Re: [Mip6] comments about draft-ietf-mip6-ikev2-ipsec-03.txt
Vijay Devarapalli <vijayd@iprg.nokia.com> Mon, 24 October 2005 03:53 UTC
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1ETtOc-0001PW-5m; Sun, 23 Oct 2005 23:53:14 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1ETtOa-0001PD-7g for mip6@megatron.ietf.org; Sun, 23 Oct 2005 23:53:12 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id XAA11018 for <mip6@ietf.org>; Sun, 23 Oct 2005 23:52:59 -0400 (EDT)
Received: from darkstar.iprg.nokia.com ([205.226.5.69]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1ETtbF-0001kE-Cb for mip6@ietf.org; Mon, 24 Oct 2005 00:06:18 -0400
Received: (from root@localhost) by darkstar.iprg.nokia.com (8.11.0/8.11.0-DARKSTAR) id j9O3K1904714; Sun, 23 Oct 2005 20:20:01 -0700
X-mProtect: <200510240320> Nokia Silicon Valley Messaging Protection
Received: from da-niradhcp16563.americas.nokia.com (10.241.165.63, claiming to be "[127.0.0.1]") by darkstar.iprg.nokia.com smtpdIvLqfh; Sun, 23 Oct 2005 20:20:00 PDT
Message-ID: <435C5A8C.7020908@iprg.nokia.com>
Date: Sun, 23 Oct 2005 20:52:44 -0700
From: Vijay Devarapalli <vijayd@iprg.nokia.com>
User-Agent: Mozilla Thunderbird 1.0.7 (Windows/20050923)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Francis Dupont <Francis.Dupont@enst-bretagne.fr>
Subject: Re: [Mip6] comments about draft-ietf-mip6-ikev2-ipsec-03.txt
References: <200510221013.j9MADilC064652@givry.rennes.enst-bretagne.fr>
In-Reply-To: <200510221013.j9MADilC064652@givry.rennes.enst-bretagne.fr>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: cd26b070c2577ac175cd3a6d878c6248
Content-Transfer-Encoding: 7bit
Cc: mip6@ietf.org, vijay.devarapalli@nokia.com
X-BeenThere: mip6@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: mip6.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/mip6>, <mailto:mip6-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:mip6@ietf.org>
List-Help: <mailto:mip6-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/mip6>, <mailto:mip6-request@ietf.org?subject=subscribe>
Sender: mip6-bounces@ietf.org
Errors-To: mip6-bounces@ietf.org
Francis Dupont wrote: > > > In 5.4 page 11 I can't see a trace of the protocol=MH option... > > > > 5.4 is about payload traffic. that means protocol = 'any'. > > > > => so perhaps we should add a subsection here to explain how to do > > the protocol=MH option (which is easier than the "any" because it is > > not equivalent to a transport mode applied to a tunnel). Note I have > > the same concern about 6.1.4 (where currently proto = X ?! :-). > > I made a mistake in my earlier mail. it shouldnt have been 'any'. > it should have been 'X', which 'X' stands for a particular > protocol. perhaps thats enough? > > => the word any was overloaded in RFC 3776 section 3.4, in fact there are > 3 cases: > - X is really an any protocol > - X is MH > - X stands for all protocols (i.e., 'any') > This has to be solved in the introduction as the DB entries look similar. I could add a sentence saying by payload we mean all traffic excluding MIPv6 signaling messages. > > > In 6.3 page 18: > > > > > > ... on the mobile node > > > when it receives the Binding acknowledgement sent by the home agent. > > > > > > => I discussed this with Shinta-san and the endpoint update is performed > > > by the mobile node after it sends the BU, i.e., the MN doesn't wait for > > > the BA. Cf draft-sugimoto-mip6-pfkey-migrate-01.txt 4.1.2 page 7. > > > > I dont mind making the change, but do you think the mobile node > > can start using the new CoA for tunneled packets before it is > > sure the BU has been processed by the HA? > > > > => usually it can't use the old CoA... and we can be optimistic. > > Note the HA should not check the outer source address (cf RFC 2401(bis)) > > so if the BU fails the issue will be for returned traffic (CN->HA->MN). > > I went back and looked at the text. it talks about the IKE SA. > data traffic wont be sent over the IKE SA. I guess there is > no urgent need to update the IKE SA? > > => The discussion with Shinta-san was about the SPD and SAD update > but the IKE SA can be updated in fact at the same time. The only > thing to wait for the BAck gives is the K flag from the HA so > if the MN but not the HA support the K stuff the IKE SA is not > updated then reestablished... IMHO this doesn't matter and we > have clearly a case of overspecification. I can see two ways > to solve this: > - remove the "and on the mobile node" > - add in the "and on the mobile node" the alternative. > I believe the second is a bit better so the text should be: > > If the mobile node moves and its care-of address changes, the IKEv2 > SA might not be valid, unless the mobility extensions defined in [13] > are implemented by both the mobile node and the home agent. RFC 3775 > defines a mechanism based on the successful exchange of Binding > Update and Binding Acknowledgement messages. The IKE SA endpoints > are updated on the home agent when it receives the Binding Update > from the mobile node's new care-of address and on the mobile node > when it sends the Binding Update to the home agent or when it receives > the Binding Acknowledgement sent by the home agent. > This capability to change IKE endpoints is indicated through setting > the Key Management Capability (K) flag [2] in the Binding Update and > Binding Acknowledgement messages. If the mobile node or the home > agent does not support this capability, then an IKEv2 exchange MUST > be initiated to re-establish the IKE SA. > > (PS: note the uppercase in Acknowledgement) okay. Vijay _______________________________________________ Mip6 mailing list Mip6@ietf.org https://www1.ietf.org/mailman/listinfo/mip6
- [Mip6] comments about draft-ietf-mip6-ikev2-ipsec… Francis Dupont
- Re: [Mip6] comments about draft-ietf-mip6-ikev2-i… Vijay Devarapalli
- Re: [Mip6] comments about draft-ietf-mip6-ikev2-i… Francis Dupont
- Re: [Mip6] comments about draft-ietf-mip6-ikev2-i… Vijay Devarapalli
- Re: [Mip6] comments about draft-ietf-mip6-ikev2-i… Francis Dupont
- RE: [Mip6] comments about draft-ietf-mip6-ikev2-i… Soliman, Hesham
- Re: [Mip6] comments about draft-ietf-mip6-ikev2-i… Francis Dupont
- Re: [Mip6] comments about draft-ietf-mip6-ikev2-i… Vijay Devarapalli
- Re: [Mip6] comments about draft-ietf-mip6-ikev2-i… Vijay Devarapalli
- Re: [Mip6] comments about draft-ietf-mip6-ikev2-i… Francis Dupont