IETF Logo Mail Archive

Re: [Dime] Fwd: New Version Notification for draft-korhonen-dime-mip6-feature-bits-01

jouni korhonen <jouni.nospam@gmail.com> Tue, 16 June 2009 10:55 UTC

Return-Path: <jouni.nospam@gmail.com>
X-Original-To: dime@core3.amsl.com
Delivered-To: dime@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 56A743A6ACB for <dime@core3.amsl.com>; Tue, 16 Jun 2009 03:55:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zAO0MWHPl9Ho for <dime@core3.amsl.com>; Tue, 16 Jun 2009 03:55:33 -0700 (PDT)
Received: from mail-fx0-f211.google.com (mail-fx0-f211.google.com [209.85.220.211]) by core3.amsl.com (Postfix) with ESMTP id DAE193A6862 for <dime@ietf.org>; Tue, 16 Jun 2009 03:55:32 -0700 (PDT)
Received: by fxm7 with SMTP id 7so534303fxm.37 for <dime@ietf.org>; Tue, 16 Jun 2009 03:53:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:cc:message-id:from:to :in-reply-to:content-type:content-transfer-encoding:mime-version :subject:date:references:x-mailer; bh=0HYSHkRJf9HoAgLMYtFBVVFfCN9SPB3Yij0Rj66Mdps=; b=DbTk3KG9FIRyV5qQTdl84y7QusYUDjQ1VxsRp0LR+XJppAQPRVIw8qgjgr1Jfqfyq9 o71d7uPUOi/DfH/6x7yUId6begX1V4S+Gehf2kt2RBVhm1uOF7Mapz3roLARa4dqgVVG A+arkbu9treb5Xafq8NF3RfWF4jrWGo+zN7uA=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=cc:message-id:from:to:in-reply-to:content-type :content-transfer-encoding:mime-version:subject:date:references :x-mailer; b=w6ov9tmXvEPX9wFvpEzmVfJxHE0U6KdzbJLzPGnH1J+5j/58EHQIfceCQUi+Pt19xw Zqm+Rf/shyhsbo68jEoJAYEjEIY/LOJV7fAr33k+XX3Yrobwu+V4Wqcp1GflDY3ByaJb +EkdNWJQdNRqwY4TXmAIun+GSExQadWtHOYUE=
Received: by 10.103.221.14 with SMTP id y14mr4367163muq.111.1245149629425; Tue, 16 Jun 2009 03:53:49 -0700 (PDT)
Received: from ?192.168.100.17? (MYDCCLI.gprs.sl-laajakaista.fi [85.77.238.152]) by mx.google.com with ESMTPS id e10sm1702541muf.44.2009.06.16.03.53.48 (version=TLSv1/SSLv3 cipher=RC4-MD5); Tue, 16 Jun 2009 03:53:49 -0700 (PDT)
Message-Id: <E929B09E-BBBF-4BFA-8794-563CBD353DD6@gmail.com>
From: jouni korhonen <jouni.nospam@gmail.com>
To: Vijay Devarapalli <dvijay@gmail.com>
In-Reply-To: <f1f4dcdc0906151739l3178805ai1fa1bd880b80ef45@mail.gmail.com>
Content-Type: text/plain; charset="US-ASCII"; format="flowed"; delsp="yes"
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v935.3)
Date: Tue, 16 Jun 2009 13:53:46 +0300
References: <20090610092653.601A33A6E07@core3.amsl.com> <1CE00542-32BF-4344-884C-CCDC763FA853@gmail.com> <f1f4dcdc0906101451p16fcb6d0lccd7445eef85c7f6@mail.gmail.com> <AA130C11-6BBC-4755-B2C0-0CE3CB12B8A5@gmail.com> <f1f4dcdc0906151739l3178805ai1fa1bd880b80ef45@mail.gmail.com>
X-Mailer: Apple Mail (2.935.3)
Cc: dime@ietf.org
Subject: Re: [Dime] Fwd: New Version Notification for draft-korhonen-dime-mip6-feature-bits-01
X-BeenThere: dime@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Diameter Maintanence and Extentions Working Group <dime.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dime>, <mailto:dime-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dime>
List-Post: <mailto:dime@ietf.org>
List-Help: <mailto:dime-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dime>, <mailto:dime-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Jun 2009 10:55:34 -0000

Hi Vijay ;)

On Jun 16, 2009, at 3:39 AM, Vijay Devarapalli wrote:

> Hi Jouni,
>
> On Wed, Jun 10, 2009 at 11:28 PM, jouni korhonen<jouni.nospam@gmail.com 
> > wrote:
>> Hi Vijay,
>>
>> On Jun 11, 2009, at 12:51 AM, Vijay Devarapalli wrote:
>>
>>> I have another question.
>>>
>>> Why does encrypting the payload traffic between the MN and the HA  
>>> need
>>> AAA authorization?
>>
>> IMHO payload traffic encryption is a potential place for a policy  
>> decision.
>> An operator may want to control it depending on the deployment and  
>> the
>> subscription in situations where the the same HA could be used for  
>> various
>> types of deployments. As you know e.g. certain SDOs purposely  
>> forbid the use
>> of payload encryption in their environment where as that might not  
>> make
>> sense in other type of deployment.
>
> Let me see if I understand this. Lets say the home operator (MSP) that
> provides the home agent does not want the mobile node to use payload
> encryption. Isn't this better enforced on the home agent itself? The
> home agent can refuse create CHILD SAs for payload protection.

The same HA may serve multiple providers and within a provider  
multiple services. Provisioning this information dynamically into a HA  
is not how I would like to see this managed. As a result of this  
policy decision the HA would refuse to CHILD SA creation for payload  
protection. There could also be a notification of this to the MN in a  
BA, but it is left out of this draft.


>
>
> In another case, lets say the client is roaming and is attached to
> some visited network and is accessing a home agent in the home
> network. I can understand the visited network wanting to prevent
> payload encryption. But how does this work if the home agent is
> talking to the AAA server in the home network? Does the AAA server,
> based on the fact that the client is coming from a specific visited
> network, the payload traffic should not be encrypted?

The challenge in the visited network case here is how the HA/AAA would  
even know that the MN is "roaming". There are ways of doing that  
though like analyzing CoAs (done today rather widely) or based on  
network access authentication (if available). In managed networks  
where "roaming" as a concept fits better, the policy decision would be  
based on roaming contracts and the subscription profile.

>
>
> Can you give me an example where this kind of control would help?


You roam into area where encryption is not seen as a good thing.. The  
AAA could turn this off for you if you forget or cannot change the  
setting yourself.

Jouni



>
>
> Vijay
>
>
>>
>> Jouni
>>
>>>
>>>
>>> Vijay
>>>
>>> On Wed, Jun 10, 2009 at 2:55 AM, jouni korhonen<jouni.nospam@gmail.com 
>>> >
>>> wrote:
>>>>
>>>> Hi all,
>>>>
>>>> I have updated the additional feature bits draft. I did remove  
>>>> some stuff
>>>> so
>>>> that the draft now only reserves MIP6-Feature-Vector flag bits and
>>>> nothing
>>>> more. I'll forward the draft soon to RFC editor so if anyone has
>>>> comments,
>>>> please be quick :)
>>>>
>>>> Cheers,
>>>>       Jouni
>>>>
>>>> Begin forwarded message:
>>>>
>>>>> From: IETF I-D Submission Tool <idsubmission@ietf.org>
>>>>> Date: June 10, 2009 12:26:53 PM GMT+03:00
>>>>> To: jouni.nospam@gmail.com
>>>>> Subject: New Version Notification for
>>>>>  draft-korhonen-dime-mip6-feature-bits-01
>>>>>
>>>>>
>>>>> A new version of I-D, draft-korhonen-dime-mip6-feature- 
>>>>> bits-01.txt has
>>>>> been successfuly submitted by Jouni Korhonen and posted to the  
>>>>> IETF
>>>>> repository.
>>>>>
>>>>> Filename:        draft-korhonen-dime-mip6-feature-bits
>>>>> Revision:        01
>>>>> Title:           Diameter MIP6 Feature Vector Additional Bit  
>>>>> Allocations
>>>>> Creation_date:   2009-06-10
>>>>> WG ID:           Independent Submission
>>>>> Number_of_pages: 5
>>>>>
>>>>> Abstract:
>>>>> During the Mobile IPv6 Split Scenario bootstrapping the Mobile  
>>>>> IPv6
>>>>> Home Agent and the Authentication, Authorization, and Accounting
>>>>> server may exchange a set of authorized mobility capabilities.   
>>>>> This
>>>>> document defines new mobility capability flags that are used to
>>>>> authorize per Mobile Node route optimization, Multiple Care-of
>>>>> Address and user plane traffic encryption support.  Furthermore,  
>>>>> this
>>>>> document also defines a capability flag of indicating whether the
>>>>> Home Agent is authorized to act as a stand alone Virtual Private
>>>>> Network gateway.
>>>>>
>>>>>
>>>>>
>>>>> The IETF Secretariat.
>>>>>
>>>>>
>>>>
>>>> _______________________________________________
>>>> DiME mailing list
>>>> DiME@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/dime
>>>>
>>
>>

v2.23.0 | Report a Bug | By Email