IETF Logo Mail Archive

Re: [MEXT] FW: New Version Notification for draft-bajko-mext-sod-02.txt

Sri Gundavelli <sgundave@cisco.com> Sun, 17 July 2011 19:44 UTC

Return-Path: <sgundave@cisco.com>
X-Original-To: mext@ietfa.amsl.com
Delivered-To: mext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A08F921F8658 for <mext@ietfa.amsl.com>; Sun, 17 Jul 2011 12:44:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.95
X-Spam-Level:
X-Spam-Status: No, score=-3.95 tagged_above=-999 required=5 tests=[AWL=-1.351, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xXkekpI5ymbQ for <mext@ietfa.amsl.com>; Sun, 17 Jul 2011 12:44:00 -0700 (PDT)
Received: from rcdn-iport-4.cisco.com (rcdn-iport-4.cisco.com [173.37.86.75]) by ietfa.amsl.com (Postfix) with ESMTP id 970FC21F863A for <mext@ietf.org>; Sun, 17 Jul 2011 12:44:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=sgundave@cisco.com; l=3988; q=dns/txt; s=iport; t=1310931840; x=1312141440; h=date:subject:from:to:message-id:in-reply-to:mime-version: content-transfer-encoding; bh=oN75TYDJv6xWKXuO0sLYrk9dpE6pPxEn/b+D81zlsOM=; b=FRibDjHDfYPb6XNPHBFcS1zeUxuBi80fpF8+JGaUheemtq+9YpSJdY4o xX0tPFYdVKdBzE++4g3fG1YidP951oytvTmbOb2PXd0kNT90++546xM3m WDJqfAiCeC43nIdOvsBL9kz8pjQaQvjpUWYnvieMpEM41s9fRtxoror4/ c=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Av0EALE6I06rRDoJ/2dsb2JhbABRp3J3iHykLp0RhjwEh1SLEoUKi2s
X-IronPort-AV: E=Sophos;i="4.67,218,1309737600"; d="scan'208";a="3758075"
Received: from mtv-core-4.cisco.com ([171.68.58.9]) by rcdn-iport-4.cisco.com with ESMTP; 17 Jul 2011 19:43:59 +0000
Received: from xbh-sjc-211.amer.cisco.com (xbh-sjc-211.cisco.com [171.70.151.144]) by mtv-core-4.cisco.com (8.14.3/8.14.3) with ESMTP id p6HJhx2A013205; Sun, 17 Jul 2011 19:43:59 GMT
Received: from xmb-sjc-214.amer.cisco.com ([171.70.151.145]) by xbh-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.4675); Sun, 17 Jul 2011 12:43:59 -0700
Received: from 10.32.246.213 ([10.32.246.213]) by xmb-sjc-214.amer.cisco.com ([171.70.151.145]) with Microsoft Exchange Server HTTP-DAV ; Sun, 17 Jul 2011 19:43:59 +0000
User-Agent: Microsoft-Entourage/12.30.0.110427
Date: Sun, 17 Jul 2011 12:43:56 -0700
From: Sri Gundavelli <sgundave@cisco.com>
To: <Basavaraj.Patil@nokia.com>, <mext@ietf.org>
Message-ID: <CA48898C.212E3%sgundave@cisco.com>
Thread-Topic: [MEXT] FW: New Version Notification for draft-bajko-mext-sod-02.txt
Thread-Index: AQHMQB+/vTiCYkVQrE2OABRQFeV53pTqVUQAgAaeN0k=
In-Reply-To: <CA437A9B.1BB43%basavaraj.patil@nokia.com>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
X-OriginalArrivalTime: 17 Jul 2011 19:43:59.0419 (UTC) FILETIME=[DF6098B0:01CC44B9]
Subject: Re: [MEXT] FW: New Version Notification for draft-bajko-mext-sod-02.txt
X-BeenThere: mext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Mobile IPv6 EXTensions WG <mext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mext>, <mailto:mext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mext>
List-Post: <mailto:mext@ietf.org>
List-Help: <mailto:mext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mext>, <mailto:mext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 17 Jul 2011 19:44:01 -0000

Raj:

I've reviwed this draft. Clarifying questions.



1. New Mobility option

> data contains a location in XML format as defined in RFC5139

I'm bit surprised on the need to carry Civic Location info. I thought it is
intended for human interpretation. Ex: Building 24, 2nd Floor, in front of
Starbucks, when this location info in this format is carried in MIP binding
option, how can the home agent make use of it realistically ? I'm not sure,
beyond the "S" flag the draft proposes, if this new mobility option is
needed ? The draft is also not clear on the aspect of negotiation. It
appears to be more a request in the form of "S" flag in the draft.


2. Use of IKEv2/RFC 4877

If the MN is in a location where it decides to enable security protection
for the data traffic, it can certainly establish an IPsec SA for the tunnel
mode ESP. Wondering, if this needs to be achieved over a MIP control plane
and the advantages with that approach ? Even if this needs to be determined
after the MIP session set up, still there needs to be IKEv2 protocol
exchange for creating the SA ? Nothing stops either the HA or the MN to
create an SA for the tunnel mode ESP.


3. General question

The HA is providing IP mobility service for the mobile node's home address.
>From the mobile node, or a correspondent node perspective, the home agent is
just a pass through device. Securing the MN-HA link can certainly protects
all the traffic for some part of the path segment, but it is not sufficient.
If the argument is that, this is also a consideration for mobility service,
as Julien/Raj or some one commented when it was presented, but I could not
agree either way in my head, if this is really a service that the home agent
needs to offer, or if it should be between the traffic flow end points.

4. Granularity/Traffic Selectors for Protection

The mobile node may decide not to secure all traffic, as there is some
pandora/youtube or other garbage traffic, which does not require protection.
The approach here seems to be enable or disable data plane security. Why not
try this with the DSMIP traffic flow selectors, as part of access selection
for a flow, adding a bit to turn or off security might be an option ? You
get the granularity for traffic protection as well.


Regards
Sri








On 7/13/11 2:40 PM, "Basavaraj.Patil@nokia.com" <Basavaraj.Patil@nokia.com>
wrote:

> 
> We have posted a new version of the I-D. This does not incorporate the
> review comments from Julien L., Kent Leung, Stefano Faccin and Jouni
> Korhonen. We hope to do that in Rev 3 of the I-D in the next few weeks.
> 
> -Raj
> 
> On 7/11/11 6:10 PM, "ext internet-drafts@ietf.org"
> <internet-drafts@ietf.org> wrote:
> 
>> A new version of I-D, draft-bajko-mext-sod-02.txt has been successfully
>> submitted by Basavaraj Patil and posted to the IETF repository.
>> 
>> Filename:     draft-bajko-mext-sod
>> Revision:     02
>> Title:         Security on Demand for Mobile IPv6 and Dual-stack Mobile
>> IPv6
>> Creation date:     2011-07-12
>> WG ID:         Individual Submission
>> Number of pages: 9
>> 
>> Abstract:
>>   Mobile IPv6 and Dual-stack Mobile IPv6 protocols require the
>>   signaling messages between the mobile node and home agent to be
>>   secured.  However security for the user plane/traffic is optional and
>>   is a choice left to the mobile node.  This document proposes
>>   extensions to Mobile IPv6 signaling which enables the user plane
>>   traffic to be secured on a need or on-demand basis.  The mobile node
>>   or the home agent can request at any time security for the user plane
>>   traffic.  Security for user plane traffic can be triggered as a
>>   result of policy or, mobility or, at the user&#39;s choice.
>> 
>>                 
> 
> _______________________________________________
> MEXT mailing list
> MEXT@ietf.org
> https://www.ietf.org/mailman/listinfo/mext

v2.8.7 | Report a Bug | By Email