ietf
[Top] [All Lists]

PANA vs. RADIUS/Diameter (RE: The Emperor Has No Clothes: Is PANA actually useful?)

2006-05-26 18:41:58

Ever since PANA was first proposed, I did not understand why the IETF
accepted it as a work item, because it seemed to me that it was
duplicating existing capabilities (e.g., RADIUS, Diameter, etc.) and
thereby needlessly increasing complexity system-wide.

Sigh.... This is why some people think it creates complexity?

PANA has nothing to do with duplicating RADIUS and Diameter. The relation
between PANA and RADIUS/Diameter is clearly documented across multiple
documents of this WG. For example, the framework document said:

      The PAA consults an authentication server in order to verify the
      credentials and rights of a PaC.  If the authentication server
      resides on the same node as the PAA, an API is sufficient for this
      interaction.  When they are separated (a much more common case in
      public access networks), a protocol needs to run between the two.
      AAA protocols like RADIUS [RFC2865] and Diameter [RFC3588] are
      commonly used for this purpose.

We even illustrated this in the same document:


                                                 RADIUS/
                                                 Diameter/
           +-----+       PANA        +-----+     LDAP/ API    +-----+
           | PaC |<----------------->| PAA |<---------------->| AS  |
           +-----+                   +-----+                  +-----+
              ^                         ^
              |                         |
              |         +-----+         |
         IKE/ +-------->| EP  |<--------+ SNMP/ API
      4-way handshake   +-----+



And we even put this in an FAQ! http://www.panasec.org/docs/PANA-FAQ.txt for
those that don't want to read the documents.

What else should we do? Record a reading of the documents and mail it to
everyone?

These are impossible to miss when someone reads the documents.

As in this, and several other examples in the latest threads, the answers
are there -- when people are looking for answers.

Alper










By this discussion, I surmise that you have greater insights than I.
Hence this question to you:

"What 'bad thing' would happen should PANA not go forward?"

I suspect that this question has been answered many times. But could you
please answer it using simple concepts for the benefit of those of us
who aren't thinking deeply on a sleepy Friday evening? I am particularly
interested in whether you believe end users require PANA and, if so,
why? Thanks!

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf



_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf

<Prev in Thread] Current Thread [Next in Thread>