Re: [Mip6] Comments for draft-ietf-mip6-rfc4285bis-00.txt
Hannes Tschofenig <Hannes.Tschofenig@gmx.net> Mon, 24 September 2007 13:55 UTC
Return-path: <mip6-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IZoOu-0002M0-WB; Mon, 24 Sep 2007 09:55:05 -0400
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IZoOt-0002Ld-IA for mip6@ietf.org; Mon, 24 Sep 2007 09:55:03 -0400
Received: from mail.gmx.net ([213.165.64.20]) by chiedprmail1.ietf.org with smtp (Exim 4.43) id 1IZoOs-0001lT-K2 for mip6@ietf.org; Mon, 24 Sep 2007 09:55:03 -0400
Received: (qmail invoked by alias); 24 Sep 2007 13:55:01 -0000
Received: from socks-ic-ext.mch.sbs.de (EHLO [194.138.17.187]) [194.138.17.187] by mail.gmx.net (mp052) with SMTP; 24 Sep 2007 15:55:01 +0200
X-Authenticated: #29516787
X-Provags-ID: V01U2FsdGVkX1/SLwI42AjS24kr/9t06b0wLXXxWqFbKY1t/i0s+n b5Z8YFXzANUKVD
Message-ID: <46F7C1B3.4020105@gmx.net>
Date: Mon, 24 Sep 2007 15:54:59 +0200
From: Hannes Tschofenig <Hannes.Tschofenig@gmx.net>
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: "Chowdhury, Kuntal" <kchowdhury@starentnetworks.com>
Subject: Re: [Mip6] Comments for draft-ietf-mip6-rfc4285bis-00.txt
References: <7CCD07160348804497EF29E9EA5560D7024DA60A$0001@exchtewks2.starentnetworks.com> <46F7A714.50207@gmx.net>
In-Reply-To: <46F7A714.50207@gmx.net>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Y-GMX-Trusted: 0
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 29dc808194f5fb921c09d0040806d6eb
Cc: Mobile IPv6 Mailing List <mip6@ietf.org>
X-BeenThere: mip6@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: mip6.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/mip6>, <mailto:mip6-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:mip6@ietf.org>
List-Help: <mailto:mip6-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/mip6>, <mailto:mip6-request@ietf.org?subject=subscribe>
Errors-To: mip6-bounces@ietf.org
Hi Kuntal, I wanted to be a bit more specific about the feedback regarding the timestamp-based replay protection technique. I believe the following two paragraphs should make everything clear. In Section 5.2 of http://tools.ietf.org/html/draft-ietf-mip6-rfc4285bis-00 you could write: " When the MN-AAA authentication mobility option is present in a BU the mobility message replay protection in section 6 option SHOULD be used. " At the end of Section 6 of http://tools.ietf.org/html/draft-ietf-mip6-rfc4285bis-00 you should indicate: " If the Mobile Node receives a Binding Acknowledgement with the code MIPV6-ID-MISMATCH, which is a response to a BU containing a MN-AAA authentication mobility option, and the authentication of the BA succeeds, the Mobile Node MUST resend the BU including the MN-AAA authentication mobility option, using the updated timestamp value. " The text about resynchronization of the timestamp between the MN <-> HA is already in the draft but the statement regarding the the MN-AAA usage is missing. This paragraph would provide that statement. Ciao Hannes Hannes Tschofenig wrote: > Hi Kuntal, > > Chowdhury, Kuntal wrote: >> Hi Hannes, >> >> Sorry for the late follow-up on this. Please see inline... >> >> -Kuntal >> >> >> >>> -----Original Message----- >>> From: Hannes Tschofenig [mailto:Hannes.Tschofenig@gmx.net] >>> Sent: Saturday, September 01, 2007 3:13 PM >>> To: Mobile IPv6 Mailing List >>> Subject: [Mip6] Comments for draft-ietf-mip6-rfc4285bis-00.txt >>> >>> Re-reading draft-ietf-mip6-rfc4285bis-00.txt I noticed a couple of >>> >> things. >> >>> * The references are out of date >>> >>> Example: draft-ietf-mip6-mn-ident-option-03.txt become RFC 4283 in >>> >> 2005. >> [KC>] Fixed. >> >> >>> * RFC 3344 is a normative reference without a reason >>> >>> >> [KC>] will be moved under informative references. >> >> >>> * More RFC 2119 language is needed. When someone reads through the >>> >> text >> >>> then the places are pretty obvious. I could list them, if someone >>> >> cares. >> [KC>] We will add RFC 2119 in the reference list. The Terminology >> section already points to RCC 2119. What else is needed? >> >> > I noticed that a couple of MUST, SHOULD and MAYs in the document need > to be capitalized. > I can spot them for you, if you want. > >>> * Replay Protection: There is no mandatory to implement replay >>> protection technique. To me it seems that only the timestamp based >>> replay protection really seems to be usable when used in combination >>> with the AAA infrastructure. >>> >>> >> [KC>] I am not sure why so. It is true that only timestamp based relay >> protection scheme is specified in the current version of the I-D, but >> that should not necessitate use of an AAA infrastructure! > There are two separate issues regarding replay protection here. First, > there is the replay protection between the HA and the MN and then > there is replay protection also needed between MN and AAAS. For the > latter you have to mandate the usage of timestamp based replay > protection and resynchronization in order to get a working system. So > far, only timestamp based replay protection is described for the > interaction between MN to AAAs (unless you consider the extensions in > draft-devarapalli-mip6-authprotocol-bootstrap-02.txt). > > I can provide the text for you to make it clearer for you what I > actually mean. > > >> Anyway, please refer to Appendix A (Rationale for mobility message >> replay protection option) for further details on the reason for >> selecting timestamp based replay protection mode. >> >> > The appendix is fine with respect to the replay protection between MN > and HA. > > Ciao > Hannes > >>> Ciao >>> Hannes >>> >>> >>> _______________________________________________ >>> Mip6 mailing list >>> Mip6@ietf.org >>> https://www1.ietf.org/mailman/listinfo/mip6 >>> >> >> >> "This email message and any attachments are confidential information >> of Starent Networks, Corp. The information transmitted may not be >> used to create or change any contractual obligations of Starent >> Networks, Corp. Any review, retransmission, dissemination or other >> use of, or taking of any action in reliance upon this e-mail and its >> attachments by persons or entities other than the intended recipient >> is prohibited. If you are not the intended recipient, please notify >> the sender immediately -- by replying to this message or by sending >> an email to postmaster@starentnetworks.com -- and destroy all copies >> of this message and any attachments without reading or disclosing >> their contents. Thank you." >> > > _______________________________________________ Mip6 mailing list Mip6@ietf.org https://www1.ietf.org/mailman/listinfo/mip6
- [Mip6] Comments for draft-ietf-mip6-rfc4285bis-00… Hannes Tschofenig
- RE: [Mip6] Comments for draft-ietf-mip6-rfc4285bi… Ahmad Muhanna
- RE: [Mip6] Comments for draft-ietf-mip6-rfc4285bi… Chowdhury, Kuntal
- Re: [Mip6] Comments for draft-ietf-mip6-rfc4285bi… Hannes Tschofenig
- Re: [Mip6] Comments for draft-ietf-mip6-rfc4285bi… Hannes Tschofenig
- RE: [Mip6] Comments for draft-ietf-mip6-rfc4285bi… Chowdhury, Kuntal