 (2nd, 3rd paragraph) but uses "MAY" in section about if the authenticator MAY/SHOULD send a EAP-Initiate/Re-Auth-Start message when a new peer appears. Suggestions Mandate sending EAP-Initiate/Re-Auth-Start from authenticator But allow the peer send EAP-Initiate without waiting for Re-Auth-Start. 2019/8/6 AVT IETF 80 Prague

7 Issue-Remove local and home distinction
Pro In EAP, there is no concept of domain involved In ERP, we add one entity: the ER server. This entity is inserted "between" the authenticator and the backend authentication server. Also add a new capability to derive key hierarchies called as ERKS Then we have now the following logical entities: peer <--> authenticator <--> ER server <--> ERKS <--> EAP server. Con Domain concept comes from AAA infrastructure If we consider roaming or handover across AAA domain, we should differentiate concept between local and home. If we limit scenario to handover within one AAA domain, then we do not need to distinct local and home. Bootstrapping means each mobile use should download its user profile or other subscriber information from its home domain. 2019/8/6 AVT IETF 80 Prague

8 Moving Forward Any other issues?
Encourage more review of draft and early feedback 2019/8/6 AVT IETF 80 Prague

Download ppt "Qin Wu Zhen Cao Yang Shi Baohong He"

Similar presentations

Benoit Lourdelet Wojciech Dec Behcet Sarikaya Glen Zorn July 2009 IPv6 RADIUS attributes for IPv6 access networks IETF-75

Benoit Lourdelet Wojciech Dec Behcet Sarikaya Glen Zorn July 2009 IPv6 RADIUS attributes for IPv6 access networks IETF-75
EAP Channel Bindings Charles Clancy Katrin Hoeper IETF 76 Hiroshima, Japan November 08-13, 2009.

EAP Channel Bindings Charles Clancy Katrin Hoeper IETF 76 Hiroshima, Japan November 08-13, 2009.
ERP for IKEv2 draft-nir-ipsecme-erx-01. Why ERP for IKEv2? RFC 5296 and the bis document define a quick re- authentication protocol for EAP. ERP requires.

ERP for IKEv2 draft-nir-ipsecme-erx-01. Why ERP for IKEv2? RFC 5296 and the bis document define a quick re- authentication protocol for EAP. ERP requires.
RFC5296BIS CHANGES PROPOSAL Sebastien Decugis. Presentation outline  Quick reminder on ERP (RFC5296)  2 change proposals  Problem description  Solution.

RFC5296BIS CHANGES PROPOSAL Sebastien Decugis. Presentation outline  Quick reminder on ERP (RFC5296)  2 change proposals  Problem description  Solution.
2015-10-17Hokey IETF 81 Quebec1 EAP Extensions for EAP Re- authentication Protocol draft-ietf-hokey-rfc5296bis-04 Qin Wu Zhen Cao Yang Shi Baohong He.

Hokey IETF 81 Quebec1 EAP Extensions for EAP Re- authentication Protocol draft-ietf-hokey-rfc5296bis-04 Qin Wu Zhen Cao Yang Shi Baohong He.
March 15, 2005 IETF #62 Minneapolis1 EAP Discovery draft-adrangi-eap-network-discovery-10.txt Farid Adrangi ( )

March 15, 2005 IETF #62 Minneapolis1 EAP Discovery draft-adrangi-eap-network-discovery-10.txt Farid Adrangi ( )
1 RADIUS Mobile IPv6 Support draft-ietf-mip6-radius-01.txt Kuntal Chowdhury Avi Lior Hannes Tschofenig.

1 RADIUS Mobile IPv6 Support draft-ietf-mip6-radius-01.txt Kuntal Chowdhury Avi Lior Hannes Tschofenig.
EAP Extensions for EAP Re- authentication Protocol (ERP) draft-wu-hokey-rfc5296bis-01 Yang Shi Qin Wu Zhen Cao

EAP Extensions for EAP Re- authentication Protocol (ERP) draft-wu-hokey-rfc5296bis-01 Yang Shi Qin Wu Zhen Cao
AAA and Mobile IPv6 Franck Le AAA WG - IETF55. Why Diameter support for Mobile IPv6? Mobile IPv6 is a routing protocol and does not deal with issues related.

AAA and Mobile IPv6 Franck Le AAA WG - IETF55. Why Diameter support for Mobile IPv6? Mobile IPv6 is a routing protocol and does not deal with issues related.
EAP Extensions for EAP Early Authentication Protocol (EEP) Hao Wang, Yang Shi, Tina Tsou.

EAP Extensions for EAP Early Authentication Protocol (EEP) Hao Wang, Yang Shi, Tina Tsou.
EAP Extensions for EAP Re- authentication Protocol (ERP) draft-wu-hokey-rfc5296bis-01 Glen Zorn Qin Wu Zhen Cao.

EAP Extensions for EAP Re- authentication Protocol (ERP) draft-wu-hokey-rfc5296bis-01 Glen Zorn Qin Wu Zhen Cao.
ERP/AAK support for Inter-AAA realm handover discussion Hao Wang, Tina Tsou, Richard.

ERP/AAK support for Inter-AAA realm handover discussion Hao Wang, Tina Tsou, Richard.
Washinton D.C., November 2004 IETF 61 st – mip6 WG MIPv6 authorization and configuration based on EAP (draft-giaretta-mip6-authorization-eap-02) Gerardo.

Washinton D.C., November 2004 IETF 61 st – mip6 WG MIPv6 authorization and configuration based on EAP (draft-giaretta-mip6-authorization-eap-02) Gerardo.
Diameter SIP Application

Diameter SIP Application
Minneapolis, March 2005 IETF 62 nd – mip6 WG Goals for AAA-HA interface (draft-giaretta-mip6-aaa-ha-goals-00) Gerardo Giaretta Ivano Guardini Elena Demaria.

Minneapolis, March 2005 IETF 62 nd – mip6 WG Goals for AAA-HA interface (draft-giaretta-mip6-aaa-ha-goals-00) Gerardo Giaretta Ivano Guardini Elena Demaria.
Paris, August 2005 IETF 63 rd – mip6 WG Mobile IPv6 bootstrapping in split scenario (draft-ietf-mip6-bootstrapping-split-00) mip6-boot-sol DT Gerardo Giaretta,

Paris, August 2005 IETF 63 rd – mip6 WG Mobile IPv6 bootstrapping in split scenario (draft-ietf-mip6-bootstrapping-split-00) mip6-boot-sol DT Gerardo Giaretta,
MIP6 RADIUS IETF-72 Update draft-ietf-mip6-radius-05.txt A. LiorBridgewater Systems K. ChowdhuryStarent Networks H. Tschofenig Nokia Siemens Networks.

MIP6 RADIUS IETF-72 Update draft-ietf-mip6-radius-05.txt A. LiorBridgewater Systems K. ChowdhuryStarent Networks H. Tschofenig Nokia Siemens Networks.
PMIPv6 multicast handover optimization by the Subscription Information Acquisition through the LMA (SIAL) Luis M. Contreras Telefónica I+D Carlos J. Bernardos.

PMIPv6 multicast handover optimization by the Subscription Information Acquisition through the LMA (SIAL) Luis M. Contreras Telefónica I+D Carlos J. Bernardos.
RSVP-TE Extensions to Realize Dynamic Binding of Associated Bidirectional LSP CCAMP/MPLS WG, IETF 79th, Beijing, China draft-zhang-mpls-tp-rsvpte-ext-associated-lsp-01.

RSVP-TE Extensions to Realize Dynamic Binding of Associated Bidirectional LSP CCAMP/MPLS WG, IETF 79th, Beijing, China draft-zhang-mpls-tp-rsvpte-ext-associated-lsp-01.
Doc.: IEEE 802.11-07/2179r0 Submission July 2007 Steve Emeott, MotorolaSlide 1 Summary of Updates to MSA Overview and MKD Functionality Text Date: 2007-07-16.

Doc.: IEEE /2179r0 Submission July 2007 Steve Emeott, MotorolaSlide 1 Summary of Updates to MSA Overview and MKD Functionality Text Date:

Similar presentations

Ads by Google