IETF Logo Mail Archive

[IPsec] Review of draft-gundavelli-ipsecme-3gpp-ims-options-02

Ivo Sedlacek <ivo.sedlacek@ericsson.com> Tue, 09 September 2014 11:09 UTC

Return-Path: <ivo.sedlacek@ericsson.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EBFE01A6FC9 for <ipsec@ietfa.amsl.com>; Tue, 9 Sep 2014 04:09:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id acxpIolDyD3U for <ipsec@ietfa.amsl.com>; Tue, 9 Sep 2014 04:09:11 -0700 (PDT)
Received: from sessmg22.ericsson.net (sessmg22.ericsson.net [193.180.251.58]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 61A611A6FC3 for <ipsec@ietf.org>; Tue, 9 Sep 2014 04:09:10 -0700 (PDT)
X-AuditID: c1b4fb3a-f79da6d0000008c7-10-540edfd44b39
Received: from ESESSHC016.ericsson.se (Unknown_Domain [153.88.253.124]) by sessmg22.ericsson.net (Symantec Mail Security) with SMTP id 3E.BD.02247.4DFDE045; Tue, 9 Sep 2014 13:09:08 +0200 (CEST)
Received: from ESESSMB301.ericsson.se ([169.254.1.77]) by ESESSHC016.ericsson.se ([153.88.183.66]) with mapi id 14.03.0174.001; Tue, 9 Sep 2014 13:09:07 +0200
From: Ivo Sedlacek <ivo.sedlacek@ericsson.com>
To: "ipsec@ietf.org" <ipsec@ietf.org>
Thread-Topic: Review of draft-gundavelli-ipsecme-3gpp-ims-options-02
Thread-Index: Ac/MFsZIKMQYWriGR/e+ppRj0kUPVQ==
Date: Tue, 09 Sep 2014 11:09:07 +0000
Message-ID: <39B5E4D390E9BD4890E2B310790061011272E731@ESESSMB301.ericsson.se>
Accept-Language: en-US, cs-CZ
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [153.88.183.147]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrHLMWRmVeSWpSXmKPExsUyM+Jvje6V+3whBm8fyVgsmreAyWL/lhds FvvXNTBZdB2czmZx8M82NgdWj1n3z7J5TPm9kdVj56y77B5LlvxkCmCJ4rJJSc3JLEst0rdL 4MqYv/Qfc8F2g4rHpy6zNTDuVeti5OCQEDCRWDPBtYuRE8gUk7hwbz1bFyMXh5DAUUaJGz0r mCCcRYwSEzfvYQapYhPQk5i45QgriC0ioCpxatl0VpAiZoFNjBINvWfBEsIC9hITds5lgyhy kZjceQXK1pNYvXAD2CAWARWJKZ+mMYHYvAK+EvP/3GQHsRkFZCWu/ullBLGZBcQlbj2ZzwRx noDEkj3nmSFsUYmXj/+xQnygJDFtaxpEuY7Egt2f2CBsbYllC18zQ4wXlDg58wnLBEaRWUim zkLSMgtJyywkLQsYWVYxihanFhfnphsZ6aUWZSYXF+fn6eWllmxiBEbQwS2/rXYwHnzueIhR gINRiYdXIZ4vRIg1say4MvcQozQHi5I478Jz84KFBNITS1KzU1MLUovii0pzUosPMTJxcEo1 ME5yer72umOtOpvBzZZtcV6TJ8y3mFqWuOigv0XA/qxdh3Qf9gipNlyV3GH7NXvt7XnOTF8y 6/5eXRXAZHLp2oQ2jaX9plFVkcFP+L+eV+Oy41w5zfxLcq/Z/CTXM+/2nb96hW1p0CzPvx17 +1f6e2e5m/3k2qrFcuyBhZuLYVzD9Jv3w9U8PiixFGckGmoxFxUnAgCVhb0vgQIAAA==
Archived-At: http://mailarchive.ietf.org/arch/msg/ipsec/mnFouMWps33ObOVyhNXJ8AV3B4w
Cc: "noblea@cisco.com" <noblea@cisco.com>, Jouni Korhonen <jouni.nospam@gmail.com>, "baboescu@broadcom.com" <baboescu@broadcom.com>, "sgundave@cisco.com" <sgundave@cisco.com>
Subject: [IPsec] Review of draft-gundavelli-ipsecme-3gpp-ims-options-02
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Sep 2014 11:09:14 -0000

Hello,

I reviewed http://tools.ietf.org/id/draft-gundavelli-ipsecme-3gpp-ims-options-02.txt and found the following issues:

ISSUE 1: the draft states:
------
These attributes can be
   used for carrying the IPv4 and IPv6 address of the Proxy-Call Control
   and Service function (P-CSCF).
------
In 3GPP, P-CSCF abbreviation stands for "Proxy-Call Session Control Function".

PROPOSAL 1: state:
------
These attributes can be
   used for carrying the IPv4 address and IPv6 address of the Proxy-Call Session Control function (P-CSCF).
------

ISSUE 2: the draft states:
------
When an IPSec gateway delivers these
   attributes to an IPsec client, it can obtain the IPv4 and/or IPv6
   address of the P-CSCF server located in the home network.
------
The P-CSCF does not necessarily need to be located in the home network. In roaming situations, the P-CSCF can also be in visited network.  
Example: User has a contract with an European operator. The user with its user equipment (UE) is in Japan and uses network of a Japanese operator. In such use case, the ePDG entity, the PGW entity and P-CSCF can all be in visited network (i.e. Japanese operator network).

PROPOSAL 2: state:
------
When an IPSec gateway delivers these
   attributes to an IPsec client, the IPsec client can obtain the IPv4 and/or IPv6
   address of the P-CSCF server located in the 3GPP network.
------

ISSUE 3: the draft states:
------
   The Third Generation Partnership Project (3GPP) S2b reference point
   [TS23402], specified by the 3GPP system architecture defines a
   mechanism for allowing a mobile node (MN) attached in an untrusted
   non-3GPP IP Access Network to securely connect to the 3GPP home
   network and access IP services.
------
When roaming, the UE can access IP services in the 3GPP home network or 3GPP visited network. ePDG can be in visited or home network - see  http://www.3gpp.org/ftp/Specs/archive/23_series/23.402/23402-c50.zip section 4.5.4. If so, P-GW and P-CSCF can also be in the visited network.

PROPOSAL 3: state:
------
   The Third Generation Partnership Project (3GPP) S2b reference point
   [TS23402], specified by the 3GPP system architecture defines a
   mechanism for allowing a mobile node (MN) attached in an untrusted
   non-3GPP IP Access Network to securely connect to a 3GPP 
   network and access IP services.
------

ISSUE 4: the draft states:
------
   A mobile node in this scenario may potentially need to access the IP
   Multimedia Subsystem (IMS) services in the home network.
------
P-CSCF can also be in visited network.

PROPOSAL 4: state:
------
   A mobile node in this scenario may potentially need to access the IP
   Multimedia Subsystem (IMS) services in the 3GPP network.
------

ISSUE 5: the draft states:
------
   Proxy-Call Session Control Function (P-CSCF)

      The P-CSCF is the entry point to the 3GPP IMS (IP Multimedia
      Subsystem) domain and serves as the outbound proxy server for the
      mobile node.  The mobile node attaches to the P-CSCF prior to
      performing IMS registrations and initiating SIP sessions.
------
Problems:
1) 3GPP IMS is not a domain.
2) The mobile node does NOT attach to P-CSCF prior to performing the IMS registration. Instead, the registration with IMS is the request for "attachment" to IMS.

PROPOSAL 5: state:
------
   Proxy-Call Session Control Function (P-CSCF)

      The P-CSCF is the entry point to the 3GPP IMS (IP Multimedia
      Subsystem)  and serves as the SIP outbound proxy for the
      mobile node.  The mobile node performs SIP registration to 3GPP IMS and initiates SIP sessions via a P-CSCF.
------

ISSUE 6: the draft states:
------
Multiple P-CSCF
   servers MAY be requested by including a single instance of an empty
   P-CSCF_IP4_ADDRESS attribute with zero-length IPv4 Address field.
   The responder MAY respond with zero or more P-CSCF_IP4_ADDRESS
   attributes, and there is no implied order in the response.
------
IMO, the 1st sentence above is misleading as it suggests that the mobile node has a choise to request one P-CSCF IPv4 address or to request multiple P-CSCF IPv4 addresses. However, in my reading of the rest of the draft, the mobile node has just one choise - request P-CSCF IPv4 addresses and receive zero, one or several P-CSCF IPv4 addresses.

PROPOSAL 6: state:
------
If an instance of an empty
   P-CSCF_IP4_ADDRESS attribute with zero-length IPv4 Address field is included by mobile node, the responder MAY respond with zero, one or more P-CSCF_IP4_ADDRESS
   attributes. If several P-CSCF_IP4_ADDRESS attributes are provided in one IKEv2 message, there is no implied order among the P-CSCF_IP4_ADDRESS attributes.
------

ISSUE 7: the draft states:
------
Multiple P-CSCF
   servers MAY be requested by including a single instance of an empty
   P-CSCF_IP6_ADDRESS attribute with zero-length IPv6 Address field.
   The responder MAY respond with zero or more P-CSCF_IP6_ADDRESS
   attributes, and there is no implied order in the response.
------
IMO, the 1st sentence above is misleading as it suggests that the mobile node has a choise to request one P-CSCF IPv6 address or to request multiple P-CSCF IPv6 addresses. However, in my reading of the rest of the draft, the mobile node has just one choise - request P-CSCF IPv6 addresses and receive zero, one or several P-CSCF IPv6 addresses.

PROPOSAL 7: state:
------
If an instance of an empty
   P-CSCF_IP6_ADDRESS attribute with zero-length IPv6 Address field is included by mobile node, the responder MAY respond with zero, one or more P-CSCF_IP6_ADDRESS
   attributes. If several P-CSCF_IP6_ADDRESS attributes are provided in one IKEv2 message, there is no implied order among the P-CSCF_IP6_ADDRESS attributes.
------

Kind regards

Ivo Sedlacek
Ericsson
Mobile +420 608 234 709
ivo.sedlacek@ericsson.com
www.ericsson.com

This Communication is Confidential. We only send and receive email on the basis of the terms set out at www.ericsson.com/email_disclaimer

v2.23.0 | Report a Bug | By Email