IETF Logo Mail Archive

Re: [MEXT] New Version Notification fordraft-perkins-mext-hatunaddr-01.txt

Romain KUNTZ <rkuntz@us.toyota-itc.com> Tue, 01 November 2011 18:19 UTC

Return-Path: <rkuntz@us.toyota-itc.com>
X-Original-To: mext@ietfa.amsl.com
Delivered-To: mext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3F2C311E80E6 for <mext@ietfa.amsl.com>; Tue, 1 Nov 2011 11:19:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6G39vDbmGFJ5 for <mext@ietfa.amsl.com>; Tue, 1 Nov 2011 11:19:58 -0700 (PDT)
Received: from na3sys009aog103.obsmtp.com (na3sys009aog103.obsmtp.com [74.125.149.71]) by ietfa.amsl.com (Postfix) with SMTP id F1AD511E80C9 for <mext@ietf.org>; Tue, 1 Nov 2011 11:19:57 -0700 (PDT)
Received: from mail-gx0-f172.google.com ([209.85.161.172]) (using TLSv1) by na3sys009aob103.postini.com ([74.125.148.12]) with SMTP; Tue, 01 Nov 2011 11:19:58 PDT
Received: by mail-gx0-f172.google.com with SMTP id v1so8700812ggn.31 for <mext@ietf.org>; Tue, 01 Nov 2011 11:19:20 -0700 (PDT)
Received: by 10.150.143.18 with SMTP id q18mr1738833ybd.81.1320171560352; Tue, 01 Nov 2011 11:19:20 -0700 (PDT)
Received: from dmohan.paloalto.toyota-itc.com ([206.132.173.18]) by mx.google.com with ESMTPS id p5sm63944111anl.18.2011.11.01.11.19.16 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 01 Nov 2011 11:19:17 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1251.1)
Content-Type: text/plain; charset=iso-8859-1
From: Romain KUNTZ <rkuntz@us.toyota-itc.com>
In-Reply-To: <4EAF1E39.3020209@earthlink.net>
Date: Tue, 1 Nov 2011 11:19:11 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <7793C4DA-B675-4730-8079-AE4FE08A3501@us.toyota-itc.com>
References: <20110803185832.21283.61262.idtracker@ietfa.amsl.com><4E399F6E.8090508@computer.org><75B8624B-6C94-4B7F-9487-DCF0E06B5256@us.toyota-itc.com> <4EAB1A93.8050605@computer.org> <4EAF1E39.3020209@earthlink.net>
To: Charles E. Perkins <charles.perkins@earthlink.net>
X-Mailer: Apple Mail (2.1251.1)
Cc: charliep@computer.org, mext <mext@ietf.org>
Subject: Re: [MEXT] New Version Notification fordraft-perkins-mext-hatunaddr-01.txt
X-BeenThere: mext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Mobile IPv6 EXTensions WG <mext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mext>, <mailto:mext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mext>
List-Post: <mailto:mext@ietf.org>
List-Help: <mailto:mext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mext>, <mailto:mext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Nov 2011 18:19:59 -0000

Hello Charlie,

That's right, I believe the signaling still goes to the primary HA and thus can be secured as usual, and as mandated by the MIPv6 spec. 
Beside, the mobile node can choose to send the IPsec'd traffic through its primary HA if needed.

Thank you,
Romain

On Oct 31, 2011, at 15:16, Charles E. Perkins wrote:

> Hello again Romain,
> 
> I didn't have time to do the specification for any
> new extension for the suggested options revised from
> RFC 3957.  I'll try to do it later this week, but the
> result can't be officially submitted until I get to
> the IETF.
> 
> Anyway, traffic to/from the mobile node <--> home agent
> doesn't always have to be protected, especially looking
> at the relative proportion of data traffic today that
> is sent via IPsec.  It seems to me that the problem is
> important, and must be solved, but not a showstopper.
> 
> Regards,
> Charlie P.
> 
> 
> 
> On 10/28/2011 2:11 PM, Charles E. Perkins wrote:
>> Hello Romain,
>> 
>> Thank you for reminding me about this point. It had been
>> raised previously during some related discussions for DMM
>> late last year, and I plainly forgot to fill in any details
>> about the problem.
>> 
>> After looking over RFC 3957, I think the most efficient way
>> towards solution will be to define a new extension similar
>> to the Generalized MN-HA Key Generation Nonce Request and
>> Generalized MN-HA Key Generation Nonce Reply extensions.
>> It's not a perfect fit, but it's pretty close. If there is
>> any interest for an IPv4-based solution, I could easily
>> write up a new subtype for the RFC 3957 (IPv4) extensions.
>> 
>> The formula for calculating the key in Section 5 needs to be
>> updated, perhaps to the following:
>> key = HMAC-SHA1 (HA-key,
>> {Key Generation Nonce ||
>> mobile node identifier ||
>> HA-D IPv6_address})
>> 
>> A similar formula would apply for any specification
>> in which the key nonce was generated by AAA instead of
>> the [control-plane] Home Agent [HA-C].
>> 
>> The manner in which the HA-D get the corresponding
>> configuration information doesn't have to be specified
>> in the ...mext-hatunaddr... draft.
>> 
>> I'll try to get an updated draft out before the draft
>> deadline on Monday. Thanks for your comment. While
>> mostly straightforward, the update will take a pretty
>> good bit of carefully written text.
>> 
>> Regards,
>> Charlie P.
>> 
>> 
>> On 8/4/2011 11:39 AM, Romain KUNTZ wrote:
>>> Hello Charlie,
>>> 
>>> If the MN has to tunnel data to a different HA than the one to which
>>> it sends the BU, then it also needs an IPsec SA with that HA. How
>>> would the MN create such SA as it does not know in advance what HA it
>>> may use for tunneling? My guess is that the MN is supposed to trust
>>> the address received in the option and create the SA upon reception of
>>> the option. Similarly, all of the HA tunneling box would also need to
>>> be configured with the corresponding SA. Some considerations about
>>> that may be needed in the draft.
>>> 
>>> Regards,
>>> romain
>>> 
>>> 
>>> On Aug 3, 2011, at 12:20, Charles E. Perkins wrote:
>>> 
>>>> 
>>>> Hello folks,
>>>> 
>>>> My draft has now made it through the submission process.
>>>> Please excuse the repeat notification...
>>>> 
>>>> Comments will be appreciated.
>>>> 
>>>> Regards,
>>>> Charlie P.
>>>> 
>>>> 
>>>> -------- Original Message --------
>>>> Subject: New Version Notification for
>>>> draft-perkins-mext-hatunaddr-01.txt
>>>> Date: Wed, 03 Aug 2011 11:58:32 -0700
>>>> From:<internet-drafts@ietf.org>
>>>> To:<charliep@computer.org>
>>>> CC:<charliep@computer.org>
>>>> 
>>>> A new version of I-D, draft-perkins-mext-hatunaddr-01.txt has been
>>>> successfully submitted by Charles Perkins and posted to the IETF
>>>> repository.
>>>> 
>>>> Filename: draft-perkins-mext-hatunaddr
>>>> Revision: 01
>>>> Title: Alternate Tunnel Source Address for Home Agent
>>>> Creation date: 2011-08-03
>>>> WG ID: Individual Submission
>>>> Number of pages: 10
>>>> 
>>>> Abstract:
>>>> Widely deployed mobility management systems for wireless
>>>> communications have isolated the path for forwarding data from the
>>>> control plane signaling for mobility management. To realize this
>>>> requirement with Mobile IP requires that the control functions of the
>>>> home agent be addressable at a different IP address than the source
>>>> IP address of the tunnel between the home agent and mobile node.
>>>> Similar considerations hold for mobility anchors implementing
>>>> Hierarchical Mobile IP or PMIP.
>>>> 
>>>> 
>>>> 
>>>> 
>>>> The IETF Secretariat
>>>> 
>>>> _______________________________________________
>>>> MEXT mailing list
>>>> MEXT@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/mext
>>> 
>>> 
>> 
>> _______________________________________________
>> MEXT mailing list
>> MEXT@ietf.org
>> https://www.ietf.org/mailman/listinfo/mext
>> 
>

v2.8.7 | Report a Bug | By Email