[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Meeting's minutes

To: <ietf-ipsra@xxxxxxxx>
Subject: Meeting's minutes
From: "Sara Bitan" <sarab@xxxxxxxxxxxxxxxxx>
Date: Tue, 14 Aug 2001 20:33:14 +0200
List-archive: <http://www.vpnc.org/ietf-ipsra/mail-archive/>
List-id: <ietf-ipsra.vpnc.org>
List-unsubscribe: <mailto:ietf-ipsra-request@vpnc.org?body=unsubscribe>
Sender: owner-ietf-ipsra@xxxxxxxxxxxxx

IPSRA Meeting minutes
---------------------
Meeting date : 7-Aug-2001
Meeting led by Paul Hoffman.

Paul opened the meeting, the whole session will devoted to PIC discussion.

Marcus gave a short clarification on the IKE position statement : PIC is not
excluded,
but should be run on a port other than 500, and PIC  implementations should
not share code
with IKE implementations on the same box.


Hugo gave a presentation of PIC.
Questions:
William Dixon (MS): Is PIC going to support Tero's revised hash?
Hugo: The problem that the revised hash is solving doesn't appear in PIC
William: Stateless DOS prevention - since there is no DH computation in the
first two message
Hugo: We don't plan - DOS protection was not part of the requirement.
William: Will you include certificate request? The problem is that is might
create UDP fragmentation, which from our experience caused problems in IKE
implementation: Try to avoid fragmentation. The certificate request
shouldn't be long, but the PKCS#12 might include long certificate chain.
William : Proposal - add wording saying that messages are not longer than
1500 bytes.If you can avoid fragmentation - than avoid it.
William: What about CMC  support?
Hugo: No

Scott (Cisco): Another server increases complexity of the network and
architecture
Hugo: A separate AS is optional.
Scott: That is an RA or an embedded CA
Hugo: This architecture is actually the only one possible within the
boundaries of the charter
Scott: Shouldn't this protocol moved to PKIX since it is an enrollment
protocol
Hugo : Enrolment  protocols are over functional in some aspects, and under
functional in other aspects
for PIC, and they are to complex for the purpose.

Andrew (Alcatel): Lesson from IKE : don't allow arbitrary payloads and
arbitrary lengths


Question: have you implemented PIC. What are the CPU requirements of PIC
Hugo: No. There are some performance issues. But human authentication should
be rare.


Q: So this is a simplified CA, with CA authentication being EAP
Hugo: Right.

End of PIC discussion, beginning of general discussion.

Marcus : who has implemented DHCP draft ?
Scott (RedCreek): RedCreek + I know there one another implementation - but
don't remember whose.

Moving forward:

Six weeks working group last call - till the end September.
If we have significant remarks - period will stretch,
After that - IETF last call.

We don't need two implementation to move proposed draft.

We might not have to meet in Salt lake city

Follow-Ups:
- Re: Meeting's minutes
  - From: Scott G. Kelly
- Re: Meeting's minutes
  - From: Dan Harkins

Prev by Date: Re: Position statement on IKE development
Next by Date: Re: Meeting's minutes
Previous by thread: Another paper analyzing IKE
Next by thread: Re: Meeting's minutes
Index(es):
- Date
- Thread