IETF Logo Mail Archive

[MEXT] Well-known problem with authentication/etc. in wireless networks

"Charles E. Perkins" <charliep@computer.org> Wed, 24 August 2011 19:05 UTC

Return-Path: <charliep@computer.org>
X-Original-To: mext@ietfa.amsl.com
Delivered-To: mext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4A17321F8BA7 for <mext@ietfa.amsl.com>; Wed, 24 Aug 2011 12:05:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hLPyRivJQVou for <mext@ietfa.amsl.com>; Wed, 24 Aug 2011 12:05:25 -0700 (PDT)
Received: from elasmtp-dupuy.atl.sa.earthlink.net (elasmtp-dupuy.atl.sa.earthlink.net [209.86.89.62]) by ietfa.amsl.com (Postfix) with ESMTP id 7F88421F8B9B for <mext@ietf.org>; Wed, 24 Aug 2011 12:05:25 -0700 (PDT)
Received: from [138.111.58.2] (helo=[172.17.96.89]) by elasmtp-dupuy.atl.sa.earthlink.net with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.67) (envelope-from <charliep@computer.org>) id 1QwImY-0008PP-AM for mext@ietf.org; Wed, 24 Aug 2011 15:06:34 -0400
Message-ID: <4E554BAA.9080409@computer.org>
Date: Wed, 24 Aug 2011 12:06:18 -0700
From: "Charles E. Perkins" <charliep@computer.org>
Organization: Wichorus Inc.
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0) Gecko/20110812 Thunderbird/6.0
MIME-Version: 1.0
To: mext <mext@ietf.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-ELNK-Trace: 137d7d78656ed6919973fd6a8f21c4f2d780f4a490ca6956d5d4673fe7faad86caac4dccf7e3e446c16127e913e9449c350badd9bab72f9c350badd9bab72f9c
X-Originating-IP: 138.111.58.2
Subject: [MEXT] Well-known problem with authentication/etc. in wireless networks
X-BeenThere: mext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: charliep@computer.org
List-Id: Mobile IPv6 EXTensions WG <mext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mext>, <mailto:mext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mext>
List-Post: <mailto:mext@ietf.org>
List-Help: <mailto:mext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mext>, <mailto:mext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Aug 2011 19:05:26 -0000

Hello folks,

It's now 2011.  Mobile IP was standardized late in
1996, after work had already been started nearly
ten years before.  Over two decades! -- and regardless
of lip service to fixed/mobile convergence we still
don't have seamless mobility in user devices across
heterogeneous media, and standards organizations
(notably 3GPP) are not properly taking advantage of
what Mobile IP can do. The losers are the end-users,
which means all of us.

There are many reasons for this, but one of the
main reasons has to do with authentication at the
access network.  EAP in various forms is being
utilized for this purpose, and Mobile IP is not,
even though there has never been any reported
failure of the RFC 5944 or RFC 4285 or RFC 6275
(to my knowledge).  Moreover, unless there is
something wrong with the cryptography that also
has not been reported, these authentication methods
enable _mutual_ authentication between the network
and the client, not just client authentication.

In order for Mobile IP to enable the real promise
of high performance heterogeneous networking, we
have to do some more work.  I would like to initiate
some more discussion about this.  DMM is interesting
in its own right, but it's not at all the whole
story.  Moreover, with proper design, it is likely
the supposed burden of signaling to the home agent
can be substantially reduced.  As one simple example,
if handovers are accomplished locally between trusted
access agents (routers, 802.11 access controllers, ...)
then the actual timing of tunnel redirection from the
home agent becomes much less critical.  This is also
intricately intertwined with authentication.

If the Home Agent were recognized as a robust security
appliance, then it could naturally sit on the network
boundary as an IP-addressable device.  Mobile IP
authentication could become the primary means of
validating user access, instead of an afterthought
to enable IP-address preservation after all the heavy
lifting has been done a lower levels.

I would like to propose that in this working group we
should go about making this happen.  It seems to be
important, and undeniably aligned with our working
group responsibilities.

Regards,
Charlie P.

v2.8.7 | Report a Bug | By Email