[MEXT] review of draft-bajko-mext-sod-01
jouni korhonen <jouni.nospam@gmail.com> Wed, 09 February 2011 21:19 UTC
Return-Path: <jouni.nospam@gmail.com>
X-Original-To: mext@core3.amsl.com
Delivered-To: mext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix)
with ESMTP id 76FDE3A67F0 for <mext@core3.amsl.com>;
Wed, 9 Feb 2011 13:19:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5
tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8Q4ZIvqoRFsJ for
<mext@core3.amsl.com>; Wed, 9 Feb 2011 13:19:38 -0800 (PST)
Received: from mail-bw0-f44.google.com (mail-bw0-f44.google.com
[209.85.214.44]) by core3.amsl.com (Postfix) with ESMTP id 5DC783A67C3 for
<mext@ietf.org>; Wed, 9 Feb 2011 13:19:38 -0800 (PST)
Received: by bwz12 with SMTP id 12so1524949bwz.31 for <mext@ietf.org>;
Wed, 09 Feb 2011 13:19:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
h=domainkey-signature:from:content-type:content-transfer-encoding
:subject:date:message-id:to:mime-version:x-mailer;
bh=YY4q7i+gMd+ZZDhNuBllV5axVTEapOjfrGdmXXclW0M=;
b=wnTNxfyWB+x4H/RCXozuy/67AVqXxlzSihqIAas8psPiytn9Mz19ETzoynSzNnhjZq
IVsucqID8kpuC2UcOktgkDqC9GA9ARGSNP+jHSU2wyh+hVvnH2YFW4eePCpNh5PtuoDm
wJNYyLUQa+xiEw+aLbv3PWL09E03yK6BNPlls=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
h=from:content-type:content-transfer-encoding:subject:date:message-id
:to:mime-version:x-mailer;
b=pacLzuYFba4njDyiFFE0s24ujmAYHo4dEHqT5evlZxsPNmS8X7Fgy3g9cYfuU1D160
YUCdWcAp6Y1708E1j/xmQp4w4/pEvB9JZtDaiYbHdk8Vvb9CG/puNpivK+mLIOwx84Lf
eDJc4JKrtM9WMDByr75QKCNem/sPTBL8ktuDI=
Received: by 10.204.0.65 with SMTP id 1mr7897160bka.111.1297286387638;
Wed, 09 Feb 2011 13:19:47 -0800 (PST)
Received: from a88-112-143-79.elisa-laajakaista.fi
(a88-112-143-79.elisa-laajakaista.fi [88.112.143.79]) by mx.google.com with
ESMTPS id rc9sm511817bkb.14.2011.02.09.13.19.45 (version=TLSv1/SSLv3
cipher=RC4-MD5); Wed, 09 Feb 2011 13:19:46 -0800 (PST)
From: jouni korhonen <jouni.nospam@gmail.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Date: Wed, 9 Feb 2011 23:19:45 +0200
Message-Id: <5ECC386B-CD36-45AE-943D-01F39264242D@gmail.com>
To: mext@ietf.org
Mime-Version: 1.0 (Apple Message framework v1078)
X-Mailer: Apple Mail (2.1078)
Subject: [MEXT] review of draft-bajko-mext-sod-01
X-BeenThere: mext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Mobile IPv6 EXTensions WG <mext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/mext>,
<mailto:mext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mext>
List-Post: <mailto:mext@ietf.org>
List-Help: <mailto:mext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mext>,
<mailto:mext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Feb 2011 21:19:39 -0000
Hi, In Beijing meeting I volunteered to review draft-bajko-mext-sod-01. I'll skip the editorials and such. The text would need some editing for sure ;) * Section 1 As per the current MIP6 [RFC3775] specification, only the MN has the ability to enable security for user-plane traffic. The HA has no ability to force the MN to secure user traffic. Strictly based on rfc3775 yes. However, if IKE is used as the key management protocol, then it is possible to have some level of security level negotiation between the MN and the HA. That approach would not be as dynamic as proposed in the I-D but still.. * Section 2 This section would definitely benefit from having more references to the different technologies/elements listed. Also expanding some of the acronyms would not make harm. * Section 3 response acknowledging the request and setting the flag for user plane traffic security to Null indicating to the MN that the traffic on the link between the MN and HA will not be encrypted. Setting to "Null"..? Do you rather mean the HA modifies the SPD for HA->MN direction accordingly and makes the MN destined user traffic to bypass IPsec? And a similar action needs to be done on the MN for the MN->HA direction. * Section 4.1 S When set, this flag indicates HA acknowledges, or strongly recommends, use of user plane encryption. When clear, HA does not support or allow use of user plane encryption. This also means that the MN has no way of knowing whether the S was unset because a) HA policy said so, or b) HA did not understand the whole thing. In case of b) the MN might want to detach from this particular HA and try to find a HA that supports the feature proposed in this I-D. I see this as an issue that needs to be solved somehow. * Section 4.2 I understand the introduction of this option but would still consider it not being an essential part of the on-demand security enhancement proposed by this I-D. * Section 5 This document does not require actions by IANA. I kind of disagree ;) As a summary. The proposed solution seems useful. Some work on the I-D is though needed. - Jouni
- [MEXT] review of draft-bajko-mext-sod-01 jouni korhonen
- Re: [MEXT] review of draft-bajko-mext-sod-01 Julien Laganier
- Re: [MEXT] review of draft-bajko-mext-sod-01 Basavaraj.Patil
- Re: [MEXT] review of draft-bajko-mext-sod-01 jouni korhonen
- Re: [MEXT] review of draft-bajko-mext-sod-01 Julien Laganier
- [MEXT] review of draft-bajko-mext-sod-01 Stefano Faccin
- Re: [MEXT] review of draft-bajko-mext-sod-01 jouni korhonen
- Re: [MEXT] review of draft-bajko-mext-sod-01 Julien Laganier
- Re: [MEXT] review of draft-bajko-mext-sod-01 Stefano Faccin
- Re: [MEXT] review of draft-bajko-mext-sod-01 Julien Laganier