Hi all,

I have four comments about the draft. I put them at the bottom of
this mail. Please see them.

Best,
Yasuyuki Tanaka

---------------------------------------------------------------------

(1) Page 4, Paragraph 1
It would be helpful to add text about the source port number and the
destination port number of the PCI as below.

[edited]
  Step 1: The PaC initiates PANA by sending a broadcasted PCI carrying
  a Token AVP that contains a random value generated by the PaC.

! The source IPv4 address of the PCI is set to 0.0.0.0. The source
! port number is chosen by the PaC. The destination IPv4 address is
! set to 255.255.255.255. The destination port number is the PANA port
! number (716).

[original]
  Step 1: The PaC initiates PANA by sending a broadcasted PCI carrying
  a Token AVP that contains a random value generated by the PaC.

  The source IPv4 address of the PCI is set to 0.0.0.0.  The
  destination IPv4 address is set to 255.255.255.255.

---------------------------------------------------------------------

(2) Figure 1, Page 4

If the PAA want to initiate re-authentication, PAA have to know PaC's
IPv4 address which is configured by DHCP.

It would be better that Figure 1 has messages related to "PaC Updating
Its IP Address" described in Section 5.6, RFC 5191.

[Section 5.6. in RFC 5191]
  After the PaC has changed its IP address used for PANA, it MUST send
  any valid PANA message.  If the message that carries the new PaC IP
  address in the Source Address field of the IP header is valid, the
  PAA MUST update the PANA session with the new PaC address.  If there
  is an established PANA SA, the message MUST be protected with an
  AUTH AVP.
---------------------------------------------------------------------

(3) Page 6, Paragraph 3

I have no idea which PAR should have 'I' bit. Every PAR sent by
PAA should have 'I' bit? Or, only a PAR with 'C' bit should have
'I' bit? (I think the latter is preferable.)

I've referred to RFC 5191, but I've not found the answer.

[original]
  The PAA SHALL set the 'I' (IP Reconfiguration) bit of PAR messages
  in authentication and authorization phase so that the PaC proceeds
  to IP address configuration.

---------------------------------------------------------------------

(4) Page 6, Paragraph 7
I don't think that the description about the size of the largest PANA
is correct. This is because the initial PAR could have multiple
Integrity-Algorithm AVPs and PRF-Algorithm AVPs. This specification is
described in Section 4.1, RFC 5191.

[Section 4.1. in RFC 5191]
   the PAA sends the initial PANA-Auth-Request carrying one or more
   PRF-Algorithm AVPs and one or more Integrity-Algorithm AVPs for the
   PRF and integrity algorithms supported by it, respectively.

In my understanding, it is sufficient to consider a PANA Message which
has only one EAP-Payload AVP for "Message Size Considerations". In
other words, the minimum PANA MTU size is equivalent to the size of a
PANA message which has only one EAP-Payload AVP.

---------------------------------------------------------------------


_______________________________________________
Pana mailing list
Pana@ietf.org
https://www.ietf.org/mailman/listinfo/pana

Reply via email to