IETF Logo Mail Archive

Re: [MEXT] FW: New Version Notification for draft-bajko-mext-sod-02.txt

Julien Laganier <julien.ietf@gmail.com> Mon, 18 July 2011 18:47 UTC

Return-Path: <julien.ietf@gmail.com>
X-Original-To: mext@ietfa.amsl.com
Delivered-To: mext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7670F21F8B8A for <mext@ietfa.amsl.com>; Mon, 18 Jul 2011 11:47:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.491
X-Spam-Level:
X-Spam-Status: No, score=-3.491 tagged_above=-999 required=5 tests=[AWL=0.108, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gfCOkdzFijEX for <mext@ietfa.amsl.com>; Mon, 18 Jul 2011 11:47:50 -0700 (PDT)
Received: from mail-fx0-f54.google.com (mail-fx0-f54.google.com [209.85.161.54]) by ietfa.amsl.com (Postfix) with ESMTP id 6269321F8B89 for <mext@ietf.org>; Mon, 18 Jul 2011 11:47:50 -0700 (PDT)
Received: by fxe4 with SMTP id 4so8183345fxe.27 for <mext@ietf.org>; Mon, 18 Jul 2011 11:47:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=QT7dIwPwh9/LhkLBfSaZ0gh3xg6vW4aOOF11zJ0m7To=; b=DhhP7j4Yidx+EQ+YZ3ILqAsXbogC4dDAGelEYyhrrmJALDeLzxRATCboDo1Fd7hLGt xXDWsiil/Mb1H8Pa8PjIvOU2jiyn3beYe32zPLivBHQhGKkbxAMguNc4S2wuwUmnUUUU XfxAyjSwmAXc1jCOc5/WATAlRqXwCiWKCIbxk=
MIME-Version: 1.0
Received: by 10.204.23.74 with SMTP id q10mr1869698bkb.270.1311014867881; Mon, 18 Jul 2011 11:47:47 -0700 (PDT)
Received: by 10.204.62.77 with HTTP; Mon, 18 Jul 2011 11:47:47 -0700 (PDT)
In-Reply-To: <CA48898C.212E3%sgundave@cisco.com>
References: <CA437A9B.1BB43%basavaraj.patil@nokia.com> <CA48898C.212E3%sgundave@cisco.com>
Date: Mon, 18 Jul 2011 11:47:47 -0700
Message-ID: <CAE_dhjvHqT5bT=HhzUSBTY429oaozRMeGTqrbXR1vjN6vrafYQ@mail.gmail.com>
From: Julien Laganier <julien.ietf@gmail.com>
To: Sri Gundavelli <sgundave@cisco.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Cc: mext@ietf.org, Basavaraj.Patil@nokia.com
Subject: Re: [MEXT] FW: New Version Notification for draft-bajko-mext-sod-02.txt
X-BeenThere: mext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Mobile IPv6 EXTensions WG <mext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mext>, <mailto:mext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mext>
List-Post: <mailto:mext@ietf.org>
List-Help: <mailto:mext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mext>, <mailto:mext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Jul 2011 18:47:51 -0000

Hi Sri,

Thanks for reviewing the draft. Re: point #2 below, IKEv2 is a mean
for HA and MN to negotiate IPsec Security Association. My
understanding of this draft is that it provides a mean for HA and MN
to negotiate the IPsec Security Policy that govern exchange of data
traffic between these two. As such the two are not exclusive or
redundant, but complimentary.

What do you think?

--julien

On Sun, Jul 17, 2011 at 12:43 PM, Sri Gundavelli <sgundave@cisco.com> wrote:
> Raj:
>
> I've reviwed this draft. Clarifying questions.
>
>
>
> 1. New Mobility option
>
>> data contains a location in XML format as defined in RFC5139
>
> I'm bit surprised on the need to carry Civic Location info. I thought it is
> intended for human interpretation. Ex: Building 24, 2nd Floor, in front of
> Starbucks, when this location info in this format is carried in MIP binding
> option, how can the home agent make use of it realistically ? I'm not sure,
> beyond the "S" flag the draft proposes, if this new mobility option is
> needed ? The draft is also not clear on the aspect of negotiation. It
> appears to be more a request in the form of "S" flag in the draft.
>
>
> 2. Use of IKEv2/RFC 4877
>
> If the MN is in a location where it decides to enable security protection
> for the data traffic, it can certainly establish an IPsec SA for the tunnel
> mode ESP. Wondering, if this needs to be achieved over a MIP control plane
> and the advantages with that approach ? Even if this needs to be determined
> after the MIP session set up, still there needs to be IKEv2 protocol
> exchange for creating the SA ? Nothing stops either the HA or the MN to
> create an SA for the tunnel mode ESP.
>
>
> 3. General question
>
> The HA is providing IP mobility service for the mobile node's home address.
> From the mobile node, or a correspondent node perspective, the home agent is
> just a pass through device. Securing the MN-HA link can certainly protects
> all the traffic for some part of the path segment, but it is not sufficient.
> If the argument is that, this is also a consideration for mobility service,
> as Julien/Raj or some one commented when it was presented, but I could not
> agree either way in my head, if this is really a service that the home agent
> needs to offer, or if it should be between the traffic flow end points.
>
> 4. Granularity/Traffic Selectors for Protection
>
> The mobile node may decide not to secure all traffic, as there is some
> pandora/youtube or other garbage traffic, which does not require protection.
> The approach here seems to be enable or disable data plane security. Why not
> try this with the DSMIP traffic flow selectors, as part of access selection
> for a flow, adding a bit to turn or off security might be an option ? You
> get the granularity for traffic protection as well.
>
>
> Regards
> Sri
>
>
>
>
>
>
>
>
> On 7/13/11 2:40 PM, "Basavaraj.Patil@nokia.com" <Basavaraj.Patil@nokia.com>
> wrote:
>
>>
>> We have posted a new version of the I-D. This does not incorporate the
>> review comments from Julien L., Kent Leung, Stefano Faccin and Jouni
>> Korhonen. We hope to do that in Rev 3 of the I-D in the next few weeks.
>>
>> -Raj
>>
>> On 7/11/11 6:10 PM, "ext internet-drafts@ietf.org"
>> <internet-drafts@ietf.org> wrote:
>>
>>> A new version of I-D, draft-bajko-mext-sod-02.txt has been successfully
>>> submitted by Basavaraj Patil and posted to the IETF repository.
>>>
>>> Filename:     draft-bajko-mext-sod
>>> Revision:     02
>>> Title:         Security on Demand for Mobile IPv6 and Dual-stack Mobile
>>> IPv6
>>> Creation date:     2011-07-12
>>> WG ID:         Individual Submission
>>> Number of pages: 9
>>>
>>> Abstract:
>>>   Mobile IPv6 and Dual-stack Mobile IPv6 protocols require the
>>>   signaling messages between the mobile node and home agent to be
>>>   secured.  However security for the user plane/traffic is optional and
>>>   is a choice left to the mobile node.  This document proposes
>>>   extensions to Mobile IPv6 signaling which enables the user plane
>>>   traffic to be secured on a need or on-demand basis.  The mobile node
>>>   or the home agent can request at any time security for the user plane
>>>   traffic.  Security for user plane traffic can be triggered as a
>>>   result of policy or, mobility or, at the user&#39;s choice.
>>>
>>>
>>
>> _______________________________________________
>> MEXT mailing list
>> MEXT@ietf.org
>> https://www.ietf.org/mailman/listinfo/mext
>
> _______________________________________________
> MEXT mailing list
> MEXT@ietf.org
> https://www.ietf.org/mailman/listinfo/mext
>

v2.8.7 | Report a Bug | By Email