Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 DHCP Authentication Discussion INTAREA meeting, 70th IETF Vancouver, Canada Jari Arkko and Ralph Droms.

Published byAnne O’Neal’ Modified over 8 years ago

Similar presentations

Presentation on theme: "1 DHCP Authentication Discussion INTAREA meeting, 70th IETF Vancouver, Canada Jari Arkko and Ralph Droms."— Presentation transcript:

1 1 DHCP Authentication Discussion INTAREA meeting, 70th IETF Vancouver, Canada Jari Arkko and Ralph Droms

2 2 Outline Introduction and background DSL community needs & proposal (Ric) Summary of discussion and analysis Discussion

3 3 Introduction and Background Moving away from PPPoE in DSL But still keeping some of the business models and infrastructure DSL Forum liaison to IETF (Jul & Oct) A number of different potential approaches (802.1X, PANA, DHCP,...) Considering DHC recharter Other SDOs and extensions

4 4 The Desired Outcome of Discussion Present the proposal on the table Discuss the architectural and protocol implications Sense of the room on the direction: –Yes/No for doing DHCP work on this –Maybe also guidance on alternatives (if no) and details (if yes) Decisions on list

5 5 Content Issues to think about Requirements from an IETF perspective Way Forward

6 6 Issues to Think About (1/2) Moving away from PPPoE is good Freedom to carry your CPE device to a location of your choosing is good IETF specification of extensions in this space is good, as opposed to vendor specific solutions Multi-SDO coordination can be fun

7 7 Issues to Think About (2/2) Potential solutions –Layer 2 solutions (IEEE liaison) –IP layer network access control solutions (PANA) –Subscriber authentication in DHCP with either CHAP or EAP DHCP drafts are in very early stages –Need significant work –Not here to discuss details – focus on architectural impact of doing something in a particular way Solutions cannot be evaluated merely by their e2e behaviour –The architecture at the home site matters (CPE vs. hosts) –Ability of the network in between to deal with the required signalling (1X, PANA, DHCP) –Future developments matter (IPv6, other updates, etc.)

8 8 Challenges in DHCP Solutions (1/2) Securing the DHCP transaction vs. using DHCP for access control –Preventing configuration does not prevent access if manual configuration is possible –Access to link vs. beyond the link A DHCP-based solution does not work with hosts that employ stateless IPv6 Server vs. relay responding to messages

9 9 Challenges in DHCP Solutions (2/2) Retransmission responsibility on the client vs. server side CHAP vs. EAP A number of other issues from the list: –MTU issues, OFFER vs. ACK, key binding, session ids,...

10 10 Acceptable Solution Requirements MUST solve the detailed technical issues MUST NOT place requirements on hosts: –Requiring hosts to support DHCP AUTH –Requiring all IPv6 hosts to support DHCPv6 MUST handle both IPv4 and IPv6 MUST be able to deal with backwards compatibility issues & fit the state machine MUST accurately describe the limitations and applicability of the solution MUST conform to existing DHCP RFCs

11 11 Way Forward Discussion now Sense of the room on the direction: –Yes/No for doing DHCP work on this –Maybe also guidance on alternatives (if no) and details (if yes) Consensus call on the list If a DHCP-based approach is chosen, revise draft and recharter DHC WG to include this effort If not, we will ask DSL Forum to think about other solutions (such as 802.1X)

12 12 Background Material Slides

13 13 Current status and analysis DSLF liaison statements have been discussed on int-area mailing list: www1.ietf.org/mail-archive/web/int-area/current/ –Initial question: msg00957.html –Followup: msg01171.html –Followup: msg01215.html Discussion has not demonstrated rough consensus either to accept or to reject the DSLF liaison statement request to develop extensions to DHCP Some detailed reviews of the specific proposal –Arkko: msg01245.html –Aboba: msg01257.html

14 14 Liaison Statement 2 "At this time, we would like to make the IETF aware that during our most recent DSL Forum quarterly meeting, the Architecture and Transport Working Group agreed to seriously consider adopting a mechanism such as that proposed in draft-pruss- dhcp-auth-dsl-01.txt or draft-zhao-dhc-user- authentication-02. We understand that the authors of these specifications intend to produce a combined document soon. The DSL Forum formally requests that the IETF adopt this as a work item, and would appreciate being advised of progress as soon as possible.” Combined draft: draft-pruss-dhcp-auth-dsl-02.txt

15 15 Questions We Asked When the Liaison Was Received How do we feel about this [request]? Is this a good idea, considering the DSL architecture? How will it affect DHCP the protocol? How would you go about making DHCP extensions so that they work best for all possible environments and not just DSL? Is anyone already working on the combined draft promised above? Are there any other choices that we should recommend instead? I would like to hold the discussion on this [request] in [the int-area] list until we've determined that the DHCP protocol is the right tool for the job.

16 16 Other Draft-iab-ip-config by Aboba and Thaler Slides from Dave Thaler's DHC WG presentation in IETF-68 There is an IPR declaration on draft- pruss

Download ppt "1 DHCP Authentication Discussion INTAREA meeting, 70th IETF Vancouver, Canada Jari Arkko and Ralph Droms."

Similar presentations

Oct, 26 th, 2010 OGF 29, FVGA-WG: Firewall Virtualization for Grid Applications Firewall Virtualization for Grid Applications - Status update

Oct, 26 th, 2010 OGF 29, FVGA-WG: Firewall Virtualization for Grid Applications Firewall Virtualization for Grid Applications - Status update
Diameter Bulk Signaling draft-liebsch-dime-diameter-bulksig-00.txt M. Liebsch, G. Punz IETF81, Quebec Diameter Maintenance and Extensions (DIME) WG 28.

Diameter Bulk Signaling draft-liebsch-dime-diameter-bulksig-00.txt M. Liebsch, G. Punz IETF81, Quebec Diameter Maintenance and Extensions (DIME) WG 28.
Dynamic Allocation of Shared IPv4 Addresses draft-csf-dhc-dynamic-shared-v4allocation-00 Q. Sun, Y. Cui, I. Farrer, Y. Lee, Q. Sun, M. Boucadair IETF 89,

Dynamic Allocation of Shared IPv4 Addresses draft-csf-dhc-dynamic-shared-v4allocation-00 Q. Sun, Y. Cui, I. Farrer, Y. Lee, Q. Sun, M. Boucadair IETF 89,
Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made.

Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made.
IP over ETH over IEEE802.16 draft-riegel-16ng-ip-over-eth-over-80216-01 Max Riegel

IP over ETH over IEEE draft-riegel-16ng-ip-over-eth-over Max Riegel
COS 420 DAY 22. Agenda Assignment 4 Corrected 2 B’s Assignment 5 posted Chap 22-26 Due May 4 Final exam will be take home and handed out May 4 and Due.

COS 420 DAY 22. Agenda Assignment 4 Corrected 2 B’s Assignment 5 posted Chap Due May 4 Final exam will be take home and handed out May 4 and Due.
DHCP: Dual-Stack Issues draft-ietf-dhc-dual-stack-01 Tim Chown dhc WG, IETF 60, San Diego, August 2, 2004.

DHCP: Dual-Stack Issues draft-ietf-dhc-dual-stack-01 Tim Chown dhc WG, IETF 60, San Diego, August 2, 2004.
DNS zone suffix option for DHCPv6 (draft-yan-dhc-dhcpv6-opt-dnszone-01.txt) IETF 61 (Washington, DC) Yinglan Jiang Renxiang Yan

DNS zone suffix option for DHCPv6 (draft-yan-dhc-dhcpv6-opt-dnszone-01.txt) IETF 61 (Washington, DC) Yinglan Jiang Renxiang Yan
1 EAP Usage Issues Feb 05 Jari Arkko. 2 Typical EAP Usage PPP authentication Wireless LAN authentication –802.1x and 802.11i IKEv2 EAP authentication.

1 EAP Usage Issues Feb 05 Jari Arkko. 2 Typical EAP Usage PPP authentication Wireless LAN authentication –802.1x and i IKEv2 EAP authentication.
1 AutoconfBOF2.PPT / Aug-01-2005 / Singh,Perkins,Clausen IETF Not Confidential Ad hoc network autoconfiguration: definition and problem statement (draft-singh-autoconf-adp-00.txt)

1 AutoconfBOF2.PPT / Aug / Singh,Perkins,Clausen IETF Not Confidential Ad hoc network autoconfiguration: definition and problem statement (draft-singh-autoconf-adp-00.txt)
Using DHCPv6 for DNS Configuration in Hosts draft-ietf-droms-dnsconfig-dhcpv6-00.txt Ralph Droms.

Using DHCPv6 for DNS Configuration in Hosts draft-ietf-droms-dnsconfig-dhcpv6-00.txt Ralph Droms.
Submission November 2003 Dorothy Stanley (Agere Systems) IETF Liaison Report November 2003 Dorothy Stanley – Agere Systems IEEE 802.11 Liaison To/From.

Submission November 2003 Dorothy Stanley (Agere Systems) IETF Liaison Report November 2003 Dorothy Stanley – Agere Systems IEEE Liaison To/From.
DIME WG IETF 82 Dime WG Agenda & Status THURSDAY, November 17, 2011 Jouni Korhonen & Lionel Morand.

DIME WG IETF 82 Dime WG Agenda & Status THURSDAY, November 17, 2011 Jouni Korhonen & Lionel Morand.
Prefix Delegation Protocol Selection T.J. Kniveton MEXT Working Group IETF 70 - December ’07 - Vancouver.

Prefix Delegation Protocol Selection T.J. Kniveton MEXT Working Group IETF 70 - December ’07 - Vancouver.
IEEE 802.21 MEDIA INDEPENDENT HANDOVER DCN: 21-11-0053-00-0000 Title: IETF Liaison Report Date Submitted: March 17, 2011 Presented at IEEE 802.21 session.

IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: IETF Liaison Report Date Submitted: March 17, 2011 Presented at IEEE session.
Authentication Mechanism for Port Control Protocol (PCP) draft-wasserman-pcp-authentication-01.txt Margaret Wasserman Sam Hartman Painless Security Dacheng.

Authentication Mechanism for Port Control Protocol (PCP) draft-wasserman-pcp-authentication-01.txt Margaret Wasserman Sam Hartman Painless Security Dacheng.
IETF-71, Philadelphia PANA in DSL networks draft-morand-pana-panaoverdsl-01.txt Lionel Morand France Telecom Alper Yegin Samsung Yoshihiro Ohba Toshiba.

IETF-71, Philadelphia PANA in DSL networks draft-morand-pana-panaoverdsl-01.txt Lionel Morand France Telecom Alper Yegin Samsung Yoshihiro Ohba Toshiba.
DHC WG IETF 55, 11/18/2002. 11/18/2002IETF 552 Agenda Administrivia, agenda bashingRalph Droms Use of IPsec for Securing DHCPv4 Messages Exchanged Between.

DHC WG IETF 55, 11/18/ /18/2002IETF 552 Agenda Administrivia, agenda bashingRalph Droms Use of IPsec for Securing DHCPv4 Messages Exchanged Between.
ARMD – Next Steps Next Steps. Why a WG There is a problem People want to work to solve the problem Scope of problem is defined Work items are defined.

ARMD – Next Steps Next Steps. Why a WG There is a problem People want to work to solve the problem Scope of problem is defined Work items are defined.
EAP Extensions for EAP Re- authentication Protocol (ERP) draft-wu-hokey-rfc5296bis-01 Yang Shi Qin Wu Zhen Cao

EAP Extensions for EAP Re- authentication Protocol (ERP) draft-wu-hokey-rfc5296bis-01 Yang Shi Qin Wu Zhen Cao

Similar presentations

Ads by Google