IETF Logo Mail Archive

Re: [MEXT] [!! SPAM] Re: Well-known problem with authentication/etc. in wireless networks

<Basavaraj.Patil@nokia.com> Thu, 25 August 2011 20:04 UTC

Return-Path: <Basavaraj.Patil@nokia.com>
X-Original-To: mext@ietfa.amsl.com
Delivered-To: mext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 59EA021F8C75 for <mext@ietfa.amsl.com>; Thu, 25 Aug 2011 13:04:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.636
X-Spam-Level:
X-Spam-Status: No, score=-102.636 tagged_above=-999 required=5 tests=[AWL=-0.037, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oi2K3ZIJeT9Q for <mext@ietfa.amsl.com>; Thu, 25 Aug 2011 13:04:40 -0700 (PDT)
Received: from mgw-sa02.nokia.com (smtp.nokia.com [147.243.1.48]) by ietfa.amsl.com (Postfix) with ESMTP id 52D7421F8C37 for <mext@ietf.org>; Thu, 25 Aug 2011 13:04:40 -0700 (PDT)
Received: from vaebh106.NOE.Nokia.com (vaebh106.europe.nokia.com [10.160.244.32]) by mgw-sa02.nokia.com (Switch-3.4.4/Switch-3.4.3) with ESMTP id p7PK5ih3015367; Thu, 25 Aug 2011 23:05:44 +0300
Received: from smtp.mgd.nokia.com ([65.54.30.7]) by vaebh106.NOE.Nokia.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.4675); Thu, 25 Aug 2011 23:05:39 +0300
Received: from 008-AM1MMR1-002.mgdnok.nokia.com (65.54.30.57) by NOK-AM1MHUB-03.mgdnok.nokia.com (65.54.30.7) with Microsoft SMTP Server (TLS) id 8.2.255.0; Thu, 25 Aug 2011 22:05:39 +0200
Received: from 008-AM1MPN1-051.mgdnok.nokia.com ([169.254.1.86]) by 008-AM1MMR1-002.mgdnok.nokia.com ([65.54.30.57]) with mapi id 14.01.0323.007; Thu, 25 Aug 2011 22:05:39 +0200
From: <Basavaraj.Patil@nokia.com>
To: <mccap@petoni.org>, <charliep@computer.org>
Thread-Topic: [MEXT] [!! SPAM] Re: Well-known problem with authentication/etc. in wireless networks
Thread-Index: AQHMY1wFXQKtm0ixAkGph0+eSVzEr5Ut2WuA//+vPIA=
Date: Thu, 25 Aug 2011 20:05:38 +0000
Message-ID: <CA7C1479.F9D7%basavaraj.patil@nokia.com>
In-Reply-To: <CACvMsLHnBrOyfcy62ncxidenfC6KsqmhEHvikFLSx4WDNVJcfQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.10.0.110310
x-originating-ip: [172.19.59.133]
Content-Type: text/plain; charset="iso-8859-1"
Content-ID: <0E87267F493C724A817FD6813B3ACC57@nokia.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginalArrivalTime: 25 Aug 2011 20:05:39.0803 (UTC) FILETIME=[5C93B2B0:01CC6362]
X-Nokia-AV: Clean
Cc: mext@ietf.org
Subject: Re: [MEXT] [!! SPAM] Re: Well-known problem with authentication/etc. in wireless networks
X-BeenThere: mext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Mobile IPv6 EXTensions WG <mext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mext>, <mailto:mext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mext>
List-Post: <mailto:mext@ietf.org>
List-Help: <mailto:mext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mext>, <mailto:mext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Aug 2011 20:04:41 -0000

That¹s a good summarization Pete.
But we do multiple authentications today.
We do access authentication (1) and then we have to authenticate with the
HA yet again in (3).
That could be optimized.

-Raj


On 8/25/11 2:54 PM, "ext Pete McCann" <mccap@petoni.org> wrote:

>Hi, Charlie,
>
>The problem seems to be we have the following three steps that have
>to be carried out in order:
>
>1) access authentication
>2) address assignment
>3) mobility management
>
>(3) depends on (2) because you can't bind your home address to a
>care-of address until you have a care-of address.  (2) depends on (1)
>because operators don't like to give out resources until they know they
>will get paid.
>
>It's possible to combine all these things into one protocol (perhaps PANA
>could have been that vehicle, if certain decisions had not been made) but
>the IETF seems to like breaking problems down into layered solutions.
>
>-Pete
>
>On Thu, Aug 25, 2011 at 3:19 PM, Charles E. Perkins
><charliep@computer.org> wrote:
>> Hello Pete,
>>
>> Yes, putting Mobile IP inside of EAP would be one approach.
>> It would have some interesting advantages.  Other approaches
>> might be more properly done in [netext] -- or perhaps have
>> already been looked; I could have possibly missed some of
>> the relevant discussion there.
>>
>> Regards,
>> Charlie P.
>>
>>
>>
>> On 8/25/2011 11:40 AM, Pete McCann wrote:
>>>
>>> Hi, Julien,
>>>
>>> Are you talking about EAP inside IKEv2?  That presupposes that the MN
>>> is already attached to the network somewhere and has an IP address
>>>(i.e.,
>>> it has already passed access authentication).
>>>
>>> It may be interesting to look at whether access authentication and
>>> mobility
>>> management can be combined.  For example, we could put Mobile IP (or
>>> some variant of it) inside an EAP exchange used for access
>>>authentication.
>>> Charlie, are you proposing something like this?
>>>
>>> -Pete
>>>
>>> On Thu, Aug 25, 2011 at 1:44 PM, Julien Laganier<julien.ietf@gmail.com>
>>>  wrote:
>>>>
>>>> Charlie,
>>>>
>>>> I am not sure I understand what is missing in MIPv6; a MN and an HA
>>>> can already mutually authenticate using EAP, and this is incidentally
>>>> what 3GPP leverages on, together with the EAP-AKA method. What is
>>>> missing?
>>>>
>>>> --julien
>>>>
>>>> On Wed, Aug 24, 2011 at 12:06 PM, Charles E. Perkins
>>>> <charliep@computer.org>  wrote:
>>>>>
>>>>> Hello folks,
>>>>>
>>>>> It's now 2011.  Mobile IP was standardized late in
>>>>> 1996, after work had already been started nearly
>>>>> ten years before.  Over two decades! -- and regardless
>>>>> of lip service to fixed/mobile convergence we still
>>>>> don't have seamless mobility in user devices across
>>>>> heterogeneous media, and standards organizations
>>>>> (notably 3GPP) are not properly taking advantage of
>>>>> what Mobile IP can do. The losers are the end-users,
>>>>> which means all of us.
>>>>>
>>>>> There are many reasons for this, but one of the
>>>>> main reasons has to do with authentication at the
>>>>> access network.  EAP in various forms is being
>>>>> utilized for this purpose, and Mobile IP is not,
>>>>> even though there has never been any reported
>>>>> failure of the RFC 5944 or RFC 4285 or RFC 6275
>>>>> (to my knowledge).  Moreover, unless there is
>>>>> something wrong with the cryptography that also
>>>>> has not been reported, these authentication methods
>>>>> enable _mutual_ authentication between the network
>>>>> and the client, not just client authentication.
>>>>>
>>>>> In order for Mobile IP to enable the real promise
>>>>> of high performance heterogeneous networking, we
>>>>> have to do some more work.  I would like to initiate
>>>>> some more discussion about this.  DMM is interesting
>>>>> in its own right, but it's not at all the whole
>>>>> story.  Moreover, with proper design, it is likely
>>>>> the supposed burden of signaling to the home agent
>>>>> can be substantially reduced.  As one simple example,
>>>>> if handovers are accomplished locally between trusted
>>>>> access agents (routers, 802.11 access controllers, ...)
>>>>> then the actual timing of tunnel redirection from the
>>>>> home agent becomes much less critical.  This is also
>>>>> intricately intertwined with authentication.
>>>>>
>>>>> If the Home Agent were recognized as a robust security
>>>>> appliance, then it could naturally sit on the network
>>>>> boundary as an IP-addressable device.  Mobile IP
>>>>> authentication could become the primary means of
>>>>> validating user access, instead of an afterthought
>>>>> to enable IP-address preservation after all the heavy
>>>>> lifting has been done a lower levels.
>>>>>
>>>>> I would like to propose that in this working group we
>>>>> should go about making this happen.  It seems to be
>>>>> important, and undeniably aligned with our working
>>>>> group responsibilities.
>>>>>
>>>>> Regards,
>>>>> Charlie P.
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> MEXT mailing list
>>>>> MEXT@ietf.org
>>>>> https://www.ietf.org/mailman/listinfo/mext
>>>>>
>>>> _______________________________________________
>>>> MEXT mailing list
>>>> MEXT@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/mext
>>>>
>>>
>>
>>
>_______________________________________________
>MEXT mailing list
>MEXT@ietf.org
>https://www.ietf.org/mailman/listinfo/mext

v2.8.7 | Report a Bug | By Email