IETF Logo Mail Archive

Re: [MEXT] [!! SPAM] Re: Well-known problem with authentication/etc. in wireless networks

Alper Yegin <alper.yegin@yegin.org> Thu, 25 August 2011 19:49 UTC

Return-Path: <alper.yegin@yegin.org>
X-Original-To: mext@ietfa.amsl.com
Delivered-To: mext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BA59021F8C46 for <mext@ietfa.amsl.com>; Thu, 25 Aug 2011 12:49:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DOnU9cy69CdU for <mext@ietfa.amsl.com>; Thu, 25 Aug 2011 12:49:02 -0700 (PDT)
Received: from mout.perfora.net (mout.perfora.net [74.208.4.195]) by ietfa.amsl.com (Postfix) with ESMTP id F182721F8C39 for <mext@ietf.org>; Thu, 25 Aug 2011 12:49:01 -0700 (PDT)
Received: from [172.20.10.3] ([46.155.26.100]) by mrelay.perfora.net (node=mrus2) with ESMTP (Nemesis) id 0MX1My-1QiQIq28tI-00W5nX; Thu, 25 Aug 2011 15:50:10 -0400
Mime-Version: 1.0 (Apple Message framework v1244.3)
Content-Type: text/plain; charset=us-ascii
From: Alper Yegin <alper.yegin@yegin.org>
In-Reply-To: <4E56A052.1000604@computer.org>
Date: Thu, 25 Aug 2011 22:50:02 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <2DE7A02D-05DA-4C99-AE17-1EB809A4E20C@yegin.org>
References: <4E554BAA.9080409@computer.org><CAE_dhjtz5ue1noQwzb5gcCFa1gq_4EY-hxMhQRL07JAQNZq3bg@mail.gmail.com> <CACvMsLEgYZ+z05x9O978OuRG+fn=EqspPxjiBfV5VB2UvS0wWg@mail.gmail.com> <4E56A052.1000604@computer.org>
To: charliep@computer.org
X-Mailer: Apple Mail (2.1244.3)
X-Provags-ID: V02:K0:EeRuJCSya+ZjVC4wRY9/TIH9lHIbbx+9XiTjIGVqnI4 Mb4cCPAXd4L5TfMwoMwCAAdZUBPKbAIYzgaWtY/WDQH82OyKQ3 4DTu4FyIuhPZAkgbW3HxrqErt55wb2vZNMqHshAbc0bMRVN4zK I+sjfQ0yc0PDO6RKxo8rb6nCTiJj65+i4Oj8GoZOYyKezXJWuQ ypHdCjg3B04R0HaUm6SQX5rN2uzmNiFa7+T4g/jDro=
Cc: Pete McCann <mccap@petoni.org>, mext <mext@ietf.org>
Subject: Re: [MEXT] [!! SPAM] Re: Well-known problem with authentication/etc. in wireless networks
X-BeenThere: mext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Mobile IPv6 EXTensions WG <mext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mext>, <mailto:mext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mext>
List-Post: <mailto:mext@ietf.org>
List-Help: <mailto:mext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mext>, <mailto:mext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Aug 2011 19:49:02 -0000

Charlie,

Lot of possibilities exist. EAP over Mobile IP, Mobile IP over EAP, etc. We can also blend in other protocols as well.

But I'm not clear on the problem statement. What are we trying to achieve, can we narrow that down?

Thanks.

Alper


On Aug 25, 2011, at 10:19 PM, Charles E. Perkins wrote:

> Hello Pete,
> 
> Yes, putting Mobile IP inside of EAP would be one approach.
> It would have some interesting advantages.  Other approaches
> might be more properly done in [netext] -- or perhaps have
> already been looked; I could have possibly missed some of
> the relevant discussion there.
> 
> Regards,
> Charlie P.
> 
> 
> 
> On 8/25/2011 11:40 AM, Pete McCann wrote:
>> Hi, Julien,
>> 
>> Are you talking about EAP inside IKEv2?  That presupposes that the MN
>> is already attached to the network somewhere and has an IP address (i.e.,
>> it has already passed access authentication).
>> 
>> It may be interesting to look at whether access authentication and mobility
>> management can be combined.  For example, we could put Mobile IP (or
>> some variant of it) inside an EAP exchange used for access authentication.
>> Charlie, are you proposing something like this?
>> 
>> -Pete
>> 
>> On Thu, Aug 25, 2011 at 1:44 PM, Julien Laganier<julien.ietf@gmail.com>  wrote:
>>> Charlie,
>>> 
>>> I am not sure I understand what is missing in MIPv6; a MN and an HA
>>> can already mutually authenticate using EAP, and this is incidentally
>>> what 3GPP leverages on, together with the EAP-AKA method. What is
>>> missing?
>>> 
>>> --julien
>>> 
>>> On Wed, Aug 24, 2011 at 12:06 PM, Charles E. Perkins
>>> <charliep@computer.org>  wrote:
>>>> 
>>>> Hello folks,
>>>> 
>>>> It's now 2011.  Mobile IP was standardized late in
>>>> 1996, after work had already been started nearly
>>>> ten years before.  Over two decades! -- and regardless
>>>> of lip service to fixed/mobile convergence we still
>>>> don't have seamless mobility in user devices across
>>>> heterogeneous media, and standards organizations
>>>> (notably 3GPP) are not properly taking advantage of
>>>> what Mobile IP can do. The losers are the end-users,
>>>> which means all of us.
>>>> 
>>>> There are many reasons for this, but one of the
>>>> main reasons has to do with authentication at the
>>>> access network.  EAP in various forms is being
>>>> utilized for this purpose, and Mobile IP is not,
>>>> even though there has never been any reported
>>>> failure of the RFC 5944 or RFC 4285 or RFC 6275
>>>> (to my knowledge).  Moreover, unless there is
>>>> something wrong with the cryptography that also
>>>> has not been reported, these authentication methods
>>>> enable _mutual_ authentication between the network
>>>> and the client, not just client authentication.
>>>> 
>>>> In order for Mobile IP to enable the real promise
>>>> of high performance heterogeneous networking, we
>>>> have to do some more work.  I would like to initiate
>>>> some more discussion about this.  DMM is interesting
>>>> in its own right, but it's not at all the whole
>>>> story.  Moreover, with proper design, it is likely
>>>> the supposed burden of signaling to the home agent
>>>> can be substantially reduced.  As one simple example,
>>>> if handovers are accomplished locally between trusted
>>>> access agents (routers, 802.11 access controllers, ...)
>>>> then the actual timing of tunnel redirection from the
>>>> home agent becomes much less critical.  This is also
>>>> intricately intertwined with authentication.
>>>> 
>>>> If the Home Agent were recognized as a robust security
>>>> appliance, then it could naturally sit on the network
>>>> boundary as an IP-addressable device.  Mobile IP
>>>> authentication could become the primary means of
>>>> validating user access, instead of an afterthought
>>>> to enable IP-address preservation after all the heavy
>>>> lifting has been done a lower levels.
>>>> 
>>>> I would like to propose that in this working group we
>>>> should go about making this happen.  It seems to be
>>>> important, and undeniably aligned with our working
>>>> group responsibilities.
>>>> 
>>>> Regards,
>>>> Charlie P.
>>>> 
>>>> 
>>>> _______________________________________________
>>>> MEXT mailing list
>>>> MEXT@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/mext
>>>> 
>>> _______________________________________________
>>> MEXT mailing list
>>> MEXT@ietf.org
>>> https://www.ietf.org/mailman/listinfo/mext
>>> 
>> 
> 
> _______________________________________________
> MEXT mailing list
> MEXT@ietf.org
> https://www.ietf.org/mailman/listinfo/mext

v2.8.7 | Report a Bug | By Email