IETF Logo Mail Archive

Re: [Mip4] Does MIP support RegReq authentication without having to do timekeeping?

Ahmad Muhanna <amuhanna@awardsolutions.com> Thu, 14 March 2013 18:44 UTC

Return-Path: <amuhanna@awardsolutions.com>
X-Original-To: mip4@ietfa.amsl.com
Delivered-To: mip4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0E81121F8DA8 for <mip4@ietfa.amsl.com>; Thu, 14 Mar 2013 11:44:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s+JuM4-MDP3Z for <mip4@ietfa.amsl.com>; Thu, 14 Mar 2013 11:44:38 -0700 (PDT)
Received: from exprod8og114.obsmtp.com (exprod8og114.obsmtp.com [64.18.3.28]) by ietfa.amsl.com (Postfix) with ESMTP id B5E7121F8D17 for <mip4@ietf.org>; Thu, 14 Mar 2013 11:44:37 -0700 (PDT)
Received: from mail.awardsolutions.com ([66.142.250.98]) (using TLSv1) by exprod8ob114.postini.com ([64.18.7.12]) with SMTP ID DSNKUUIZtL10+/qhTDV2innEZ5d1X6MEhI+m@postini.com; Thu, 14 Mar 2013 11:40:53 PDT
Received: from REDWOOD.usa.awardsolutions.com ([fe80::a1f1:7708:4a71:9fee]) by Redwood.usa.awardsolutions.com ([fe80::a1f1:7708:4a71:9fee%11]) with mapi id 14.01.0438.000; Thu, 14 Mar 2013 13:44:35 -0500
From: Ahmad Muhanna <amuhanna@awardsolutions.com>
To: Alexandru Petrescu <alexandru.petrescu@gmail.com>, Mobile IPv4 Mailing List <mip4@ietf.org>
Thread-Topic: [Mip4] Does MIP support RegReq authentication without having to do timekeeping?
Thread-Index: AQHOINhsTBPzIQFtNkS6cO9qzV4P1pilhFTw
Date: Thu, 14 Mar 2013 18:44:34 +0000
Message-ID: <3359F724933DFD458579D24EAC769098857A51DC@Redwood.usa.awardsolutions.com>
References: <514206FE.7050807@gmail.com>
In-Reply-To: <514206FE.7050807@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.25.208.42]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [Mip4] Does MIP support RegReq authentication without having to do timekeeping?
X-BeenThere: mip4@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Mobility for IPv4 <mip4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mip4>, <mailto:mip4-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mip4>
List-Post: <mailto:mip4@ietf.org>
List-Help: <mailto:mip4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mip4>, <mailto:mip4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Mar 2013 18:44:39 -0000

Hi Alex,

As far as I recall, RFC2002 and all updates afterwards, allow the use of nonce.
Basically like a challenge.

>From implementation prospective; I would allow both to coexist as follows:
1. Both HA and MR uses timestamp as normal and no issue there.
2. When the MR fails or start NOT to have a valid time, the MR should have remembered the last RRP ID which is based on timestamp and use that for Re-Registration.
3. At the HA, it should check timestamp first, if it passes then timestamp continues to work; if it fails, the HA should check the Re-Registration ID against the last ID that was sent in the last RRP, if it is the same, the HA should allow the RRP to go through.

I Hope this helps!

Cheers!

Best Regards,
Ahmad

-----Original Message-----
From: mip4-bounces@ietf.org [mailto:mip4-bounces@ietf.org] On Behalf Of Alexandru Petrescu
Sent: Thursday, March 14, 2013 12:21 PM
To: Mobile IPv4 Mailing List
Subject: [Mip4] Does MIP support RegReq authentication without having to do timekeeping?

MIP4 participants,

I would like to learn whether Mobile IPv4 spec supports an authentication scheme for RegReq/RegRep which does not rely on timekeeping.

Let me explain why.

We use a Mobile Router in a moving network that gets connected to the Home Agent.  The Mobile Router's power supply may be turned off (its battery dies out after an extended period of inactivity, like in a vehicle).  At that point the MR looses its time.

When it finally wakes up, it has to perform a Registration Req/Rep with the HA, without assuming that its time is correct.  Or, the MIP4 regreq/regrep HA implementation that we use seems to rely on having the right time, otherwise the registration fails.

Under these conditions, is it possible to use an auth mechanism which does not rely on timekeeping?

Alex

--
Mip4 mailing list: Mip4@ietf.org
    Web interface: https://www.ietf.org/mailman/listinfo/mip4
     Charter page: http://www.ietf.org/html.charters/mip4-charter.html
Supplemental site: http://www.mip4.org/

v2.23.0 | Report a Bug | By Email