Re: [MEXT] Review of I-D draft-korhonen-mext-mip6-altsec-06
<Basavaraj.Patil@nokia.com> Thu, 20 January 2011 21:54 UTC
Return-Path: <Basavaraj.Patil@nokia.com>
X-Original-To: mext@core3.amsl.com
Delivered-To: mext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E1C213A6839 for <mext@core3.amsl.com>; Thu, 20 Jan 2011 13:54:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.662
X-Spam-Level:
X-Spam-Status: No, score=-103.662 tagged_above=-999 required=5 tests=[AWL=-1.062, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cNlTIFjQKpfW for <mext@core3.amsl.com>; Thu, 20 Jan 2011 13:54:06 -0800 (PST)
Received: from mgw-da02.nokia.com (smtp.nokia.com [147.243.128.26]) by core3.amsl.com (Postfix) with ESMTP id 410C23A682F for <mext@ietf.org>; Thu, 20 Jan 2011 13:54:06 -0800 (PST)
Received: from vaebh102.NOE.Nokia.com (vaebh102.europe.nokia.com [10.160.244.23]) by mgw-da02.nokia.com (Switch-3.4.3/Switch-3.4.3) with ESMTP id p0KLuhBu026552; Thu, 20 Jan 2011 23:56:46 +0200
Received: from smtp.mgd.nokia.com ([65.54.30.8]) by vaebh102.NOE.Nokia.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.4675); Thu, 20 Jan 2011 23:56:04 +0200
Received: from 008-AM1MMR1-006.mgdnok.nokia.com (65.54.30.61) by NOK-AM1MHUB-04.mgdnok.nokia.com (65.54.30.8) with Microsoft SMTP Server (TLS) id 8.2.255.0; Thu, 20 Jan 2011 22:56:04 +0100
Received: from 008-AM1MPN1-005.mgdnok.nokia.com ([169.254.4.169]) by 008-AM1MMR1-006.mgdnok.nokia.com ([65.54.30.61]) with mapi; Thu, 20 Jan 2011 22:55:56 +0100
From: Basavaraj.Patil@nokia.com
To: jan@go6.si, mext@ietf.org
Thread-Topic: [MEXT] Review of I-D draft-korhonen-mext-mip6-altsec-06
Thread-Index: AQHLuH0JE4MPNYPORU+/IPQRfHjdipPZ804A
Date: Thu, 20 Jan 2011 21:55:56 +0000
Message-ID: <C95E0B38.CD87%basavaraj.patil@nokia.com>
In-Reply-To: <4D37F38A.4080602@go6.si>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.2.0.101115
Content-Type: text/plain; charset="us-ascii"
Content-ID: <deba43fd-163b-490c-aedf-520f02fd7218>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginalArrivalTime: 20 Jan 2011 21:56:04.0547 (UTC) FILETIME=[D597A930:01CBB8EC]
X-Nokia-AV: Clean
Subject: Re: [MEXT] Review of I-D draft-korhonen-mext-mip6-altsec-06
X-BeenThere: mext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Mobile IPv6 EXTensions WG <mext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/mext>, <mailto:mext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mext>
List-Post: <mailto:mext@ietf.org>
List-Help: <mailto:mext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mext>, <mailto:mext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Jan 2011 21:54:08 -0000
Thanks for the review. Support for route-optimization with the proposed security solution in this I-D is possible. We will describe this in more details in the next rev while also addressing some of your other comments.. -Raj On 1/20/11 2:34 AM, "ext Jan Zorz @ go6.si" <jan@go6.si> wrote: >Hi, > >It took me quite long to write this review, but finally, here it is :) > >Review comments: > >In general the proposal of using an alternative to IPsec and IKEv2 >seems quite okay. The main purpose of Mobile IPv6 is to enable >mobility at the IP layer and hence using TLS which is much more widely >implemented and deployed for use to secure the signaling is good. > >More specific comments: > >- The proposal introduces a new element called HAC. In terms of > deployments such a network element may become central for > bootstrapping Mobile IPv6. The I-D states that the HAC could be > co-located with the HA. In reality, the HAC should be a standalone > entity which interacts with AAA and policy engines in a network. > >- TLS is widely used for security in the Internet today. Hence the use > of TLS does not weaken mobile IPv6 security. TLS is also used only > for bootstrapping and not for securing the signaling or traffic. > >- Describe the steps in figure 1. > >- The security association scope says that it describes whether the SA > is only for signaling or for data as well. Would be useful to make > it more explicit. > >- Route optimization is an important feature of Mobile IPv6. Hence > this alternate security solution should explain how the route > optimization signaling messages are secured. > >- Unclear why HTTP headers (Sec 8.2) are being reserved. Could not > really understand the purpose. > >- Message details are fairly complete and hence should be > implementable. > >In summary, the draft is well written and complete and should be >considered for standardization. > >I'm using DSMIP6-TLS implementations on N900 phone and Ubuntu Linux >laptop in everyday life and it seems to work quite well. There are still >some implementation issues that needs to be fixed, but overall feeling >is very satisfactory. > >Regards, Jan Zorz >go6.si >_______________________________________________ >MEXT mailing list >MEXT@ietf.org >https://www.ietf.org/mailman/listinfo/mext
- [MEXT] Review of I-D draft-korhonen-mext-mip6-alt… Jan Zorz @ go6.si
- Re: [MEXT] Review of I-D draft-korhonen-mext-mip6… jouni korhonen
- Re: [MEXT] Review of I-D draft-korhonen-mext-mip6… Jan Zorz @ go6.si
- Re: [MEXT] Review of I-D draft-korhonen-mext-mip6… Arnaud Ebalard
- Re: [MEXT] Review of I-D draft-korhonen-mext-mip6… Basavaraj.Patil