ietf
[Top] [All Lists]

Re: WG Review: Recharter of Diameter Maintenance and Extensions (dime)

2012-01-12 06:08:57

Stephen,

This topic raises its head every now and then when a Dime 
document arrives at IESG ;) Apart from that there has been
very little serious public discussion about it recently,
for some unknown reason to me. A detail worth pointing out
is that the support for the End-to-End security framework
(E2E-Sequence AVP and 'P'-bit in the AVP header) has been
deprecated in RFC3588bis (now in IESG). So we are "free"
to start from scratch. 

If there is enough serious energy and vision for pursuing
end-to-end security, I do not see current proposed charter
text prohibiting it:

"- Maintaining and/or progressing, along the standards track, the
   Diameter Base protocol and Diameter Applications. This includes
   extensions to Diameter Base protocol that can be considered as
   enhanced features or bug fixes."

I would argue the end-to-end security is an enhanced feature for
Diameter base protocol that fixes a serious bug/flaw in security.
On the other hand, if an explicit note is needed about this topic
in the charter, I might hesitate to include such in this round.
I would first like to see some concrete movement & work around
this topic.

- Jouni



On Jan 11, 2012, at 7:31 PM, Stephen Farrell wrote:


Hi,

During the IESG internal review of this I asked whether
or not there was interest in trying to tackle end to
end security for AVPs. I do know there is at least some
interest in that but its not clear there's enough to
warrant including it in the re-charter so I said I'd
ask when the recharter went out for review...

So - anyone interested in DIME solving that problem?
(And willing and able to help do the work of course.)

As of now, Diameter really only has hop-by-hop security
which is ok in many cases but far from ideal (wearing
my security hat) in some.

Thanks,
Stephen.

On 01/11/2012 04:37 PM, IESG Secretary wrote:
A modified charter has been submitted for the Diameter Maintenance and
Extensions (dime) working group in the Operations and Management Area of
the IETF.  The IESG has not made any determination as yet.  The modified
charter is provided below for informational purposes only.  Please send
your comments to the IESG mailing list (iesg(_at_)ietf(_dot_)org) by 
Wednesday,
January 18, 2012.

Diameter Maintenance and Extensions (dime)
-----------------------------------------
Current Status: Active

Last Modified: 2012-01-10

Chairs:
    Lionel Morand<lionel(_dot_)morand(_at_)orange-ftgroup(_dot_)com>
    Jouni Korhonen<jouni(_dot_)korhonen(_at_)nsn(_dot_)com>

Operations and Management Area Directors:
    Dan Romascanu<dromasca(_at_)avaya(_dot_)com>
    Ronald Bonica<rbonica(_at_)juniper(_dot_)net>

Operations and Management Area Advisor:
    Dan Romascanu<dromasca(_at_)avaya(_dot_)com>

Mailing Lists:
    General Discussion: dime(_at_)ietf(_dot_)org
    To Subscribe:       https://www.ietf.org/mailman/listinfo/dime
    Archive:
http://www.ietf.org/mail-archive/web/dime/current/maillist.html

Description of Working Group:

The Diameter Maintenance and Extensions WG will focus on maintenance and
extensions to the Diameter protocol required to enable its use for
authentication, authorization, accounting, charging in network access,
provisioning of configuration information within the network, and for
new AAA session management uses within the extensibility rules of the
Diameter base protocol.

The DIME working group plans to address the following items:

- Maintaining and/or progressing, along the standards track, the
Diameter Base protocol and Diameter Applications. This includes
extensions to Diameter Base protocol that can be considered as enhanced
features or bug fixes.

- Diameter application design guideline. This document will provide
guidelines for design of Diameter extensions. It will detail when to
consider reusing an existing application and when to develop a new
application.

- Protocol extensions for the management of Diameter entities. This work
focuses on the standardization of Management Information Bases (MIBs) to
configure Diameter entities (such as the Diameter Base protocol or
Diameter Credit Control nodes). The usage of other management protocols
for configuring Diameter entities may be future work within the group.

- Protocol extensions for bulk and grouped AAA session management. The
aim of this work is to study and standardize a solution for handling
groups of AAA sessions within the Diameter base protocol context. The
solution would define how to identify and handle grouped AAA sessions in
commands and operations.

Additionally, Diameter-based systems require interoperability in order
to work. The working group, along with the AD, will need to evaluate any
potential extensions and require verification that the proposed
extension is needed, and is within the extensibility rules of Diameter
and AAA scope. Coordination with other IETF working groups and other
SDOs (e.g. 3GPP) will be used to ensure this.

Goals and Milestones:

Done     - Submit the following two Diameter Mobility documents to the
           IESG for consideration as a Proposed Standards:* 'Diameter
           Mobile IPv6: Support for Home Agent to Diameter Server
           Interaction' * 'Diameter Mobile IPv6: Support for Network
           Access Server to Diameter Server Interaction'
Done     - Submit 'Diameter API' to the IESG for consideration as an
           Informational RFC
Done     - Submit 'Quality of Service Parameters for Usage with
           Diameter' to the IESG for consideration as a Proposed
           Standard.
Done     - Submit 'Diameter QoS Application' to the IESG for
           consideration as a Proposed Standard
Done     - Submit 'Diameter Support for EAP Re-authentication
           Protocol' as DIME working group item
Done     - Submit 'Diameter User-Name and Realm Based Request Routing
           Clarifications' as DIME working group item
Done     - Submit 'Diameter Proxy Mobile IPv6' as DIME working group
           item
Done     - Submit 'Quality of Service Attributes for Diameter' to the
           IESG for consideration as a Proposed Standard
Done     - Submit 'Diameter Proxy Mobile IPv6' to the IESG for
           consideration as a Proposed Standard
Done     - Submit 'Diameter User-Name and Realm Based Request Routing
           Clarifications' to the IESG for consideration as a Proposed
           Standard
Done     - Submit 'Diameter NAT Control Application' as DIME working
           group item
Done     - Submit 'Diameter Capabilities Update' as DIME working group
           item
Done     - Submit 'Diameter Credit Control Application MIB' to the
           IESG for consideration as an Informational RFC
Done     - Submit 'Diameter Base Protocol MIB' to the IESG for
           consideration as an Informational RFC
Done     - Submit 'Diameter Capabilities Update' to the IESG for
           consideration as a Proposed Standard
Done     - Submit 'Diameter Extended NAPTR' as DIME working group item
Done     - Submit 'Realm-Based Redirection In Diameter' as DIME
           working group item
Done     - Submit 'Diameter Support for Proxy Mobile IPv6 Localized
           Routing' as DIME working group item
Done     - Submit 'Diameter Attribute-Value Pairs for Cryptographic
           Key Transport' as DIME working group item
Done     - Submit 'Diameter Priority Attribute Value Pairs' as DIME
           working group item
Done     - Submit 'Diameter IKEv2 PSK' as DIME working group item
Done     - Submit Revision of 'Diameter Base Protocol' to the IESG for
           consideration as a Proposed Standard
Done     - Submit 'Diameter Attribute-Value Pairs for Cryptographic
           Key Transport' to the IESG for consideration as a Proposed
           Standard
Done     - Submit 'Diameter Priority Attribute Value Pairs' to the
           IESG for consideration as a Proposed Standard
Done     - Submit Revision of 'Diameter Network Access Server
           Application - RFC 4005bis' as DIME working group item
Done     - Submit 'Diameter NAT Control Application' to the IESG for
           consideration as a Proposed Standard
Done     - Submit 'Diameter IKEv2 PSK' to the IESG for consideration
           as a Proposed Standard
Done     - Submit 'Diameter Extended NAPTR' to the IESG for
           consideration as a Proposed Standard
Done     - Submit 'Diameter Support for Proxy Mobile IPv6 Localized
           Routing' to the IESG for consideration as a Proposed
Mar 2012 - Submit 'Realm-Based Redirection In Diameter' to the IESG
           for consideration as a Proposed Standard
Mar 2012 - Submit Revision of 'Diameter Network Access Server
           Application - RFC 4005bis' to the IESG for consideration as a
           Proposed Standard
May 2012 - Submit 'Diameter Application Design Guidelines' to the IESG
           for consideration as a BCP document Standard
Jul 2012 - Submit 'Diameter Support for EAP Re-authentication
           Protocol' to the IESG for consideration as a Proposed
           Standard
Aug 2012 - Submit a document on 'Protocol extension for bulk and group
           signaling' as a working group item
Aug 2013 - Submit a document on 'Protocol extension for bulk and group
           signaling' to the IESG for consideration as a Proposed
           Standard
_______________________________________________
IETF-Announce mailing list
IETF-Announce(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-announce

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf