IETF Logo Mail Archive

Re: [MEXT] Well-known problem with authentication/etc. in wireless networks

Julien Laganier <julien.ietf@gmail.com> Thu, 25 August 2011 17:43 UTC

Return-Path: <julien.ietf@gmail.com>
X-Original-To: mext@ietfa.amsl.com
Delivered-To: mext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D862C21F8C22 for <mext@ietfa.amsl.com>; Thu, 25 Aug 2011 10:43:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.407
X-Spam-Level:
X-Spam-Status: No, score=-3.407 tagged_above=-999 required=5 tests=[AWL=0.192, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jZyH2sOzOi4A for <mext@ietfa.amsl.com>; Thu, 25 Aug 2011 10:43:33 -0700 (PDT)
Received: from mail-wy0-f172.google.com (mail-wy0-f172.google.com [74.125.82.172]) by ietfa.amsl.com (Postfix) with ESMTP id 043B821F8C1E for <mext@ietf.org>; Thu, 25 Aug 2011 10:43:32 -0700 (PDT)
Received: by wyg8 with SMTP id 8so2132760wyg.31 for <mext@ietf.org>; Thu, 25 Aug 2011 10:44:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=ZJiGD7p9XVGN0/jcjBbzi9DiAv7wWmLodePIy6G2SPU=; b=bOizQtugFz7qXP8slOq7zN2fUxo9v3fAKzSs5CSysM6jH3l4438X9P2v1a+UOYSGl0 F/CfWDvwZWMN096kUUQTvhtokkH9YezIf4XQ7zgv+X2jhT0br7kVZ4Ee8LGnkjOUmax0 TUfzzJ66buVkKShy3Y1enBEL4FOBWJdvMlhOk=
MIME-Version: 1.0
Received: by 10.227.28.4 with SMTP id k4mr44340wbc.21.1314294286335; Thu, 25 Aug 2011 10:44:46 -0700 (PDT)
Received: by 10.227.141.79 with HTTP; Thu, 25 Aug 2011 10:44:46 -0700 (PDT)
In-Reply-To: <4E554BAA.9080409@computer.org>
References: <4E554BAA.9080409@computer.org>
Date: Thu, 25 Aug 2011 10:44:46 -0700
Message-ID: <CAE_dhjtz5ue1noQwzb5gcCFa1gq_4EY-hxMhQRL07JAQNZq3bg@mail.gmail.com>
From: Julien Laganier <julien.ietf@gmail.com>
To: charliep@computer.org
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Cc: mext <mext@ietf.org>
Subject: Re: [MEXT] Well-known problem with authentication/etc. in wireless networks
X-BeenThere: mext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Mobile IPv6 EXTensions WG <mext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mext>, <mailto:mext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mext>
List-Post: <mailto:mext@ietf.org>
List-Help: <mailto:mext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mext>, <mailto:mext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Aug 2011 17:43:34 -0000

Charlie,

I am not sure I understand what is missing in MIPv6; a MN and an HA
can already mutually authenticate using EAP, and this is incidentally
what 3GPP leverages on, together with the EAP-AKA method. What is
missing?

--julien

On Wed, Aug 24, 2011 at 12:06 PM, Charles E. Perkins
<charliep@computer.org> wrote:
>
> Hello folks,
>
> It's now 2011.  Mobile IP was standardized late in
> 1996, after work had already been started nearly
> ten years before.  Over two decades! -- and regardless
> of lip service to fixed/mobile convergence we still
> don't have seamless mobility in user devices across
> heterogeneous media, and standards organizations
> (notably 3GPP) are not properly taking advantage of
> what Mobile IP can do. The losers are the end-users,
> which means all of us.
>
> There are many reasons for this, but one of the
> main reasons has to do with authentication at the
> access network.  EAP in various forms is being
> utilized for this purpose, and Mobile IP is not,
> even though there has never been any reported
> failure of the RFC 5944 or RFC 4285 or RFC 6275
> (to my knowledge).  Moreover, unless there is
> something wrong with the cryptography that also
> has not been reported, these authentication methods
> enable _mutual_ authentication between the network
> and the client, not just client authentication.
>
> In order for Mobile IP to enable the real promise
> of high performance heterogeneous networking, we
> have to do some more work.  I would like to initiate
> some more discussion about this.  DMM is interesting
> in its own right, but it's not at all the whole
> story.  Moreover, with proper design, it is likely
> the supposed burden of signaling to the home agent
> can be substantially reduced.  As one simple example,
> if handovers are accomplished locally between trusted
> access agents (routers, 802.11 access controllers, ...)
> then the actual timing of tunnel redirection from the
> home agent becomes much less critical.  This is also
> intricately intertwined with authentication.
>
> If the Home Agent were recognized as a robust security
> appliance, then it could naturally sit on the network
> boundary as an IP-addressable device.  Mobile IP
> authentication could become the primary means of
> validating user access, instead of an afterthought
> to enable IP-address preservation after all the heavy
> lifting has been done a lower levels.
>
> I would like to propose that in this working group we
> should go about making this happen.  It seems to be
> important, and undeniably aligned with our working
> group responsibilities.
>
> Regards,
> Charlie P.
>
>
> _______________________________________________
> MEXT mailing list
> MEXT@ietf.org
> https://www.ietf.org/mailman/listinfo/mext
>

v2.8.7 | Report a Bug | By Email