From owner-aaa-wg@merit.edu Sun Dec 5 07:25:26 2004 Received: from trapdoor.merit.edu (trapdoor.merit.edu [198.108.1.26]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA01701 for ; Sun, 5 Dec 2004 07:25:26 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id 672F991236; Sun, 5 Dec 2004 07:25:18 -0500 (EST) Delivered-To: aaa-wg-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 38EB891254; Sun, 5 Dec 2004 07:25:18 -0500 (EST) Delivered-To: aaa-wg@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 1489191236 for ; Sun, 5 Dec 2004 07:25:17 -0500 (EST) Received: by segue.merit.edu (Postfix) id E8BA1594BC; Sun, 5 Dec 2004 07:25:16 -0500 (EST) Delivered-To: aaa-wg@merit.edu Received: from mgw-x4.nokia.com (mgw-x4.nokia.com [131.228.20.27]) by segue.merit.edu (Postfix) with ESMTP id F39EE594BF for ; Sun, 5 Dec 2004 07:25:15 -0500 (EST) Received: from esdks004.ntc.nokia.com (esdks004.ntc.nokia.com [172.21.138.159]) by mgw-x4.nokia.com (Switch-2.2.8/Switch-2.2.8) with ESMTP id iB5CP9S29688; Sun, 5 Dec 2004 14:25:10 +0200 (EET) X-Scanned: Sun, 5 Dec 2004 14:20:25 +0200 Nokia Message Protector V1.3.31 2004060815 - RELEASE Received: (from root@localhost) by esdks004.ntc.nokia.com (8.12.9/8.12.9) id iB5CKPU3029441; Sun, 5 Dec 2004 14:20:25 +0200 Received: from mgw-int1.ntc.nokia.com (172.21.143.96) by esdks004.ntc.nokia.com 002y44TO; Sun, 05 Dec 2004 14:20:25 EET Received: from esebh001.NOE.Nokia.com (esebh001.ntc.nokia.com [172.21.138.28]) by mgw-int1.ntc.nokia.com (Switch-2.2.8/Switch-2.2.8) with ESMTP id iB5CKOa23891; Sun, 5 Dec 2004 14:20:24 +0200 (EET) Received: from [172.17.212.99] ([172.17.212.99]) by esebh001.NOE.Nokia.com with Microsoft SMTPSVC(5.0.2195.6881); Sun, 5 Dec 2004 14:20:23 +0200 Message-ID: <41B2FD07.3060003@nokia.com> Date: Sun, 05 Dec 2004 14:20:23 +0200 From: Miguel Garcia User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.2) Gecko/20040804 Netscape/7.2 (ax) X-Accept-Language: en-us, en, es-es MIME-Version: 1.0 To: AAA mailing list Cc: Mari Carmen belinchon , Miguel-Angel Pallares , "ext Carolina Canales (ML/EEM)" , Pete McCann , Rajaniemi Jaakko Matti , Tammi Kalle Tapani Subject: [AAA-WG]: Diameter SIP app: issue 4 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 05 Dec 2004 12:20:23.0954 (UTC) FILETIME=[CBB8AF20:01C4DAC4] Sender: owner-aaa-wg@merit.edu Precedence: bulk Content-Transfer-Encoding: 7bit Hi: I am trying to close open issues in the Diameter SIP application. As part of the process, I would like to initiate a discussion on the list of those issues for which I would like to get a sense of the consensus. Therefore, you will see a few of these posts in the next few days. Reminder: The list of open issues is stored at: http://danforsberg.info:8080/draft-ietf-aaa-diameter-sip/ Now, I would like to discuss open issue #4m which is fully described at: http://danforsberg.info:8080/draft-ietf-aaa-diameter-sip/issue4 So please read it, try to understand it, and comment. My opinion is also listed in the open issues tracker, which is, we should provide a mechanism to indicate the type of user profile that the client or server understand, otherwise there might be incompatibilities. But certainly I don't like the IANA registration of this solution. Comments? /Miguel -- Miguel A. Garcia tel:+358-50-4804586 Nokia Research Center Helsinki, Finland From owner-aaa-wg@merit.edu Tue Dec 7 01:07:43 2004 Received: from trapdoor.merit.edu (trapdoor.merit.edu [198.108.1.26]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id BAA06447 for ; Tue, 7 Dec 2004 01:07:43 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id 00DFB9121C; Tue, 7 Dec 2004 01:07:30 -0500 (EST) Delivered-To: aaa-wg-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id BC9489126B; Tue, 7 Dec 2004 01:07:29 -0500 (EST) Delivered-To: aaa-wg@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id A05729121C for ; Tue, 7 Dec 2004 01:07:28 -0500 (EST) Received: by segue.merit.edu (Postfix) id 8DB56583CE; Tue, 7 Dec 2004 01:07:28 -0500 (EST) Delivered-To: aaa-wg@merit.edu Received: from p2.piuha.net (p2.piuha.net [131.160.192.2]) by segue.merit.edu (Postfix) with ESMTP id 2ACA3583C6 for ; Tue, 7 Dec 2004 01:07:28 -0500 (EST) Received: from kolumbus.fi (p2.piuha.net [131.160.192.2]) by p2.piuha.net (Postfix) with ESMTP id 5C5E889838 for ; Tue, 7 Dec 2004 08:07:20 +0200 (EET) Message-ID: <41B5480D.1080302@kolumbus.fi> Date: Tue, 07 Dec 2004 08:05:01 +0200 From: Jari Arkko User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7b) Gecko/20040316 X-Accept-Language: en-us, en MIME-Version: 1.0 To: "'aaa-wg@merit.edu'" Subject: [AAA-WG]: FW: IPSec use with Diameter (from the IPSEC WG list) Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-aaa-wg@merit.edu Precedence: bulk Content-Transfer-Encoding: 7bit mohanlal jangir wrote: >> Here is one paragraph from RFC 3588 (Diameter Base Protocol): >> >> "Note that IPsec is considerably less flexible than TLS when it comes to >> configuring root CAs. Since use of Port identifiers is prohibited >> within IKE >> Phase 1, within IPsec it is not possible to uniquely configure trusted >> root >> CAs for each application individually; the same policy must be used >> for all >> applications. This implies, for example, that a root CA trusted for >> use with >> Diameter must also be trusted to protect SNMP. These restrictions can be >> awkward at best. >> Since TLS supports application-level granularity in certificate >> policy, TLS >> SHOULD be used to protect Diameter connections between administrative >> domains. IPSec is most appropriate for intra-domain usage when pre-shared >> keys are used as a security mechanism." Scott G. Kelly wrote: > It's wrong. Granted, the original IPsec RFC's were not very clear on how > you configure something like this, but what is discussed above is an > implementation problem probably resulting from a design decision to only > permit one IKE SA between a given endpoint pair. It has always been > possible to use granular per-port policies, and if a particular > implementation does not support this, it's not because of a restriction > in the IPsec standard. From owner-aaa-wg@merit.edu Tue Dec 7 06:46:22 2004 Received: from trapdoor.merit.edu (trapdoor.merit.edu [198.108.1.26]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA15858 for ; Tue, 7 Dec 2004 06:46:21 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id BBDC191273; Tue, 7 Dec 2004 06:45:50 -0500 (EST) Delivered-To: aaa-wg-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 855BD91274; Tue, 7 Dec 2004 06:45:50 -0500 (EST) Delivered-To: aaa-wg@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 4AD6A91273 for ; Tue, 7 Dec 2004 06:45:49 -0500 (EST) Received: by segue.merit.edu (Postfix) id 316A758421; Tue, 7 Dec 2004 06:45:49 -0500 (EST) Delivered-To: aaa-wg@merit.edu Received: from mgw-x4.nokia.com (mgw-x4.nokia.com [131.228.20.27]) by segue.merit.edu (Postfix) with ESMTP id D1CBC58422 for ; Tue, 7 Dec 2004 06:45:43 -0500 (EST) Received: from esdks003.ntc.nokia.com (esdks003.ntc.nokia.com [172.21.138.158]) by mgw-x4.nokia.com (Switch-2.2.8/Switch-2.2.8) with ESMTP id iB7BjcS14935; Tue, 7 Dec 2004 13:45:39 +0200 (EET) X-Scanned: Tue, 7 Dec 2004 13:39:05 +0200 Nokia Message Protector V1.3.31 2004060815 - RELEASE Received: (from root@localhost) by esdks003.ntc.nokia.com (8.12.9/8.12.9) id iB7Bd5M6008801; Tue, 7 Dec 2004 13:39:05 +0200 Received: from mgw-int2.ntc.nokia.com (172.21.143.97) by esdks003.ntc.nokia.com 00M8I0TM; Tue, 07 Dec 2004 13:39:04 EET Received: from esebh003.NOE.Nokia.com (esebh003.ntc.nokia.com [172.21.138.82]) by mgw-int2.ntc.nokia.com (Switch-2.2.8/Switch-2.2.8) with ESMTP id iB7Bd4S05276; Tue, 7 Dec 2004 13:39:04 +0200 (EET) Received: from esebe017.NOE.Nokia.com ([172.21.138.56]) by esebh003.NOE.Nokia.com with Microsoft SMTPSVC(5.0.2195.6881); Tue, 7 Dec 2004 13:38:56 +0200 Received: from esebe056.NOE.Nokia.com ([172.21.143.51]) by esebe017.NOE.Nokia.com with Microsoft SMTPSVC(5.0.2195.6881); Tue, 7 Dec 2004 13:38:55 +0200 X-MimeOLE: Produced By Microsoft Exchange V6.0.6603.0 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Subject: RE: [AAA-WG]: FW: IPSec use with Diameter (from the IPSEC WG list) Date: Tue, 7 Dec 2004 13:38:55 +0200 Message-ID: <3CF661B1787ABF41A869BE20108F8D6D43231C@esebe056.ntc.nokia.com> Thread-Topic: [AAA-WG]: FW: IPSec use with Diameter (from the IPSEC WG list) Thread-Index: AcTcI1c2vG64x7ONQqGGX5OJyJyA/AALe/IQ From: To: , X-OriginalArrivalTime: 07 Dec 2004 11:38:55.0944 (UTC) FILETIME=[5593FC80:01C4DC51] Sender: owner-aaa-wg@merit.edu Precedence: bulk Content-Transfer-Encoding: quoted-printable > >> Here is one paragraph from RFC 3588 (Diameter Base Protocol): > >> > >> "Note that IPsec is considerably less flexible than TLS=20 > when it comes to > >> configuring root CAs. Since use of Port identifiers is prohibited > >> within IKE > >> Phase 1, within IPsec it is not possible to uniquely=20 > configure trusted > >> root > >> CAs for each application individually; the same policy=20 > must be used > >> for all > >> applications. This implies, for example, that a root CA=20 > trusted for > >> use with > >> Diameter must also be trusted to protect SNMP. These=20 > restrictions can be > >> awkward at best. > >> Since TLS supports application-level granularity in certificate > >> policy, TLS > >> SHOULD be used to protect Diameter connections between=20 > administrative > >> domains. IPSec is most appropriate for intra-domain usage=20 > when pre-shared > >> keys are used as a security mechanism." >=20 > Scott G. Kelly wrote: >=20 > > It's wrong. Granted, the original IPsec RFC's were not very clear = on how > > you configure something like this, but what is discussed above is = an > > implementation problem probably resulting from a design decision to = only > > permit one IKE SA between a given endpoint pair. It has always been > > possible to use granular per-port policies, and if a particular > > implementation does not support this, it's not because of a = restriction > > in the IPsec standard. Have suggestions for an eratta entry? John From owner-aaa-wg@merit.edu Tue Dec 7 07:19:20 2004 Received: from trapdoor.merit.edu (trapdoor.merit.edu [198.108.1.26]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA19313 for ; Tue, 7 Dec 2004 07:19:20 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id 0773591274; Tue, 7 Dec 2004 07:18:38 -0500 (EST) Delivered-To: aaa-wg-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id C91E0912EE; Tue, 7 Dec 2004 07:18:37 -0500 (EST) Delivered-To: aaa-wg@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id AB02591274 for ; Tue, 7 Dec 2004 07:18:36 -0500 (EST) Received: by segue.merit.edu (Postfix) id 9873C5845B; Tue, 7 Dec 2004 07:18:36 -0500 (EST) Delivered-To: aaa-wg@merit.edu Received: from p2.piuha.net (p2.piuha.net [131.160.192.2]) by segue.merit.edu (Postfix) with ESMTP id 5DCB45843A for ; Tue, 7 Dec 2004 07:18:36 -0500 (EST) Received: from kolumbus.fi (p2.piuha.net [131.160.192.2]) by p2.piuha.net (Postfix) with ESMTP id D947F89843; Tue, 7 Dec 2004 14:18:32 +0200 (EET) Message-ID: <41B59F0D.8070806@kolumbus.fi> Date: Tue, 07 Dec 2004 14:16:13 +0200 From: Jari Arkko User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7b) Gecko/20040316 X-Accept-Language: en-us, en MIME-Version: 1.0 To: john.loughney@nokia.com Cc: aaa-wg@merit.edu, "Scott G. Kelly" Subject: Re: [AAA-WG]: FW: IPSec use with Diameter (from the IPSEC WG list) References: <3CF661B1787ABF41A869BE20108F8D6D43231C@esebe056.ntc.nokia.com> In-Reply-To: <3CF661B1787ABF41A869BE20108F8D6D43231C@esebe056.ntc.nokia.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-aaa-wg@merit.edu Precedence: bulk Content-Transfer-Encoding: 7bit john.loughney@nokia.com wrote: > Have suggestions for an eratta entry? John, do you remember why we put it in this text? I have a vague memory that it had to do with a wish from the IESG that the limitations of IPsec usage across domains needs to be described. Was this so? Are all such limitations found to be non-existent? I think not, although the text in question might be in error. Is Scott's concern that specification-wise, everything is possible? I think the original concern had more to do with practical implementations and experience than what would theoretically be possible. Perhaps this is the part that should be clarified, whether the issue is with specs or with common implementations? Or is the issue simply no longer relevant at all? Or is it not relevant if you use RFC2401 and PAD? --Jari From owner-aaa-wg@merit.edu Tue Dec 7 10:33:17 2004 Received: from trapdoor.merit.edu (trapdoor.merit.edu [198.108.1.26]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA13871 for ; Tue, 7 Dec 2004 10:33:16 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id 790BA91275; Tue, 7 Dec 2004 10:31:29 -0500 (EST) Delivered-To: aaa-wg-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 4882A912E2; Tue, 7 Dec 2004 10:31:29 -0500 (EST) Delivered-To: aaa-wg@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 05EFF91275 for ; Tue, 7 Dec 2004 10:31:26 -0500 (EST) Received: by segue.merit.edu (Postfix) id 7FB0358455; Tue, 7 Dec 2004 10:31:26 -0500 (EST) Delivered-To: aaa-wg@merit.edu Received: from p2.piuha.net (p2.piuha.net [131.160.192.2]) by segue.merit.edu (Postfix) with ESMTP id BFE9F584E9 for ; Tue, 7 Dec 2004 10:31:25 -0500 (EST) Received: from kolumbus.fi (p2.piuha.net [131.160.192.2]) by p2.piuha.net (Postfix) with ESMTP id EE03D8989D; Tue, 7 Dec 2004 17:31:19 +0200 (EET) Message-ID: <41B5CC3C.3000403@kolumbus.fi> Date: Tue, 07 Dec 2004 17:29:00 +0200 From: Jari Arkko User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7b) Gecko/20040316 X-Accept-Language: en-us, en MIME-Version: 1.0 To: "Scott G. Kelly" Cc: john.loughney@nokia.com, aaa-wg@merit.edu Subject: Re: [AAA-WG]: FW: IPSec use with Diameter (from the IPSEC WG list) References: <3CF661B1787ABF41A869BE20108F8D6D43231C@esebe056.ntc.nokia.com> <41B59F0D.8070806@kolumbus.fi> <41B5BFBA.20705@hyperthought.com> In-Reply-To: <41B5BFBA.20705@hyperthought.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-aaa-wg@merit.edu Precedence: bulk Content-Transfer-Encoding: 7bit Scott G. Kelly wrote: > Personally, I don't care if you change > the text, add errata, or leave it alone. Being one with direct > implementation experience contradicting the text, I only meant to answer > the question that was posted. Right. Thanks for that... > It is true that no protocol bindings occur in phase 1, and this > complicates the task of using certs with granular (per-port) policies in > IPsec, but what this says is wrong. It *is* possible to use uniquely > configured root CAs for each application individually (assuming each > application has its own port). The PAD described in 2401bis makes this > more explicit, but it was allowed by 2401 and the IKE rfc family as well. I tend to agree. > I personally implemented a system with this capability, and took pains > to ensure that it was compliant with the various 24xx series IPsec RFCs. > I know for certain of at least one other implementation which provides > this capability, and I think there may be others. Granted, it is more > challenging to implement than, say, a more restrictive UI, and not many > paying customers actually need such functionality (although one is > apparently described in the rfc3588 text above). So, in the interest of > rapidly shipping product, many vendors probably don't support this. But > there is nothing in the spec which prevents one from doing so - it would > strictly be an implementation decision. Right. I also had an implementation that was able to do this. There's also a distinction between something that is allowed by a spec and something that is required by the spec. I think we all agree that these things can be done, but the question is to which extent implementations do, and whether implementations that don't do are non-compliant. My gut feeling is that prior to RFC 2401bis, there were no requirements which forced implementations to do this. (I'm not even sure if its mandatory in bis). (Also, there are aspects of "application granularity" that go beyond port numbers. You might want to connect to both A and B using the application but still disallow some operations for A that are allowed for B. This tends to be easier with TLS, although once again IPsec implementations could provide an API which helps in these decisions.) Anyway, my suggestion would be to send in a correction to the text, implying that the issue is more in what implementations choose to do and what they are minimally required to do rather than something which theoretically prevents this. Here's a suggestion: Note that IPsec implementations can be considerably less flexible than TLS when it comes to configuring root CAs. Since use of Port identifiers is prohibited within IKE Phase 1, not all IPsec implemenations may be able to uniquely configure trusted root CAs for each application individually; the same policy must be used for all applications. This implies, for example, that a root CA trusted for use with Diameter must also be trusted to protect SNMP. These restrictions can be awkward at best. Since TLS supports application-level granularity in certificate policy, TLS SHOULD be used to protect Diameter connections between administrative domains. IPSec is most appropriate for intra-domain usage when pre-shared keys are used as a security mechanism." --Jari From owner-aaa-wg@merit.edu Tue Dec 7 14:04:34 2004 Received: from trapdoor.merit.edu (trapdoor.merit.edu [198.108.1.26]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA06812 for ; Tue, 7 Dec 2004 14:04:34 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id D331A91276; Tue, 7 Dec 2004 14:04:29 -0500 (EST) Delivered-To: aaa-wg-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id A4B7D91277; Tue, 7 Dec 2004 14:04:29 -0500 (EST) Delivered-To: aaa-wg@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 92E1991276 for ; Tue, 7 Dec 2004 14:04:28 -0500 (EST) Received: by segue.merit.edu (Postfix) id 7E02C584C7; Tue, 7 Dec 2004 14:04:28 -0500 (EST) Delivered-To: aaa-wg@merit.edu Received: from p2.piuha.net (p2.piuha.net [131.160.192.2]) by segue.merit.edu (Postfix) with ESMTP id 063C658640 for ; Tue, 7 Dec 2004 14:04:28 -0500 (EST) Received: from kolumbus.fi (p2.piuha.net [131.160.192.2]) by p2.piuha.net (Postfix) with ESMTP id 549FB89881; Tue, 7 Dec 2004 21:04:20 +0200 (EET) Message-ID: <41B5FE29.5090009@kolumbus.fi> Date: Tue, 07 Dec 2004 21:02:01 +0200 From: Jari Arkko User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7b) Gecko/20040316 X-Accept-Language: en-us, en MIME-Version: 1.0 To: "Scott G. Kelly" Cc: john.loughney@nokia.com, aaa-wg@merit.edu Subject: Re: [AAA-WG]: FW: IPSec use with Diameter (from the IPSEC WG list) References: <3CF661B1787ABF41A869BE20108F8D6D43231C@esebe056.ntc.nokia.com> <41B59F0D.8070806@kolumbus.fi> <41B5BFBA.20705@hyperthought.com> <41B5CC3C.3000403@kolumbus.fi> <41B5D610.5040103@hyperthought.com> In-Reply-To: <41B5D610.5040103@hyperthought.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-aaa-wg@merit.edu Precedence: bulk Content-Transfer-Encoding: 7bit Scott G. Kelly wrote: > I didn't comment on it before, but the reference to pre-shared keys here > confuses me. In IKEv1, use of PSK's is even more restrictive than use of > certs. Since they must be identified by the IP of the peer, there can > only be one psk per peer pair (say *that* three times really fast). How > does that solve the cert problem described here? I'm not sure. The certificate usage issue may be orthogonal. I do know some people have worried about how long certificate chains (possibly needed on an interdomain case) pass through UDP and how well fragmentation is supported over various cases. --Jari From owner-aaa-wg@merit.edu Tue Dec 7 18:29:10 2004 Received: from trapdoor.merit.edu (trapdoor.merit.edu [198.108.1.26]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA14346 for ; Tue, 7 Dec 2004 18:29:10 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id 350B99127E; Tue, 7 Dec 2004 18:29:05 -0500 (EST) Delivered-To: aaa-wg-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 04982912E9; Tue, 7 Dec 2004 18:29:04 -0500 (EST) Delivered-To: aaa-wg@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id C23C59127E for ; Tue, 7 Dec 2004 18:29:03 -0500 (EST) Received: by segue.merit.edu (Postfix) id AE02A589A9; Tue, 7 Dec 2004 18:29:03 -0500 (EST) Delivered-To: aaa-wg@merit.edu Received: from hotmail.com (bay16-dav2.bay16.hotmail.com [65.54.186.182]) by segue.merit.edu (Postfix) with ESMTP id 5D622589C0 for ; Tue, 7 Dec 2004 18:29:03 -0500 (EST) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Tue, 7 Dec 2004 15:29:02 -0800 Message-ID: Received: from 67.68.57.119 by BAY16-DAV2.phx.gbl with DAV; Tue, 07 Dec 2004 23:28:25 +0000 X-Originating-IP: [67.68.57.119] X-Originating-Email: [isalekul@hotmail.com] X-Sender: isalekul@hotmail.com From: "Salekul Islam" To: Subject: [AAA-WG]: What stands for DIAMETER Date: Tue, 7 Dec 2004 18:28:15 -0400 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 X-OriginalArrivalTime: 07 Dec 2004 23:29:02.0256 (UTC) FILETIME=[88EB4300:01C4DCB4] Sender: owner-aaa-wg@merit.edu Precedence: bulk Content-Transfer-Encoding: 7bit Hi, I have a question, may be it sounds funny. What really stands for DIAMETER. I know that RADIUS is coming from Remote Authentication Dial-In User Services. Thanks, Salekul From owner-aaa-wg@merit.edu Tue Dec 7 19:10:58 2004 Received: from trapdoor.merit.edu (trapdoor.merit.edu [198.108.1.26]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA18441 for ; Tue, 7 Dec 2004 19:10:58 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id E0AEC912E8; Tue, 7 Dec 2004 19:10:53 -0500 (EST) Delivered-To: aaa-wg-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id B1E4D912E9; Tue, 7 Dec 2004 19:10:53 -0500 (EST) Delivered-To: aaa-wg@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id AE85E912E8 for ; Tue, 7 Dec 2004 19:10:52 -0500 (EST) Received: by segue.merit.edu (Postfix) id 93DAC58967; Tue, 7 Dec 2004 19:10:52 -0500 (EST) Delivered-To: aaa-wg@merit.edu Received: from ws6-5.us4.outblaze.com (ws6-5.us4.outblaze.com [205.158.62.152]) by segue.merit.edu (Postfix) with ESMTP id 4675458987 for ; Tue, 7 Dec 2004 19:10:52 -0500 (EST) Received: by ws6-5.us4.outblaze.com (Postfix, from userid 1001) id 47F334F452; Wed, 8 Dec 2004 00:10:51 +0000 (GMT) Content-Type: text/plain; charset="iso-8859-1" Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Received: from [216.162.240.129] by ws6-5.us4.outblaze.com with http for david@mitton.com; Tue, 07 Dec 2004 19:10:51 -0500 From: "David Mitton" To: aaa-wg@merit.edu Date: Tue, 07 Dec 2004 19:10:51 -0500 Subject: Re: [AAA-WG]: What stands for DIAMETER X-Originating-Ip: 216.162.240.129 X-Originating-Server: ws6-5.us4.outblaze.com Message-Id: <20041208001051.47F334F452@ws6-5.us4.outblaze.com> Sender: owner-aaa-wg@merit.edu Precedence: bulk Content-Transfer-Encoding: quoted-printable Diameter is not an acronym. It should not be spelled in all capitals. =46rom geometry, the diameter of a circle is twice the radius. Our next AAA protocol will be "Circumference", then "Sphere". Dave. http://www.circularnetworks.com ----- Original Message ----- From: "Salekul Islam" To: aaa-wg@merit.edu Subject: [AAA-WG]: What stands for DIAMETER Date: Tue, 7 Dec 2004 18:28:15 -0400 >=20 > Hi, >=20 > I have a question, may be it sounds funny. What really stands for DIAMETE= R. > I know that RADIUS is coming from Remote Authentication Dial-In User > Services. >=20 > Thanks, >=20 > Salekul From owner-aaa-wg@merit.edu Tue Dec 7 20:22:05 2004 Received: from trapdoor.merit.edu (trapdoor.merit.edu [198.108.1.26]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA25869 for ; Tue, 7 Dec 2004 20:22:05 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id E21CB912E7; Tue, 7 Dec 2004 20:21:58 -0500 (EST) Delivered-To: aaa-wg-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id B13C0912E9; Tue, 7 Dec 2004 20:21:58 -0500 (EST) Delivered-To: aaa-wg@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 958F4912E7 for ; Tue, 7 Dec 2004 20:21:57 -0500 (EST) Received: by segue.merit.edu (Postfix) id 5E9CF589F5; Tue, 7 Dec 2004 20:21:57 -0500 (EST) Delivered-To: aaa-wg@merit.edu Received: from sj-iport-5.cisco.com (sj-iport-5.cisco.com [171.68.10.87]) by segue.merit.edu (Postfix) with ESMTP id 08D2358956 for ; Tue, 7 Dec 2004 20:21:57 -0500 (EST) Received: from sj-core-3.cisco.com (171.68.223.137) by sj-iport-5.cisco.com with ESMTP; 07 Dec 2004 17:21:59 -0800 X-BrightmailFiltered: true X-Brightmail-Tracker: AAAAAA== Received: from gwzw2k01 (sjc-vpn1-11.cisco.com [10.21.96.11]) by sj-core-3.cisco.com (8.12.10/8.12.6) with ESMTP id iB81LsU8017020; Tue, 7 Dec 2004 17:21:54 -0800 (PST) Message-Id: <200412080121.iB81LsU8017020@sj-core-3.cisco.com> Reply-To: From: "Glen Zorn (gwz)" To: "'David Mitton'" , Subject: RE: [AAA-WG]: What stands for DIAMETER Date: Tue, 7 Dec 2004 17:21:53 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook, Build 11.0.5510 In-Reply-To: <20041208001051.47F334F452@ws6-5.us4.outblaze.com> X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4939.300 Thread-Index: AcTcunUbEMKld4pxSOKKvZUyA3CIAAACSKOw Sender: owner-aaa-wg@merit.edu Precedence: bulk Content-Transfer-Encoding: 7bit David Mitton <> supposedly scribbled: > Diameter is not an acronym. It should not be spelled in all capitals. > > From geometry, the diameter of a circle is twice the radius. > > Our next AAA protocol will be "Circumference", then "Sphere". That will add a whole 'nother dimension to things! > > Dave. > http://www.circularnetworks.com > > ----- Original Message ----- > From: "Salekul Islam" > To: aaa-wg@merit.edu > Subject: [AAA-WG]: What stands for DIAMETER > Date: Tue, 7 Dec 2004 18:28:15 -0400 > >> >> Hi, >> >> I have a question, may be it sounds funny. What really stands for >> DIAMETER. I know that RADIUS is coming from Remote Authentication >> Dial-In User Services. >> >> Thanks, >> >> Salekul Hope this helps, ~gwz Why is it that most of the world's problems can't be solved by simply listening to John Coltrane? -- Henry Gabriel From owner-aaa-wg@merit.edu Tue Dec 7 23:03:43 2004 Received: from trapdoor.merit.edu (trapdoor.merit.edu [198.108.1.26]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id XAA10368 for ; Tue, 7 Dec 2004 23:03:43 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id C6C739123B; Tue, 7 Dec 2004 23:02:47 -0500 (EST) Delivered-To: aaa-wg-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 1D6B591266; Tue, 7 Dec 2004 23:02:45 -0500 (EST) Delivered-To: aaa-wg@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id DAC459123B for ; Tue, 7 Dec 2004 23:02:44 -0500 (EST) Received: by segue.merit.edu (Postfix) id B9D7358447; Tue, 7 Dec 2004 23:02:44 -0500 (EST) Delivered-To: aaa-wg@merit.edu Received: from mgw-x4.nokia.com (mgw-x4.nokia.com [131.228.20.27]) by segue.merit.edu (Postfix) with ESMTP id B5BF858442 for ; Tue, 7 Dec 2004 23:02:43 -0500 (EST) Received: from esdks002.ntc.nokia.com (esdks002.ntc.nokia.com [172.21.138.121]) by mgw-x4.nokia.com (Switch-2.2.8/Switch-2.2.8) with ESMTP id iB842bS06519; Wed, 8 Dec 2004 06:02:37 +0200 (EET) X-Scanned: Wed, 8 Dec 2004 05:59:55 +0200 Nokia Message Protector V1.3.31 2004060815 - RELEASE Received: (from root@localhost) by esdks002.ntc.nokia.com (8.12.9/8.12.9) id iB83xtBC006595; Wed, 8 Dec 2004 05:59:55 +0200 Received: from mgw-int2.ntc.nokia.com (172.21.143.97) by esdks002.ntc.nokia.com 00szXpMC; Wed, 08 Dec 2004 05:59:54 EET Received: from esebh004.NOE.Nokia.com (esebh004.ntc.nokia.com [172.21.138.84]) by mgw-int2.ntc.nokia.com (Switch-2.2.8/Switch-2.2.8) with ESMTP id iB83xrS16413; Wed, 8 Dec 2004 05:59:53 +0200 (EET) Received: from esebe009.NOE.Nokia.com ([172.21.138.41]) by esebh004.NOE.Nokia.com with Microsoft SMTPSVC(5.0.2195.6881); Wed, 8 Dec 2004 05:58:13 +0200 Received: from esebe056.NOE.Nokia.com ([172.21.143.51]) by esebe009.NOE.Nokia.com with Microsoft SMTPSVC(5.0.2195.6881); Wed, 8 Dec 2004 05:58:12 +0200 X-MimeOLE: Produced By Microsoft Exchange V6.0.6603.0 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Subject: RE: [AAA-WG]: What stands for DIAMETER Date: Wed, 8 Dec 2004 05:58:12 +0200 Message-ID: <3CF661B1787ABF41A869BE20108F8D6D432329@esebe056.ntc.nokia.com> Thread-Topic: [AAA-WG]: What stands for DIAMETER Thread-Index: AcTctLK8TdIKTds9S9SiGoORIJIN7gAJVuwg From: To: , X-OriginalArrivalTime: 08 Dec 2004 03:58:12.0729 (UTC) FILETIME=[2359DE90:01C4DCDA] Sender: owner-aaa-wg@merit.edu Precedence: bulk Content-Transfer-Encoding: quoted-printable Hi Salekul, > I have a question, may be it sounds funny. What really stands for = DIAMETER. > I know that RADIUS is coming from Remote Authentication Dial-In User > Services. Diameter is not an acronym. Diameter =3D 2 * RADIUS ... John From owner-aaa-wg@merit.edu Wed Dec 8 02:36:06 2004 Received: from trapdoor.merit.edu (trapdoor.merit.edu [198.108.1.26]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id CAA26238 for ; Wed, 8 Dec 2004 02:36:05 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id 36C7491266; Wed, 8 Dec 2004 02:36:00 -0500 (EST) Delivered-To: aaa-wg-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 003DF91268; Wed, 8 Dec 2004 02:35:59 -0500 (EST) Delivered-To: aaa-wg@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id F2B3C91266 for ; Wed, 8 Dec 2004 02:35:58 -0500 (EST) Received: by segue.merit.edu (Postfix) id C13EB58449; Wed, 8 Dec 2004 02:35:58 -0500 (EST) Delivered-To: aaa-wg@merit.edu Received: from outbound.mailhop.org (outbound.mailhop.org [63.208.196.171]) by segue.merit.edu (Postfix) with ESMTP id 8754C58361 for ; Wed, 8 Dec 2004 02:35:58 -0500 (EST) Received: from c-67-182-139-247.client.comcast.net ([67.182.139.247] helo=internaut.com) by outbound.mailhop.org with esmtpa (Exim 4.42) id 1CbwMf-0005dE-It; Wed, 08 Dec 2004 02:35:57 -0500 Received: from localhost (aboba@localhost) by internaut.com (8.10.2/8.10.2) with ESMTP id iB87Zss23794; Tue, 7 Dec 2004 23:35:54 -0800 Date: Tue, 7 Dec 2004 23:35:54 -0800 (PST) From: Bernard Aboba To: Jari Arkko Cc: john.loughney@nokia.com, aaa-wg@merit.edu, "Scott G. Kelly" Subject: Re: [AAA-WG]: FW: IPSec use with Diameter (from the IPSEC WG list) In-Reply-To: <41B59F0D.8070806@kolumbus.fi> Message-ID: References: <3CF661B1787ABF41A869BE20108F8D6D43231C@esebe056.ntc.nokia.com> <41B59F0D.8070806@kolumbus.fi> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Mail-Handler: MailHop Outbound by DynDNS.org X-Originating-IP: 67.182.139.247 X-Report-Abuse-To: abuse@dyndns.org (see http://www.mailhop.org/outbound/abuse.html for abuse reporting information) X-MHO-User: aboba Sender: owner-aaa-wg@merit.edu Precedence: bulk > John, do you remember why we put it in this > text? I don't believe that the text is incorrect. While the IKEv1 initiator may know what port the phase I SA is intending to protect, the responder cannot know this because that information is not included in the IKEv1 phase 1 exchange. It doesn't matter how many phase 1 SAs are brought up between the two endpoints. The responder has no idea what the phase 1 SA is being brought up for, and so is unable to enforce different certificate policies based on the (undisclosed) application. In phase 2 the information is available, but by then it's too late. From owner-aaa-wg@merit.edu Wed Dec 8 02:40:46 2004 Received: from trapdoor.merit.edu (trapdoor.merit.edu [198.108.1.26]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id CAA26668 for ; Wed, 8 Dec 2004 02:40:46 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id AA53491268; Wed, 8 Dec 2004 02:40:39 -0500 (EST) Delivered-To: aaa-wg-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 71BB89127A; Wed, 8 Dec 2004 02:40:39 -0500 (EST) Delivered-To: aaa-wg@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 3530A91268 for ; Wed, 8 Dec 2004 02:40:38 -0500 (EST) Received: by segue.merit.edu (Postfix) id 1B45C5849B; Wed, 8 Dec 2004 02:40:38 -0500 (EST) Delivered-To: aaa-wg@merit.edu Received: from outbound.mailhop.org (outbound.mailhop.org [63.208.196.171]) by segue.merit.edu (Postfix) with ESMTP id D791B5846A for ; Wed, 8 Dec 2004 02:40:37 -0500 (EST) Received: from c-67-182-139-247.client.comcast.net ([67.182.139.247] helo=internaut.com) by outbound.mailhop.org with esmtpa (Exim 4.42) id 1CbwRB-0008Xv-Cs; Wed, 08 Dec 2004 02:40:37 -0500 Received: from localhost (aboba@localhost) by internaut.com (8.10.2/8.10.2) with ESMTP id iB87eRh24023; Tue, 7 Dec 2004 23:40:31 -0800 Date: Tue, 7 Dec 2004 23:40:27 -0800 (PST) From: Bernard Aboba To: Jari Arkko Cc: "Scott G. Kelly" , john.loughney@nokia.com, aaa-wg@merit.edu Subject: Re: [AAA-WG]: FW: IPSec use with Diameter (from the IPSEC WG list) In-Reply-To: <41B5CC3C.3000403@kolumbus.fi> Message-ID: References: <3CF661B1787ABF41A869BE20108F8D6D43231C@esebe056.ntc.nokia.com> <41B59F0D.8070806@kolumbus.fi> <41B5BFBA.20705@hyperthought.com> <41B5CC3C.3000403@kolumbus.fi> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Mail-Handler: MailHop Outbound by DynDNS.org X-Originating-IP: 67.182.139.247 X-Report-Abuse-To: abuse@dyndns.org (see http://www.mailhop.org/outbound/abuse.html for abuse reporting information) X-MHO-User: aboba Sender: owner-aaa-wg@merit.edu Precedence: bulk > It is true that no protocol bindings occur in phase 1, and this > complicates the task of using certs with granular (per-port) policies in > IPsec, but what this says is wrong. It *is* possible to use uniquely > configured root CAs for each application individually (assuming each > application has its own port). The PAD described in 2401bis makes this > more explicit, but it was allowed by 2401 and the IKE rfc family as well. Without a protocol binding in phase 1, there isn't a way for the responder to know what the SA is being brought up for. Therefore it has no way to tell the initiator what certs it will accept. It can give the initiator the union of all possible trust anchors, but then it once phase 2 completes, it is possible that the responder will learn that the initiator chose the wrong certificate. This isn't fixed in 2401bis, because it's an inherent problem with IKEv1. From owner-aaa-wg@merit.edu Wed Dec 8 02:43:59 2004 Received: from trapdoor.merit.edu (trapdoor.merit.edu [198.108.1.26]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id CAA26871 for ; Wed, 8 Dec 2004 02:43:59 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id 3B0C691281; Wed, 8 Dec 2004 02:43:53 -0500 (EST) Delivered-To: aaa-wg-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id C54819127F; Wed, 8 Dec 2004 02:43:51 -0500 (EST) Delivered-To: aaa-wg@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id C0D7A9127A for ; Wed, 8 Dec 2004 02:43:49 -0500 (EST) Received: by segue.merit.edu (Postfix) id AA90C584AD; Wed, 8 Dec 2004 02:43:49 -0500 (EST) Delivered-To: aaa-wg@merit.edu Received: from mgw-x4.nokia.com (mgw-x4.nokia.com [131.228.20.27]) by segue.merit.edu (Postfix) with ESMTP id 75FD4582BD for ; Wed, 8 Dec 2004 02:43:48 -0500 (EST) Received: from esdks002.ntc.nokia.com (esdks002.ntc.nokia.com [172.21.138.121]) by mgw-x4.nokia.com (Switch-2.2.8/Switch-2.2.8) with ESMTP id iB87hgS18389; Wed, 8 Dec 2004 09:43:43 +0200 (EET) X-Scanned: Wed, 8 Dec 2004 09:40:56 +0200 Nokia Message Protector V1.3.31 2004060815 - RELEASE Received: (from root@localhost) by esdks002.ntc.nokia.com (8.12.9/8.12.9) id iB87euFK008492; Wed, 8 Dec 2004 09:40:56 +0200 Received: from mgw-int2.ntc.nokia.com (172.21.143.97) by esdks002.ntc.nokia.com 00ohKfZ5; Wed, 08 Dec 2004 09:40:56 EET Received: from esebh004.NOE.Nokia.com (esebh004.ntc.nokia.com [172.21.138.84]) by mgw-int2.ntc.nokia.com (Switch-2.2.8/Switch-2.2.8) with ESMTP id iB87etS03110; Wed, 8 Dec 2004 09:40:55 +0200 (EET) Received: from esebe001.NOE.Nokia.com ([172.21.138.30]) by esebh004.NOE.Nokia.com with Microsoft SMTPSVC(5.0.2195.6881); Wed, 8 Dec 2004 09:40:54 +0200 Received: from esebe056.NOE.Nokia.com ([172.21.143.51]) by esebe001.NOE.Nokia.com with Microsoft SMTPSVC(5.0.2195.6881); Wed, 8 Dec 2004 09:40:53 +0200 X-MimeOLE: Produced By Microsoft Exchange V6.0.6603.0 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Subject: RE: [AAA-WG]: FW: IPSec use with Diameter (from the IPSEC WG list) Date: Wed, 8 Dec 2004 09:40:54 +0200 Message-ID: <3CF661B1787ABF41A869BE20108F8D6D43233A@esebe056.ntc.nokia.com> Thread-Topic: [AAA-WG]: FW: IPSec use with Diameter (from the IPSEC WG list) Thread-Index: AcTc+OehfCajv8TqRrGBUcdVP3eovAAAA2BQ From: To: , Cc: , X-OriginalArrivalTime: 08 Dec 2004 07:40:53.0946 (UTC) FILETIME=[3F41C9A0:01C4DCF9] Sender: owner-aaa-wg@merit.edu Precedence: bulk Content-Transfer-Encoding: quoted-printable Hi Jari & Bernard, > > John, do you remember why we put it in this > > text? This was written, by Bernard and: > I don't believe that the text is incorrect. >=20 > While the IKEv1 initiator may know what port the phase I SA is = intending > to protect, the responder cannot know this because that information is = not > included in the IKEv1 phase 1 exchange. It doesn't matter how many = phase > 1 SAs are brought up between the two endpoints. The responder has no = idea > what the phase 1 SA is being brought up for, and so is unable to = enforce > different certificate policies based on the (undisclosed) application. >=20 > In phase 2 the information is available, but by then it's too late. As I remember, this was the point of the text, so I also don't think = that the text is incorrect. John From owner-aaa-wg@merit.edu Wed Dec 8 06:19:54 2004 Received: from trapdoor.merit.edu (trapdoor.merit.edu [198.108.1.26]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA14209 for ; Wed, 8 Dec 2004 06:19:54 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id 8D58B91282; Wed, 8 Dec 2004 06:19:51 -0500 (EST) Delivered-To: aaa-wg-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 569A191285; Wed, 8 Dec 2004 06:19:51 -0500 (EST) Delivered-To: aaa-wg@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 349F791282 for ; Wed, 8 Dec 2004 06:19:50 -0500 (EST) Received: by segue.merit.edu (Postfix) id 09B81583AE; Wed, 8 Dec 2004 06:19:50 -0500 (EST) Delivered-To: aaa-wg@merit.edu Received: from p2.piuha.net (p2.piuha.net [131.160.192.2]) by segue.merit.edu (Postfix) with ESMTP id 750CE584C6 for ; Wed, 8 Dec 2004 06:19:49 -0500 (EST) Received: from kolumbus.fi (p2.piuha.net [131.160.192.2]) by p2.piuha.net (Postfix) with ESMTP id 6B4B88989D; Wed, 8 Dec 2004 13:19:15 +0200 (EET) Message-ID: <41B6E2A7.4020205@kolumbus.fi> Date: Wed, 08 Dec 2004 13:16:55 +0200 From: Jari Arkko User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7b) Gecko/20040316 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Bernard Aboba Cc: "Scott G. Kelly" , john.loughney@nokia.com, aaa-wg@merit.edu Subject: Re: [AAA-WG]: FW: IPSec use with Diameter (from the IPSEC WG list) References: <3CF661B1787ABF41A869BE20108F8D6D43231C@esebe056.ntc.nokia.com> <41B59F0D.8070806@kolumbus.fi> <41B5BFBA.20705@hyperthought.com> <41B5CC3C.3000403@kolumbus.fi> In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-aaa-wg@merit.edu Precedence: bulk Content-Transfer-Encoding: 7bit Bernard Aboba wrote: > Without a protocol binding in phase 1, there isn't a way for the responder > to know what the SA is being brought up for. Therefore it has no way to > tell the initiator what certs it will accept. It can give the initiator > the union of all possible trust anchors, but then it once phase 2 > completes, it is possible that the responder will learn that the initiator > chose the wrong certificate. This isn't fixed in 2401bis, because it's > an inherent problem with IKEv1. Theoretically, the initiator can be guided by configuration to choose the right certificate for the purpose that the phase 1 is being brought up for. This works as long as the responder is willing to accept any of the trust anchors. At the time phase 2 is being brought up, an authorization decision can determine whether the initiator did the right thing. But this is very brittle, does not involve any explicit communication over the protocols, and relies on correct configuration and knowledge about what the other side expects. As a result it may not be very easy, particularly in an inter-domain case. --Jari From owner-aaa-wg@merit.edu Wed Dec 8 06:20:13 2004 Received: from trapdoor.merit.edu (trapdoor.merit.edu [198.108.1.26]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA14263 for ; Wed, 8 Dec 2004 06:20:12 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id 023EB9127D; Wed, 8 Dec 2004 06:20:09 -0500 (EST) Delivered-To: aaa-wg-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id B40DF912A7; Wed, 8 Dec 2004 06:20:08 -0500 (EST) Delivered-To: aaa-wg@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id C56F59127D for ; Wed, 8 Dec 2004 06:20:06 -0500 (EST) Received: by segue.merit.edu (Postfix) id 86515584E6; Wed, 8 Dec 2004 06:20:04 -0500 (EST) Delivered-To: aaa-wg@merit.edu Received: from p2.piuha.net (p2.piuha.net [131.160.192.2]) by segue.merit.edu (Postfix) with ESMTP id D0C17584CF for ; Wed, 8 Dec 2004 06:20:03 -0500 (EST) Received: from kolumbus.fi (p2.piuha.net [131.160.192.2]) by p2.piuha.net (Postfix) with ESMTP id B4A56898A0; Wed, 8 Dec 2004 13:19:35 +0200 (EET) Message-ID: <41B6E2BB.6040905@kolumbus.fi> Date: Wed, 08 Dec 2004 13:17:15 +0200 From: Jari Arkko User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7b) Gecko/20040316 X-Accept-Language: en-us, en MIME-Version: 1.0 To: scott@hyperthought.com Cc: john.loughney@nokia.com, aboba@internaut.com, aaa-wg@merit.edu Subject: Re: [AAA-WG]: FW: IPSec use with Diameter (from the IPSEC WG list) References: <3CF661B1787ABF41A869BE20108F8D6D43233A@esebe056.ntc.nokia.com> In-Reply-To: <3CF661B1787ABF41A869BE20108F8D6D43233A@esebe056.ntc.nokia.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-aaa-wg@merit.edu Precedence: bulk Content-Transfer-Encoding: 7bit john.loughney@nokia.com wrote: > As I remember, this was the point of the text, so I also don't think that the > text is incorrect. Scott, do you have something to add to the comments from Bernard? Based on the information, do you still think the text should be corrected. If so, how? --Jari From owner-aaa-wg@merit.edu Wed Dec 8 08:35:08 2004 Received: from trapdoor.merit.edu (trapdoor.merit.edu [198.108.1.26]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA22496 for ; Wed, 8 Dec 2004 08:35:07 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id A732591220; Wed, 8 Dec 2004 08:35:03 -0500 (EST) Delivered-To: aaa-wg-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 76D38912A5; Wed, 8 Dec 2004 08:35:03 -0500 (EST) Delivered-To: aaa-wg@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 66D4991220 for ; Wed, 8 Dec 2004 08:35:02 -0500 (EST) Received: by segue.merit.edu (Postfix) id 4C5A358548; Wed, 8 Dec 2004 08:35:02 -0500 (EST) Delivered-To: aaa-wg@merit.edu Received: from outbound.mailhop.org (outbound.mailhop.org [63.208.196.171]) by segue.merit.edu (Postfix) with ESMTP id 245AE5841F for ; Wed, 8 Dec 2004 08:35:02 -0500 (EST) Received: from c-67-182-139-247.client.comcast.net ([67.182.139.247] helo=internaut.com) by outbound.mailhop.org with esmtpa (Exim 4.42) id 1Cc1y5-0008SP-Rx; Wed, 08 Dec 2004 08:34:57 -0500 Received: from localhost (aboba@localhost) by internaut.com (8.10.2/8.10.2) with ESMTP id iB8DYtF14192; Wed, 8 Dec 2004 05:34:56 -0800 Date: Wed, 8 Dec 2004 05:34:55 -0800 (PST) From: Bernard Aboba To: Jari Arkko Cc: "Scott G. Kelly" , john.loughney@nokia.com, aaa-wg@merit.edu Subject: Re: [AAA-WG]: FW: IPSec use with Diameter (from the IPSEC WG list) In-Reply-To: <41B6E2A7.4020205@kolumbus.fi> Message-ID: References: <3CF661B1787ABF41A869BE20108F8D6D43231C@esebe056.ntc.nokia.com> <41B59F0D.8070806@kolumbus.fi> <41B5BFBA.20705@hyperthought.com> <41B5CC3C.3000403@kolumbus.fi> <41B6E2A7.4020205@kolumbus.fi> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Mail-Handler: MailHop Outbound by DynDNS.org X-Originating-IP: 67.182.139.247 X-Report-Abuse-To: abuse@dyndns.org (see http://www.mailhop.org/outbound/abuse.html for abuse reporting information) X-MHO-User: aboba Sender: owner-aaa-wg@merit.edu Precedence: bulk > Theoretically, the initiator can be guided by configuration to choose > the right certificate for the purpose that the phase 1 is being brought > up for. This works as long as the responder is willing to accept any of > the trust anchors. At the time phase 2 is being brought up, an > authorization decision can determine whether the initiator did the > right thing. > > But this is very brittle, does not involve any explicit communication > over the protocols, and relies on correct configuration and knowledge > about what the other side expects. As a result it may not be very easy, > particularly in an inter-domain case. This was exactly the limitation that RFC 3588 is talking about. Note that it is possible that the certificates themselves may be different in important ways. And the Responder might itself require a different certificate. For example, a certificate for use of RADIUS over IPsec might be different between a RADIUS client and server. In that case the Responder doesn't even know if the certificate is valid for the intended usage, or which certificate it is to use itself, until Phase 2. From owner-aaa-wg@merit.edu Fri Dec 10 03:51:34 2004 Received: from trapdoor.merit.edu (trapdoor.merit.edu [198.108.1.26]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id DAA24404 for ; Fri, 10 Dec 2004 03:51:33 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id 69B4E91244; Fri, 10 Dec 2004 03:51:26 -0500 (EST) Delivered-To: aaa-wg-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 2F1D391246; Fri, 10 Dec 2004 03:51:26 -0500 (EST) Delivered-To: aaa-wg@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 08E8691244 for ; Fri, 10 Dec 2004 03:51:25 -0500 (EST) Received: by segue.merit.edu (Postfix) id D8D385854A; Fri, 10 Dec 2004 03:51:24 -0500 (EST) Delivered-To: aaa-wg@merit.edu Received: from eagle.ericsson.se (eagle.ericsson.se [193.180.251.53]) by segue.merit.edu (Postfix) with ESMTP id 1ADE958559 for ; Fri, 10 Dec 2004 03:51:24 -0500 (EST) Received: from esealmw143.al.sw.ericsson.se ([153.88.254.118]) by eagle.ericsson.se (8.12.10/8.12.10/WIREfire-1.8b) with ESMTP id iBA8pNO6003055 for ; Fri, 10 Dec 2004 09:51:23 +0100 Received: from esealnt611.al.sw.ericsson.se ([153.88.254.121]) by esealmw143.al.sw.ericsson.se with Microsoft SMTPSVC(6.0.3790.211); Fri, 10 Dec 2004 09:51:23 +0100 Received: from madrid.ericsson.se (ftpserver.es.eu.ericsson.se [159.107.24.41]) by esealnt611.al.sw.ericsson.se with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2657.72) id WHLV6B63; Fri, 10 Dec 2004 09:51:22 +0100 Received: from madrid.ericsson.se ([159.107.27.157]) by madrid.ericsson.se (8.12.11/8.12.11) with ESMTP id iBA8pL5q021106; Fri, 10 Dec 2004 09:51:21 +0100 (MET) Message-ID: <41B96388.206@madrid.ericsson.se> Date: Fri, 10 Dec 2004 09:51:20 +0100 X-Sybari-Trust: 0a7505fd a5e9b67f e22d96ec 00000139 From: MCarmen User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Miguel Garcia Cc: AAA mailing list , Mari Carmen belinchon , Miguel-Angel Pallares , "ext Carolina Canales (ML/EEM)" , Pete McCann , Rajaniemi Jaakko Matti , Tammi Kalle Tapani Subject: Re: [AAA-WG]: Diameter SIP app: issue 4 References: <41B2FD07.3060003@nokia.com> In-Reply-To: <41B2FD07.3060003@nokia.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 10 Dec 2004 08:51:23.0081 (UTC) FILETIME=[6CD81390:01C4DE95] Sender: owner-aaa-wg@merit.edu Precedence: bulk Content-Transfer-Encoding: 7bit Hi Miguel, What type of porfiles do you have in mind? br, MCarmen Miguel Garcia wrote: > Hi: > > I am trying to close open issues in the Diameter SIP application. As > part of the process, I would like to initiate a discussion on the list > of those issues for which I would like to get a sense of the > consensus. Therefore, you will see a few of these posts in the next > few days. > > Reminder: > > The list of open issues is stored at: > > http://danforsberg.info:8080/draft-ietf-aaa-diameter-sip/ > > Now, I would like to discuss open issue #4m which is fully described at: > http://danforsberg.info:8080/draft-ietf-aaa-diameter-sip/issue4 > > So please read it, try to understand it, and comment. My opinion is > also listed in the open issues tracker, which is, we should provide a > mechanism to indicate the type of user profile that the client or > server understand, otherwise there might be incompatibilities. But > certainly I don't like the IANA registration of this solution. > > Comments? > > /Miguel > From owner-aaa-wg@merit.edu Fri Dec 10 04:55:19 2004 Received: from trapdoor.merit.edu (trapdoor.merit.edu [198.108.1.26]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA28246 for ; Fri, 10 Dec 2004 04:55:19 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id 2BE7591246; Fri, 10 Dec 2004 04:55:13 -0500 (EST) Delivered-To: aaa-wg-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id F398C91249; Fri, 10 Dec 2004 04:55:12 -0500 (EST) Delivered-To: aaa-wg@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id D17D191246 for ; Fri, 10 Dec 2004 04:55:11 -0500 (EST) Received: by segue.merit.edu (Postfix) id B74F7585BA; Fri, 10 Dec 2004 04:55:11 -0500 (EST) Delivered-To: aaa-wg@merit.edu Received: from mgw-x3.nokia.com (mgw-x3.nokia.com [131.228.20.26]) by segue.merit.edu (Postfix) with ESMTP id E0D9658591 for ; Fri, 10 Dec 2004 04:55:10 -0500 (EST) Received: from esdks003.ntc.nokia.com (esdks003.ntc.nokia.com [172.21.138.158]) by mgw-x3.nokia.com (Switch-2.2.8/Switch-2.2.8) with ESMTP id iBA9t3j20553; Fri, 10 Dec 2004 11:55:04 +0200 (EET) X-Scanned: Fri, 10 Dec 2004 11:50:10 +0200 Nokia Message Protector V1.3.31 2004060815 - RELEASE Received: (from root@localhost) by esdks003.ntc.nokia.com (8.12.9/8.12.9) id iBA9oAN4013531; Fri, 10 Dec 2004 11:50:10 +0200 Received: from mgw-int2.ntc.nokia.com (172.21.143.97) by esdks003.ntc.nokia.com 00yqkhxI; Fri, 10 Dec 2004 11:50:09 EET Received: from esebh003.NOE.Nokia.com (esebh003.ntc.nokia.com [172.21.138.82]) by mgw-int2.ntc.nokia.com (Switch-2.2.8/Switch-2.2.8) with ESMTP id iBA9o4S26743; Fri, 10 Dec 2004 11:50:04 +0200 (EET) Received: from [172.21.35.181] ([172.21.35.181]) by esebh003.NOE.Nokia.com with Microsoft SMTPSVC(5.0.2195.6881); Fri, 10 Dec 2004 11:49:57 +0200 Message-ID: <41B97145.2020907@nokia.com> Date: Fri, 10 Dec 2004 11:49:57 +0200 From: Miguel Garcia User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.2) Gecko/20040804 Netscape/7.2 (ax) X-Accept-Language: en-us, en, es-es MIME-Version: 1.0 To: MCarmen Cc: AAA mailing list , Mari Carmen belinchon , Miguel-Angel Pallares , "ext Carolina Canales (ML/EEM)" , Pete McCann , "Rajaniemi Jaakko (Nokia-NET/Espoo)" , "Tammi Kalle (Nokia-NET/Tampere)" Subject: Re: [AAA-WG]: Diameter SIP app: issue 4 References: <41B2FD07.3060003@nokia.com> <41B96388.206@madrid.ericsson.se> In-Reply-To: <41B96388.206@madrid.ericsson.se> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 10 Dec 2004 09:49:57.0588 (UTC) FILETIME=[9BA74940:01C4DE9D] Sender: owner-aaa-wg@merit.edu Precedence: bulk Content-Transfer-Encoding: 7bit 3GPP has defined a profile, so that would be the first one. Others will come in the future, when people start using the Diameter SIP application. So far the assumption is that there is "THE" profile, and the contents are not discussed anywhere. But there is more than "THE" profile. - Miguel MCarmen wrote: > Hi Miguel, > > What type of porfiles do you have in mind? > br, > MCarmen > > Miguel Garcia wrote: > > >>Hi: >> >>I am trying to close open issues in the Diameter SIP application. As >>part of the process, I would like to initiate a discussion on the list >>of those issues for which I would like to get a sense of the >>consensus. Therefore, you will see a few of these posts in the next >>few days. >> >>Reminder: >> >>The list of open issues is stored at: >> >>http://danforsberg.info:8080/draft-ietf-aaa-diameter-sip/ >> >>Now, I would like to discuss open issue #4m which is fully described at: >>http://danforsberg.info:8080/draft-ietf-aaa-diameter-sip/issue4 >> >>So please read it, try to understand it, and comment. My opinion is >>also listed in the open issues tracker, which is, we should provide a >>mechanism to indicate the type of user profile that the client or >>server understand, otherwise there might be incompatibilities. But >>certainly I don't like the IANA registration of this solution. >> >>Comments? >> >>/Miguel >> > > -- Miguel A. Garcia tel:+358-50-4804586 Nokia Research Center Helsinki, Finland From owner-aaa-wg@merit.edu Fri Dec 10 06:29:07 2004 Received: from trapdoor.merit.edu (trapdoor.merit.edu [198.108.1.26]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA05476 for ; Fri, 10 Dec 2004 06:29:06 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id A37969124F; Fri, 10 Dec 2004 06:28:59 -0500 (EST) Delivered-To: aaa-wg-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 5494E91250; Fri, 10 Dec 2004 06:28:59 -0500 (EST) Delivered-To: aaa-wg@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 0DCE39124F for ; Fri, 10 Dec 2004 06:28:58 -0500 (EST) Received: by segue.merit.edu (Postfix) id ECF51585F4; Fri, 10 Dec 2004 06:28:57 -0500 (EST) Delivered-To: aaa-wg@merit.edu Received: from mgw-x2.nokia.com (mgw-x2.nokia.com [131.228.20.22]) by segue.merit.edu (Postfix) with ESMTP id 2ABAF585BD for ; Fri, 10 Dec 2004 06:28:57 -0500 (EST) Received: from esdks001.ntc.nokia.com (esdks001.ntc.nokia.com [172.21.138.120]) by mgw-x2.nokia.com (Switch-2.2.8/Switch-2.2.8) with ESMTP id iBABSnF21465; Fri, 10 Dec 2004 13:28:50 +0200 (EET) X-Scanned: Fri, 10 Dec 2004 13:23:56 +0200 Nokia Message Protector V1.3.31 2004060815 - RELEASE Received: (from root@localhost) by esdks001.ntc.nokia.com (8.12.9/8.12.9) id iBABNuPo002518; Fri, 10 Dec 2004 13:23:56 +0200 Received: from mgw-int1.ntc.nokia.com (172.21.143.96) by esdks001.ntc.nokia.com 004abOxv; Fri, 10 Dec 2004 13:23:53 EET Received: from esebh002.NOE.Nokia.com (esebh002.ntc.nokia.com [172.21.138.77]) by mgw-int1.ntc.nokia.com (Switch-2.2.8/Switch-2.2.8) with ESMTP id iBABJ8a01864; Fri, 10 Dec 2004 13:19:08 +0200 (EET) Received: from [172.21.35.181] ([172.21.35.181]) by esebh002.NOE.Nokia.com with Microsoft SMTPSVC(5.0.2195.6881); Fri, 10 Dec 2004 13:19:07 +0200 Message-ID: <41B9862B.2010605@nokia.com> Date: Fri, 10 Dec 2004 13:19:07 +0200 From: Miguel Garcia User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.2) Gecko/20040804 Netscape/7.2 (ax) X-Accept-Language: en-us, en, es-es MIME-Version: 1.0 To: maria.carmen.belinchon@ericsson.com Cc: AAA mailing list , "Miguel-Angel Pallares (ML/EEM)" , "Carolina Canales (ML/EEM)" , Pete McCann , "Rajaniemi Jaakko (Nokia-NET/Espoo)" , "Tammi Kalle (Nokia-NET/Tampere)" Subject: Re: [AAA-WG]: Diameter SIP app: issue 4 References: <1AB3D30B989BF141BBD5C70057B2EF7C0B5164AB@eestqnt105.es.eu.ericsson.se> In-Reply-To: <1AB3D30B989BF141BBD5C70057B2EF7C0B5164AB@eestqnt105.es.eu.ericsson.se> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 10 Dec 2004 11:19:07.0682 (UTC) FILETIME=[108ED820:01C4DEAA] Sender: owner-aaa-wg@merit.edu Precedence: bulk Content-Transfer-Encoding: 7bit Inline... maria.carmen.belinchon@ericsson.com wrote: > Hhhmmmm, why do the Diameter entities need to know what type of profile is being transported? The Diameter entities need not know about the actual profile, but the application that is making usage of the profile must know the format of this profile. > > Also, so far, in case of 3GPP, there is a different Application-Id, so the profile is implicitely identified. That is not the case in Diameter SIP application. There is a single Application ID that is able to transport any kind of user profile form the server to the client. A good protocol design rule is to add negotiation capabilities, so that you don't assume thet there is only one type of "thing" (profile in our case), but you assume that there are several types, and the client and the server have to agree on one type. I would like to adhere to this kind of design rule. - Miguel > > br, > MCarmen > > -----Original Message----- > From: Miguel Garcia [mailto:Miguel.An.Garcia@nokia.com] > Sent: viernes, 10 de diciembre de 2004 10:50 > To: MCarmen > Cc: AAA mailing list; Maria Carmen Belinchon (ML/EEM); Miguel-Angel > Pallares (ML/EEM); Carolina Canales (ML/EEM); Pete McCann; Rajaniemi > Jaakko (Nokia-NET/Espoo); Tammi Kalle (Nokia-NET/Tampere) > Subject: Re: [AAA-WG]: Diameter SIP app: issue 4 > > > 3GPP has defined a profile, so that would be the first one. > > Others will come in the future, when people start using the Diameter SIP > application. > > So far the assumption is that there is "THE" profile, and the contents > are not discussed anywhere. But there is more than "THE" profile. > > - Miguel > > MCarmen wrote: > > >>Hi Miguel, >> >> What type of porfiles do you have in mind? >>br, >>MCarmen >> >>Miguel Garcia wrote: >> >> >> >>>Hi: >>> >>>I am trying to close open issues in the Diameter SIP application. As >>>part of the process, I would like to initiate a discussion on the list >>>of those issues for which I would like to get a sense of the >>>consensus. Therefore, you will see a few of these posts in the next >>>few days. >>> >>>Reminder: >>> >>>The list of open issues is stored at: >>> >>>http://danforsberg.info:8080/draft-ietf-aaa-diameter-sip/ >>> >>>Now, I would like to discuss open issue #4m which is fully described at: >>>http://danforsberg.info:8080/draft-ietf-aaa-diameter-sip/issue4 >>> >>>So please read it, try to understand it, and comment. My opinion is >>>also listed in the open issues tracker, which is, we should provide a >>>mechanism to indicate the type of user profile that the client or >>>server understand, otherwise there might be incompatibilities. But >>>certainly I don't like the IANA registration of this solution. >>> >>>Comments? >>> >>>/Miguel >>> >> >> > -- Miguel A. Garcia tel:+358-50-4804586 Nokia Research Center Helsinki, Finland From owner-aaa-wg@merit.edu Sun Dec 12 08:23:01 2004 Received: from trapdoor.merit.edu (trapdoor.merit.edu [198.108.1.26]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA25796 for ; Sun, 12 Dec 2004 08:23:01 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id C7F109126E; Sun, 12 Dec 2004 08:22:54 -0500 (EST) Delivered-To: aaa-wg-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 977D791272; Sun, 12 Dec 2004 08:22:54 -0500 (EST) Delivered-To: aaa-wg@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 305619126E for ; Sun, 12 Dec 2004 08:22:53 -0500 (EST) Received: by segue.merit.edu (Postfix) id 05BC958AAF; Sun, 12 Dec 2004 08:22:53 -0500 (EST) Delivered-To: aaa-wg@merit.edu Received: from mgw-x1.nokia.com (mgw-x1.nokia.com [131.228.20.21]) by segue.merit.edu (Postfix) with ESMTP id 4291058AA1 for ; Sun, 12 Dec 2004 08:22:52 -0500 (EST) Received: from esdks004.ntc.nokia.com (esdks004.ntc.nokia.com [172.21.138.159]) by mgw-x1.nokia.com (Switch-2.2.8/Switch-2.2.8) with ESMTP id iBCDMiv00409; Sun, 12 Dec 2004 15:22:45 +0200 (EET) X-Scanned: Sun, 12 Dec 2004 15:19:59 +0200 Nokia Message Protector V1.3.31 2004060815 - RELEASE Received: (from root@localhost) by esdks004.ntc.nokia.com (8.12.9/8.12.9) id iBCDJxcd027634; Sun, 12 Dec 2004 15:19:59 +0200 Received: from mgw-int1.ntc.nokia.com (172.21.143.96) by esdks004.ntc.nokia.com 002V6SyG; Sun, 12 Dec 2004 15:19:58 EET Received: from esebh003.NOE.Nokia.com (esebh003.ntc.nokia.com [172.21.138.82]) by mgw-int1.ntc.nokia.com (Switch-2.2.8/Switch-2.2.8) with ESMTP id iBCDJqa03205; Sun, 12 Dec 2004 15:19:52 +0200 (EET) Received: from [172.21.35.181] ([172.21.35.181]) by esebh003.NOE.Nokia.com with Microsoft SMTPSVC(5.0.2195.6881); Sun, 12 Dec 2004 15:19:52 +0200 Message-ID: <41BC4577.3030002@nokia.com> Date: Sun, 12 Dec 2004 15:19:51 +0200 From: Miguel Garcia User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.2) Gecko/20040804 Netscape/7.2 (ax) X-Accept-Language: en-us, en, es-es MIME-Version: 1.0 To: Miguel Garcia Cc: maria.carmen.belinchon@ericsson.com, AAA mailing list , "Miguel-Angel Pallares (ML/EEM)" , "Carolina Canales (ML/EEM)" , Pete McCann , "Rajaniemi Jaakko (Nokia-NET/Espoo)" , "Tammi Kalle (Nokia-NET/Tampere)" Subject: Re: [AAA-WG]: Diameter SIP app: issue 4 References: <1AB3D30B989BF141BBD5C70057B2EF7C0B5164AB@eestqnt105.es.eu.ericsson.se> <41B9862B.2010605@nokia.com> In-Reply-To: <41B9862B.2010605@nokia.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 12 Dec 2004 13:19:52.0021 (UTC) FILETIME=[4358C050:01C4E04D] Sender: owner-aaa-wg@merit.edu Precedence: bulk Content-Transfer-Encoding: 7bit I have now included the "type of user profile selector" in the draft, and I have cloed issue 4. The summary of the changes are: This version of the draft provides support to identify the type of user data included in the SIP-User-Data AVP (this can contain a user profile). The following changes has been made: * Added a new SIP-Supported-User-Data-Type AVP. * The old SIP-User-Data AVP is now a grouped AVP that contains two AVPs: SIP-User-Data-Type and SIP-User-Data-Contents. * Added a new SIP-User-Data-Type AVP. * Added a new SIP-User-Data-Contents (that contains the profile). This is equivalent to the old SIP-User-Data AVP. * All the above AVPs are visible in SAR, SAA, and PPR commands. * The new SIP-User-Data and SIP-Supported-User-Data-Type allows repetition (a server could potential send more than one profile; a client can express support for more than one type of profile). A preliminary working copy version of the draft is available at: http://people.nokia.net/~miguel/drafts/pre/draft-ietf-aaa-diameter-sip-app-05.txt or in HTML: http://people.nokia.net/~miguel/drafts/pre/draft-ietf-aaa-diameter-sip-app-05.html A diff version with respect version -04 is also available: http://people.nokia.net/~miguel/drafts/pre/draft-ietf-aaa-diameter-sip-app-04-to-05.html I will submit version -05 sometime before December 18, and at that time I will consider the draft ready for IESG submission. It would be good if you folks can take a look at the working version I pointed above... If there are comments, I can easily introduce them before I submit the official version -05. Regards, Miguel Miguel Garcia wrote: > Inline... > > maria.carmen.belinchon@ericsson.com wrote: > >> Hhhmmmm, why do the Diameter entities need to know what type of >> profile is being transported? > > > The Diameter entities need not know about the actual profile, but the > application that is making usage of the profile must know the format of > this profile. > >> >> Also, so far, in case of 3GPP, there is a different Application-Id, so >> the profile is implicitely identified. > > > That is not the case in Diameter SIP application. There is a single > Application ID that is able to transport any kind of user profile form > the server to the client. > > A good protocol design rule is to add negotiation capabilities, so that > you don't assume thet there is only one type of "thing" (profile in our > case), but you assume that there are several types, and the client and > the server have to agree on one type. > > I would like to adhere to this kind of design rule. > > - Miguel > >> >> br, >> MCarmen >> >> -----Original Message----- >> From: Miguel Garcia [mailto:Miguel.An.Garcia@nokia.com] >> Sent: viernes, 10 de diciembre de 2004 10:50 >> To: MCarmen >> Cc: AAA mailing list; Maria Carmen Belinchon (ML/EEM); Miguel-Angel >> Pallares (ML/EEM); Carolina Canales (ML/EEM); Pete McCann; Rajaniemi >> Jaakko (Nokia-NET/Espoo); Tammi Kalle (Nokia-NET/Tampere) >> Subject: Re: [AAA-WG]: Diameter SIP app: issue 4 >> >> >> 3GPP has defined a profile, so that would be the first one. >> >> Others will come in the future, when people start using the Diameter >> SIP application. >> >> So far the assumption is that there is "THE" profile, and the contents >> are not discussed anywhere. But there is more than "THE" profile. >> >> - Miguel >> >> MCarmen wrote: >> >> >>> Hi Miguel, >>> >>> What type of porfiles do you have in mind? >>> br, >>> MCarmen >>> >>> Miguel Garcia wrote: >>> >>> >>> >>>> Hi: >>>> >>>> I am trying to close open issues in the Diameter SIP application. As >>>> part of the process, I would like to initiate a discussion on the >>>> list of those issues for which I would like to get a sense of the >>>> consensus. Therefore, you will see a few of these posts in the next >>>> few days. >>>> >>>> Reminder: >>>> >>>> The list of open issues is stored at: >>>> >>>> http://danforsberg.info:8080/draft-ietf-aaa-diameter-sip/ >>>> >>>> Now, I would like to discuss open issue #4m which is fully described >>>> at: >>>> http://danforsberg.info:8080/draft-ietf-aaa-diameter-sip/issue4 >>>> >>>> So please read it, try to understand it, and comment. My opinion is >>>> also listed in the open issues tracker, which is, we should provide >>>> a mechanism to indicate the type of user profile that the client or >>>> server understand, otherwise there might be incompatibilities. But >>>> certainly I don't like the IANA registration of this solution. >>>> >>>> Comments? >>>> >>>> /Miguel >>>> >>> >>> >> > -- Miguel A. Garcia tel:+358-50-4804586 Nokia Research Center Helsinki, Finland From owner-aaa-wg@merit.edu Mon Dec 13 03:19:22 2004 Received: from trapdoor.merit.edu (trapdoor.merit.edu [198.108.1.26]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id DAA09048 for ; Mon, 13 Dec 2004 03:19:21 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id 5A5A991207; Mon, 13 Dec 2004 03:19:14 -0500 (EST) Delivered-To: aaa-wg-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 05C069120D; Mon, 13 Dec 2004 03:19:13 -0500 (EST) Delivered-To: aaa-wg@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 5163C91207 for ; Mon, 13 Dec 2004 03:19:11 -0500 (EST) Received: by segue.merit.edu (Postfix) id CA00558ADB; Mon, 13 Dec 2004 03:19:11 -0500 (EST) Delivered-To: aaa-wg@merit.edu Received: from p130.piuha.net (unknown [193.234.218.130]) by segue.merit.edu (Postfix) with ESMTP id 3F39958A39 for ; Mon, 13 Dec 2004 03:19:11 -0500 (EST) Received: from kolumbus.fi (p130.piuha.net [193.234.218.130]) by p130.piuha.net (Postfix) with ESMTP id 94AA089892; Mon, 13 Dec 2004 10:19:09 +0200 (EET) Message-ID: <41BD5070.7000208@kolumbus.fi> Date: Mon, 13 Dec 2004 10:18:56 +0200 From: Jari Arkko User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7b) Gecko/20040316 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Miguel Garcia Cc: maria.carmen.belinchon@ericsson.com, AAA mailing list , "Miguel-Angel Pallares (ML/EEM)" , "Carolina Canales (ML/EEM)" , Pete McCann , "Rajaniemi Jaakko (Nokia-NET/Espoo)" , "Tammi Kalle (Nokia-NET/Tampere)" Subject: Re: [AAA-WG]: Diameter SIP app: issue 4 References: <1AB3D30B989BF141BBD5C70057B2EF7C0B5164AB@eestqnt105.es.eu.ericsson.se> <41B9862B.2010605@nokia.com> <41BC4577.3030002@nokia.com> In-Reply-To: <41BC4577.3030002@nokia.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-aaa-wg@merit.edu Precedence: bulk Content-Transfer-Encoding: 7bit Hi Miguel, > I have now included the "type of user profile selector" in the draft, > and I have cloed issue 4. > > The summary of the changes are: > > This version of the draft provides support to identify the type of > user data included in the SIP-User-Data AVP (this can contain a > user profile). The following changes has been made: > > * Added a new SIP-Supported-User-Data-Type AVP. > * The old SIP-User-Data AVP is now a grouped AVP that contains > two AVPs: SIP-User-Data-Type and SIP-User-Data-Contents. > * Added a new SIP-User-Data-Type AVP. > * Added a new SIP-User-Data-Contents (that contains the profile). > This is equivalent to the old SIP-User-Data AVP. > * All the above AVPs are visible in SAR, SAA, and PPR commands. > * The new SIP-User-Data and SIP-Supported-User-Data-Type allows > repetition (a server could potential send more than one > profile; a client can express support for more than one type of > profile). I read the changed parts, and the above resolution looks good. --Jari From notices@staffadministrator.com Mon Dec 13 18:27:06 2004 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA08328; Mon, 13 Dec 2004 18:27:06 -0500 (EST) Received: from host50.foretec.com ([65.246.255.50] helo=mx2.foretec.com) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1Cdzik-00061v-8w; Mon, 13 Dec 2004 18:35:19 -0500 Received: from [4.12.113.23] (helo=65.246.255.50) by mx2.foretec.com with smtp (Exim 4.24) id 1CdzaP-0000U7-6a; Mon, 13 Dec 2004 18:26:38 -0500 Received: from su.88aq.org [71.140.117.78] by 65.246.255.50 with SMTP; Tue, 14 Dec 2004 03:26:30 +0400 Message-ID: <0c-$-nj875$nla$y-9-63q0@jtfpmy.ys3> From: "Administrator" To: et-drafts@ietf.org Subject: ADV: Staff Announcement Date: Tue, 14 Dec 04 03:26:30 GMT X-Priority: 1 X-MSMail-Priority: High X-Mailer: Microsoft Outlook Express 5.00.2919.6700 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="BB093.BA_.B_" X-Spam-Score: 20.4 (++++++++++++++++++++) X-Spam-Flag: YES X-Scan-Signature: 944ecb6e61f753561f559a497458fb4f This is a multi-part message in MIME format. --BB093.BA_.B_ Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Attention All Nonprofit Organizations: Members and Staff You Must Respond By 5 P.M. Wednesday, December 15, 2004. Through a special arrangement, Avtech Direct is offering a limited allotment of BRAND NEW, top of-the-line, name-brand Notebook computers at more than 50% off MSRP to all Nonprofit Members and Staff who respond to this message before 5 P.M., Wednesday, December 15, 2004. All Notebooks are brand-new, packed in their original boxes, and come with a full manufacturer's warranty plus a 100% satisfaction guarantee. These professional grade Notebooks are lightweight and fully equipped with the Next Generation WiFi technology, making these the very best performing computers that money can buy. Avtech Computers is offering these feature rich, top performing Notebooks With the latest Wireless technology at an amazing price to all who call: : 1-800-795-8466 by 5 P.M. Wednesday, December 15, 2004 AT-1400S Ultra-Thin Notebook Series- The ultimate combination of innovative mobile features and practical value= * AMD 1400 Mobile CPU with PowerNow! for incredible power * 128 MB Super Fast DDR SDRAM at 400MHz (Upgradeable to 640 MB) * 20 GB ATA100 Hard Drive (Upgradeable to 30GB ATA100 Hard Drive) * DVD/CDRW Drive * Next Generation 802.11 b/g Wireless Technology for total WiFi freedo= m * 14.1 XGA TFT Ultra Sharp Liquid Display * Premium Sound and Video High Performance 3D Graphics * Enhanced Front Stereo Speakers * Total Connectivity 56K V.90 Performance Pro Fax Modem * Integrated High Performance Intel 10/100/1000 GIGA LAN Ethernet * TV-Out Port with S-Video and USB 2.0 Ports * Soft Touch Keyboard * Programmable Synaptics Touchpad Mouse * Internet and Network Ready * Extra Long Life Battery Pack * Full Range 160Watt AC Adapter * 1 Year parts and labor warranty * Priority Customer Service and Toll Free Technical Support * Latest Qualified Drivers Installed MSRP $1599 .......................................... Your Cost $797 The fast and powerful AT-2800 series Desktop features: * Intel 1.8Ghz Processor for amazing speed and performance * 128MB DDR RAM, -- Upgradeable to 1024 * 20 GB UDMA Hard Drive, -- Upgradeable to 80 GB * 52X CD-Rom Drive, -- Upgradeable to DVD/CDRW * Next Generation 2005 Technology * Premium video and sound -- For enhanced colors and graphics * Full Connectivity with Fax modem/Lan/USB 2.0 * Soft Touch Keyboard and scroll mouse * Internet Ready * Network Ready * 1 Year parts and labor warranty * Priority customer service and tech support MSRP $499 ........................................ Your Cost $257 How to qualify: 1. You must be a Member, Staff or Associate of a Nonprofit. 2. All desktop computers will be available on a first come first serve basis. 3. You must call 1-800-795-8466 by 5 P.M. Wednesday, December 15, 2004 and we will hold the computers you request on will call. 4. You are not obligated in any way. 5. 100% Satisfaction Guaranteed. Call Avtech Direct 1-800-795-8466 before 5 P.M. Wednesday, December 15, 2004 Visit our website at http://www.avtechcomputers.com If you wish to unsubscribe from this list, please go to http://www.avtechcomputers.com/announcements.asp Avtech Direct 22647 Ventura Blvd. Suite 374 Woodland Hills, CA 91364 --BB093.BA_.B_-- From owner-aaa-wg@merit.edu Tue Dec 14 07:27:40 2004 Received: from trapdoor.merit.edu (trapdoor.merit.edu [198.108.1.26]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA19300 for ; Tue, 14 Dec 2004 07:27:40 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id 81BF79122E; Tue, 14 Dec 2004 07:27:28 -0500 (EST) Delivered-To: aaa-wg-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 578D4912B9; Tue, 14 Dec 2004 07:27:28 -0500 (EST) Delivered-To: aaa-wg@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id A35A09122E for ; Tue, 14 Dec 2004 07:27:26 -0500 (EST) Received: by segue.merit.edu (Postfix) id 8F66558774; Tue, 14 Dec 2004 07:27:26 -0500 (EST) Delivered-To: aaa-wg@merit.edu Received: from mgw-x2.nokia.com (mgw-x2.nokia.com [131.228.20.22]) by segue.merit.edu (Postfix) with ESMTP id 8A1D95876F for ; Tue, 14 Dec 2004 07:27:25 -0500 (EST) Received: from esdks003.ntc.nokia.com (esdks003.ntc.nokia.com [172.21.138.158]) by mgw-x2.nokia.com (Switch-2.2.8/Switch-2.2.8) with ESMTP id iBECRNr26141 for ; Tue, 14 Dec 2004 14:27:24 +0200 (EET) X-Scanned: Tue, 14 Dec 2004 14:23:19 +0200 Nokia Message Protector V1.3.31 2004060815 - RELEASE Received: (from root@localhost) by esdks003.ntc.nokia.com (8.12.9/8.12.9) id iBECNJhm009352 for ; Tue, 14 Dec 2004 14:23:19 +0200 Received: from mgw-int1.ntc.nokia.com (172.21.143.96) by esdks003.ntc.nokia.com 00Xw1Ux0; Tue, 14 Dec 2004 14:23:18 EET Received: from esebh001.NOE.Nokia.com (esebh001.ntc.nokia.com [172.21.138.28]) by mgw-int1.ntc.nokia.com (Switch-2.2.8/Switch-2.2.8) with ESMTP id iBECNAD25264 for ; Tue, 14 Dec 2004 14:23:10 +0200 (EET) Received: from esebe018.NOE.Nokia.com ([172.21.138.57]) by esebh001.NOE.Nokia.com with Microsoft SMTPSVC(5.0.2195.6881); Tue, 14 Dec 2004 14:23:07 +0200 Received: from esebe054.NOE.Nokia.com ([172.21.143.44]) by esebe018.NOE.Nokia.com with Microsoft SMTPSVC(5.0.2195.6881); Tue, 14 Dec 2004 14:23:05 +0200 X-MimeOLE: Produced By Microsoft Exchange V6.0.6603.0 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Subject: [AAA-WG]: Issue: Error in Radius VSA to Diameter Vendor AVP conversion in NASREQ Date: Tue, 14 Dec 2004 14:23:04 +0200 Message-ID: <78577AECEB6226409F9F4BFB53FE183708F7F1@esebe054.ntc.nokia.com> Thread-Topic: Issue: Error in Radius VSA to Diameter Vendor AVP conversion in NASREQ Thread-Index: AcTh16lfOSYO4m+vSlmEHf0W5VZDIw== From: To: X-OriginalArrivalTime: 14 Dec 2004 12:23:05.0296 (UTC) FILETIME=[A99B4500:01C4E1D7] Sender: owner-aaa-wg@merit.edu Precedence: bulk Content-Transfer-Encoding: quoted-printable Issue TBD: Error in Radius VSA to Diameter Vendor AVP conversion in = NASREQ Submitter name: Mikko Aittola Submitter email address: mikko.aittola@nokia.com Date first submitted: 14.12.2004 Reference:=20 Document: nasreq Comment type: T Priority:=20 Section: 9.6.2 Rationale/Explanation of issue: According to Section 9.6.2. in NASREQ Diameter AVP length field includes padding. According to RFC 3588 AVP length field does not include padding. Text from NASREQ: > 9.6.2. Forwarding a RADIUS VSA to a Diameter Vendor AVP > > > The Diameter AVP will consist of the following fields; > Diameter Flags: V=3D1, M=3D0, P=3D0 > Diameter Vendor code =3D RADIUS VSA Vendor code > Diameter AVP code =3D RADIUS VSA Vendor type code > Diameter AVP length =3D length of AVP (header + data + padding) > Diameter Data =3D RADIUS VSA vendor data Requested change: Diameter AVP length =3D length of AVP (header + data) BR, Mikko From owner-aaa-wg@merit.edu Tue Dec 14 15:10:00 2004 Received: from trapdoor.merit.edu (trapdoor.merit.edu [198.108.1.26]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA12313 for ; Tue, 14 Dec 2004 15:10:00 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id 068A49123F; Tue, 14 Dec 2004 15:09:53 -0500 (EST) Delivered-To: aaa-wg-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id C43F491247; Tue, 14 Dec 2004 15:09:52 -0500 (EST) Delivered-To: aaa-wg@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id AE1579123F for ; Tue, 14 Dec 2004 15:09:51 -0500 (EST) Received: by segue.merit.edu (Postfix) id 9550059631; Tue, 14 Dec 2004 15:09:51 -0500 (EST) Delivered-To: aaa-wg@merit.edu Received: from ws6-3.us4.outblaze.com (ws6-3.us4.outblaze.com [205.158.62.199]) by segue.merit.edu (Postfix) with ESMTP id 4E464595B9 for ; Tue, 14 Dec 2004 15:09:51 -0500 (EST) Received: by ws6-3.us4.outblaze.com (Postfix, from userid 1001) id 9F1E02F91F; Tue, 14 Dec 2004 20:09:50 +0000 (GMT) Content-Type: text/plain; charset="iso-8859-1" Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Received: from [216.162.240.129] by ws6-3.us4.outblaze.com with http for david@mitton.com; Tue, 14 Dec 2004 15:09:50 -0500 From: "David Mitton" To: mikko.aittola@nokia.com, aaa-wg@merit.edu Date: Tue, 14 Dec 2004 15:09:50 -0500 Subject: Re: [AAA-WG]: Issue: Error in Radius VSA to Diameter Vendor AVP conversion in NASREQ X-Originating-Ip: 216.162.240.129 X-Originating-Server: ws6-3.us4.outblaze.com Message-Id: <20041214200950.9F1E02F91F@ws6-3.us4.outblaze.com> Sender: owner-aaa-wg@merit.edu Precedence: bulk Content-Transfer-Encoding: quoted-printable Yes, that was noted by Glen Zorn recently. I will fix it when it pops up on the RFC Editor's queue. Dave. ----- Original Message ----- From: mikko.aittola@nokia.com To: aaa-wg@merit.edu Subject: [AAA-WG]: Issue: Error in Radius VSA to Diameter Vendor AVP conver= sion in NASREQ Date: Tue, 14 Dec 2004 14:23:04 +0200 >=20 > Issue TBD: Error in Radius VSA to Diameter Vendor AVP conversion in NASREQ > Submitter name: Mikko Aittola > Submitter email address: mikko.aittola@nokia.com > Date first submitted: 14.12.2004 > Reference: > Document: nasreq > Comment type: T > Priority: > Section: 9.6.2 > Rationale/Explanation of issue: >=20 > According to Section 9.6.2. in NASREQ Diameter AVP length field includes > padding. According to RFC 3588 AVP length field does not include > padding. >=20 > Text from NASREQ: > > 9.6.2. Forwarding a RADIUS VSA to a Diameter Vendor AVP > > > > > > The Diameter AVP will consist of the following fields; > > Diameter Flags: V=3D1, M=3D0, P=3D0 > > Diameter Vendor code =3D RADIUS VSA Vendor code > > Diameter AVP code =3D RADIUS VSA Vendor type code > > Diameter AVP length =3D length of AVP (header + data + padding) > > Diameter Data =3D RADIUS VSA vendor data >=20 >=20 > Requested change: > Diameter AVP length =3D length of AVP (header + data) >=20 >=20 > BR, > Mikko From owner-aaa-wg@merit.edu Fri Dec 17 03:02:21 2004 Received: from trapdoor.merit.edu (trapdoor.merit.edu [198.108.1.26]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id DAA20948 for ; Fri, 17 Dec 2004 03:02:21 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id 0DF7491262; Fri, 17 Dec 2004 03:01:43 -0500 (EST) Delivered-To: aaa-wg-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id C789791263; Fri, 17 Dec 2004 03:01:42 -0500 (EST) Delivered-To: aaa-wg@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id B184291262 for ; Fri, 17 Dec 2004 03:01:41 -0500 (EST) Received: by segue.merit.edu (Postfix) id 5299F5886F; Fri, 17 Dec 2004 03:01:41 -0500 (EST) Delivered-To: aaa-wg@merit.edu Received: from mgw-x2.nokia.com (mgw-x2.nokia.com [131.228.20.22]) by segue.merit.edu (Postfix) with ESMTP id 93E2D5883B for ; Fri, 17 Dec 2004 03:01:34 -0500 (EST) Received: from esdks004.ntc.nokia.com (esdks004.ntc.nokia.com [172.21.138.159]) by mgw-x2.nokia.com (Switch-2.2.8/Switch-2.2.8) with ESMTP id iBH81Hr04910; Fri, 17 Dec 2004 10:01:18 +0200 (EET) X-Scanned: Fri, 17 Dec 2004 09:51:55 +0200 Nokia Message Protector V1.3.31 2004060815 - RELEASE Received: (from root@localhost) by esdks004.ntc.nokia.com (8.12.9/8.12.9) id iBH7ptlw031092; Fri, 17 Dec 2004 09:51:55 +0200 Received: from mgw-int1.ntc.nokia.com (172.21.143.96) by esdks004.ntc.nokia.com 00E6UYBD; Fri, 17 Dec 2004 09:51:35 EET Received: from esebh001.NOE.Nokia.com (esebh001.ntc.nokia.com [172.21.138.28]) by mgw-int1.ntc.nokia.com (Switch-2.2.8/Switch-2.2.8) with ESMTP id iBH7pRD08101; Fri, 17 Dec 2004 09:51:27 +0200 (EET) Received: from [172.21.94.120] ([172.21.94.120]) by esebh001.NOE.Nokia.com with Microsoft SMTPSVC(5.0.2195.6881); Fri, 17 Dec 2004 09:51:02 +0200 Message-ID: <41C28FE5.3000808@nokia.com> Date: Fri, 17 Dec 2004 09:51:01 +0200 From: Miguel Garcia User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.2) Gecko/20040804 Netscape/7.2 (ax) X-Accept-Language: en-us, en, es-es MIME-Version: 1.0 To: AAA mailing list Cc: AAA Chair , John Loughney , Mari Carmen belinchon , Miguel-Angel Pallares , "ext Carolina Canales (ML/EEM)" , Pete McCann , Rajaniemi Jaakko Matti , Tammi Kalle Tapani Subject: [AAA-WG]: Diameter SIP app -05 released Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 17 Dec 2004 07:51:02.0675 (UTC) FILETIME=[27CE3630:01C4E40D] Sender: owner-aaa-wg@merit.edu Precedence: bulk Content-Transfer-Encoding: 7bit Hi: I have just submitted version -05 of the Diameter SIP application. While I expect this document to be published shortly, you can download a copy from the following URL: http://people.nokia.net/~miguel/drafts/draft-ietf-aaa-diameter-sip-app-05.txt A diff version with respect -04 is also available at: http://people.nokia.net/~miguel/drafts/draft-ietf-aaa-diameter-sip-app-04-to-05.html Version -05 incorporates all the comments I have received so far, including the WGLC comments. To my knowledge the draft is now ready to be submitted to the IESG for IETF LC. Best regards, Miguel -- Miguel A. Garcia tel:+358-50-4804586 Nokia Research Center Helsinki, Finland From bulletin@staffadministrator.com Fri Dec 17 16:14:21 2004 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA08532; Fri, 17 Dec 2004 16:14:20 -0500 (EST) Received: from 179231105.rjo.virtua.com.br ([200.179.231.105]) by ietf-mx.ietf.org with smtp (Exim 4.33) id 1CfPZI-0004tl-8K; Fri, 17 Dec 2004 16:23:23 -0500 Received: from (HELO 2gr) [4.6.48.168] by 179231105.rjo.virtua.com.br SMTP id d0Culb5hAnpUYJ for <19042@ietf.org>; Fri, 17 Dec 2004 15:14:10 -0600 Message-ID: From: "Administrator" To: 19042@ietf.org Subject: ADV: Staff Announcement Date: Fri, 17 Dec 04 15:14:10 GMT X-Priority: 1 X-MSMail-Priority: High X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="B18.._EEE._BEC95578726_7" X-Spam-Score: 39.7 (+++++++++++++++++++++++++++++++++++++++) X-Spam-Flag: YES X-Scan-Signature: d8ae4fd88fcaf47c1a71c804d04f413d This is a multi-part message in MIME format. --B18.._EEE._BEC95578726_7 Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Attention All Nonprofit Organizations: Members and Staff. You Must Respond By 5 P.M. Tuesday, December 21, 2004. Through a special arrangement, Avtech Direct is offering a limited allotment of BRAND NEW, top of-the-line, name-brand desktop computers at more than 50% off MSRP to all Nonprofit Members and Staff, who respond to this message before 5 P.M., Tuesday, December 21, 2004. All desktop computers are brand-new packed in their original boxes, and come with a full manufacturer's warranty plus a 100% satisfaction guarantee. These professional grade Desktops are fully equipped with 2005 next generation technology, making these the best performing computers money can buy. Avtech Direct is offering these feature rich, top performing Desktops with the latest technology at an amazing price to all who call: 1-800-795-8466 by 5 P.M. Tuesday, December 21, 2004 The fast and powerful AT-2800 series Desktop features: * Intel 2.0Ghz Processor for amazing speed and performance * 128MB DDR RAM, -- Upgradeable to 1024 * 20 GB UDMA Hard Drive, -- Upgradeable to 80 GB * 52X CD-Rom Drive, -- Upgradeable to DVD/CDRW * Next Generation 2005 Technology * Premium video and sound -- For enhanced colors and graphics * Full Connectivity with Fax modem/Lan/USB 2.0 * Soft Touch Keyboard and scroll mouse * Internet Ready * Network Ready * 1 Year parts and labor warranty * Priority customer service and tech support MSRP $499 ........................................ Your Cost $257 How to qualify: 1. You must be a Member, Staff or Associate of a Nonprofit. 2. All desktop computers will be available on a first come first serve basis. 3. You must call 1-800-795-8466 by 5 P.M. Tuesday, December 21, 2004 and we will hold the desktops you request on will call. 4. You are not obligated in any way. 5. 100% Satisfaction Guaranteed. 6. Ask for Department C. Call Avtech Direct 1-800-795-8466 before 5 P.M. Tuesday, December 21, 2004 Visit our website at http://www.avtechcomputers.com If you wish to unsubscribe from this list, please go to http://www.avtechcomputers.com/announcements.asp Avtech Direct 22647 Ventura Blvd. Suite 374 Woodland Hills, CA 91364 --B18.._EEE._BEC95578726_7--