Protocol for carrying Authentication for Network Access (PANA) WG meeting minutes from IETF73 Meeting held on: THURSDAY, November 20, 2008 Chairs: Basavaraj Patil (basavaraj.patil at nokia.com) and Alper Yegin (alper.yegin at yegin.org) Meeting notes provided by: Alper Yegin and Victor Fajardo ----------------------------------------------------------------- 1. Document status: - State machine completed WG LC. Alper/Raj will review the document, and ask someone else as well. After one more revision we shall send it to IESG. - Pre-auth I-D is revised. The recommendation is to go to WG LC. - There is one new WG documet: PANA over DSL. It was accepted after a consensus call, and is now published as a WG document. It is in fairly reasonable state. Plan is to progress this I-D towards an Informational RFC. Another doc considered for WG document is pana-pemk. ----------------------------- 2. MIB, V. Fajardo I-D: draft-fajardo-pana-pana-mib-00 - Basic structure taken from opendiameter/pana. Created pana root. Broke it down to 3 parts. Everything is straight forward, common knowledge. Raj: let's get it reviewed by Glenn Keeni. It'd be good to get his feedback. Victor: do we proceed it as WG document? Raj: yes. ----------------------------- 3. State machine, V. Fajardo I-D: draft-ietf-pana-statemachine-07 Nothing much, just updated. Raj: WG LC completed. ----------------------------- 4. Pre-auth, R. Patil - Updated references only. Ready for WG LC now. - It needs some word smithing, editing. That's all. - Lionel: draft is still talking about PSR. - Raj: good catch. Will request Yoshi to revise the I-D. ---------------------------- 5. PANA over DSL, L. Morand I-D: draft-ietf-pana-panaoverdsl-00.txt - First version of the document as a wg document. - Added ipv6 example. - We had some text describing impacts on DSL entities. We needed for all the different use cases. Using ipv6 link-local address. - There is no issue for ipv6 case. - We have some discussion about unspecified ip address. - First one is paa discovery mechanism. - Call flows are based on broadcasting pci. - If you want to perform dhcpbased discpovery, you may use dhcp inform message. - It seems like use of unspecified ip address with dhcp inform is not allowed. - Second issue is related. Instead of using dhcp inform, we can use dhcpdiscover to trigger pana auth. We may have some pro problems though. There may be several dhcp discovers. You need to have some specific handling in BRAS. You may also have some interaction between dhcp process and pana process. - Alper: DHC WG discussing dhcpinform. Let's wait for their guidance. - On second issue. Alper does not have a preference. We can use dhcpdiscover and put some additional requirements on BRAS, like storing the last dhcpdiscover. it is up to other people to opine. - Get the doc reviewd by external people. - Raj: We'll try to find people to review this docment and give fedback.. ---------------------------------------- 6. pemk, a. yegin I-D: draft-ohba-pana-pemk-02 Document is spin-off from the original PANA base spec * Main subject: define a PANA client generating a master key (PaC-EP Master Key) * Use for lower layer chipering * Draft desribes how to derive key name, key scope, context and lifetime * Changes from 01 - key name definition - updated references * Next steps - accept this draft as a WG document - revise draft pana-ipsec to use PMEK as the IKE pre-shared key Raj : Put this question to the mailing list and see if this should be a WG document Lionel : We revise pana ipsec assuming the draft gets accepted Raj : pana ipsec is good to complete and seek volunteers. ---------------------------------------- 7. pana-ipsec I-D lionel: we have volnteered to revise pana-ipsec. we need to update it based on this draft. But pana-ipsec is left out of scope. Raj: given that we put lot of effort into this draft, we shall complete it. ---------------------------------------- 8. Next steps Update the state machine id Expect a review feedback from us. Lionel already identified an issue with pre-auth. We'll go ahead and do a LC on pemk draft. Are you still willing to work on ipsec id? Lionel: yes. Jari: I don't want you to be generating documents. Is everything on tha list important? Raj: ipsec is worthwile completing if we can find a volunteer. We are only progressing documents. we may not need to meet next ietf. State machine needs to progress. Also finish pre-auth. Jari: if the pemk does not require iana allocation, it can go ahead as individual submission. Raj: three docs are priority to complete. IPsec is not high priority. dsl is high priority. Raj: Two high priority, two not so high priority documents. Jari: DSL document will take a while. We shall not keep that alive too long either, it shall be submitted. Do those two, close the WG, submit the others if there is interest. Raj: There is also mib document. We'll need to get some mib expert to review it. Jari: We have ietf-mib doctors.