Noel Chiappa opened the Point-to-Point Protocol Extensions meeting and
then handed it over to Brian Lloyd, the new Working Group Chair.
There was an early observation that no router vendors (other than
Telebit) appeared to be present. This curtailed discussion of
synchronous PPP. Most of the discussion that followed tended to address
the needs/desires of the asynchronous PPP community.
The current list of documents was discussed. Here is the list of
current documents:
RFC 1171 RFC 1172
o LCP draft Simpson
o IPCP draft McGregor
o Appletalk Parken - hold waiting for Appletalk wg
o ISO/CLNP Katz/Simpson - no interest yet?
o DECnet 4 Senum - not much said
o SNAP B? - no interest
o LLC Harvey - no interest
o Bridging Baker - already an RFC
o 32 bit FCS Harvey - general approval - no known implementations
o Authentication Lloyd/Simpson - most discussion here
o MIB Kastenholz - no implementations
Consensus indicated that the lcp and ipcp draft documents (these will
supercede RFC 1171 and 1172 respectively) should proceed to the next
level since there are numerous interoperable implementations. Bill
Simpson will make very minor changes to his document and republish it.
None of the other documents were deemed ready to progress to the next
level because of either a) lack of further interest, or b) no
implementations.
Consensus also indicated a need for a catalog document to keep track of
all the PPP related documents. Brian Lloyd is working on that.
Discussion was heavy on the new Lloyd/Simpson authentication protocol
document that describes the Password Authentication Protocol (PAP) and
the Challenge Handshake Authentication Protocol (CHAP). There was a
discussion of where authentication should go. It was decided that
link-level authentication in the Link Control Protocol (LCP) is
acceptable so long as additional authentication may be used within the
Upper Layer Protocols (ULPs -- NCP or higher).
1
Strong discussion indicated a need for a mechanism to allow a called PPP
system to indicate to its peer that it wishes to close the link and
dial-back for purposes of authentication. This information was referred
back to Simpson and Lloyd to research and add to the authentication
document.
It was decided that the proper digest algorithm for CHAP should be MD5.
As a result it was decided that references to MD2 and MD4 should be
removed from the document.
James Galvin representing the Security Area Advisory Group (SAAG)
Working Group strongly recommended adding a section on distribution of
the ``secret'' used in CHAP.
More information is needed in the authentication document about bit and
octet ordering and character sets used (in the case of legible passwords
and secrets).
More detail is needed about the PAP message reply.
CHAP needs a mechanism (besides dropping the link) to indicate that the
authentication has succeeded or failed. This is because some system
will require the user to enter the secret value in real time so there
may be errors and hence retries.
The size of the secret value was increased from 64 to 128 bits.
The challenge needs to be non-repeating. The document needs to discuss
methods of generating good challenges.
The document should also remove all references to encryption.
The last item of the day was to generate a list of recommended PPP
options to go into the router requirements document. The final list of
suggested options for sync implementations:
o Support for the Link Quality Monitoring (LQM) option.
o Support for the magic number (loopback detection) option.
o No address/control field compression.
o No protocol field compression.
For Async Implementations:
o Do address/control field compression.
o Do protocol field compression.
