IETF Logo Mail Archive

Re: [MEXT] Review of I-D draft-korhonen-mext-mip6-altsec-06

jouni korhonen <jouni.nospam@gmail.com> Thu, 20 January 2011 09:28 UTC

Return-Path: <jouni.nospam@gmail.com>
X-Original-To: mext@core3.amsl.com
Delivered-To: mext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BF0D73A7212 for <mext@core3.amsl.com>; Thu, 20 Jan 2011 01:28:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BkrPESnir+sf for <mext@core3.amsl.com>; Thu, 20 Jan 2011 01:28:30 -0800 (PST)
Received: from mail-ey0-f172.google.com (mail-ey0-f172.google.com [209.85.215.172]) by core3.amsl.com (Postfix) with ESMTP id 3DB093A7103 for <mext@ietf.org>; Thu, 20 Jan 2011 01:28:30 -0800 (PST)
Received: by eyd10 with SMTP id 10so141026eyd.31 for <mext@ietf.org>; Thu, 20 Jan 2011 01:31:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:subject:mime-version:content-type:from :in-reply-to:date:cc:content-transfer-encoding:message-id:references :to:x-mailer; bh=VNBrv3m2pBtQve9Qd5fmuzn8f0B1zYgAfzTNrHdTmZw=; b=CRm+SR7Z9fL0FBTg2Wc3f/6STMRwR7vc7nLa8IXQJLWPuIf7+r0fNLdEaabrAM+inA NjGlmjMZuPLuNJUJNcEzqOPU56ufMO9q6nfBCHTNgnVrjkDE7LVijMdWnYWWCdsb0wOH o3pTbPtMJUDVoBbK1rO0ldKvrbmB8HC2JnRCU=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=subject:mime-version:content-type:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to:x-mailer; b=O/4oUCJif1jVYutyEnEF0jEVPdhMnhF6Ki5MX2KEep2Mciv0rlA2b/r0s/9l6nuNeF GcqwsYP5w5x0Vzsvg9sm0CpFi3hqwAB9o8I56vY/GG1OV1UmnrUsC97vUx2T/Nv6ulnB vrndPmDFBDzBGpOfw+A3ArDgKfsoDHC4jwsTM=
Received: by 10.213.19.20 with SMTP id y20mr2585198eba.75.1295515871893; Thu, 20 Jan 2011 01:31:11 -0800 (PST)
Received: from [192.168.141.77] ([213.246.198.210]) by mx.google.com with ESMTPS id b52sm6385783eei.7.2011.01.20.01.31.09 (version=TLSv1/SSLv3 cipher=RC4-MD5); Thu, 20 Jan 2011 01:31:10 -0800 (PST)
Mime-Version: 1.0 (Apple Message framework v1078)
Content-Type: text/plain; charset="us-ascii"
From: jouni korhonen <jouni.nospam@gmail.com>
In-Reply-To: <4D37F38A.4080602@go6.si>
Date: Thu, 20 Jan 2011 11:31:08 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <B96E2661-6C08-46A1-9C3D-915D604DDF0B@gmail.com>
References: <4D37F38A.4080602@go6.si>
To: "Jan Zorz"@go6.si
X-Mailer: Apple Mail (2.1078)
Cc: mext@ietf.org
Subject: Re: [MEXT] Review of I-D draft-korhonen-mext-mip6-altsec-06
X-BeenThere: mext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Mobile IPv6 EXTensions WG <mext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/mext>, <mailto:mext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mext>
List-Post: <mailto:mext@ietf.org>
List-Help: <mailto:mext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mext>, <mailto:mext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Jan 2011 09:28:32 -0000

Hi Jan,


Thanks for the review! We will reflect these along those comments received from Ryuji and Domagoj. Some more detailed comments inline.

On Jan 20, 2011, at 10:34 AM, Jan Zorz @ go6.si wrote:

> Hi,
> 
> It took me quite long to write this review, but finally, here it is :)
> 
> Review comments:
> 
> In general the proposal of using an alternative to IPsec and IKEv2
> seems quite okay. The main purpose of Mobile IPv6 is to enable
> mobility at the IP layer and hence using TLS which is much more widely
> implemented and deployed for use to secure the signaling is good.
> 
> More specific comments:
> 
> - The proposal introduces a new element called HAC. In terms of
>  deployments such a network element may become central for
>  bootstrapping Mobile IPv6. The I-D states that the HAC could be
>  co-located with the HA. In reality, the HAC should be a standalone
>  entity which interacts with AAA and policy engines in a network.


That is purely an implementation issue. We will add some more text around this topic.

> 
> - TLS is widely used for security in the Internet today. Hence the use
>  of TLS does not weaken mobile IPv6 security. TLS is also used only
>  for bootstrapping and not for securing the signaling or traffic.

Right. However, bootstrapping agrees on ciphers that are available for TLS and at the implementation level we then use those ciphers available in TLS library. So in a way we still utilize TLS code base for signaling & traffic ciphering.

> 
> - Describe the steps in figure 1.


ok.

> 
> - The security association scope says that it describes whether the SA
>  is only for signaling or for data as well. Would be useful to make
>  it more explicit.

Ok.

> 
> - Route optimization is an important feature of Mobile IPv6. Hence
>  this alternate security solution should explain how the route
>  optimization signaling messages are secured.

Currently the I-D scopes route optimization out. That is stated at the very end of the document though. We have been thinking to add route optimization support though.


> 
> - Unclear why HTTP headers (Sec 8.2) are being reserved. Could not
>  really understand the purpose.

Just a left over from earlier revisions.


> 
> - Message details are fairly complete and hence should be
>  implementable.
> 
> In summary, the draft is well written and complete and should be
> considered for standardization.
> 
> I'm using DSMIP6-TLS implementations on N900 phone and Ubuntu Linux laptop in everyday life and it seems to work quite well. There are still some implementation issues that needs to be fixed, but overall feeling is very satisfactory.
> 

Thanks.

- Jouni


> Regards, Jan Zorz
> go6.si
> _______________________________________________
> MEXT mailing list
> MEXT@ietf.org
> https://www.ietf.org/mailman/listinfo/mext

v2.23.0 | Report a Bug | By Email