IETF Logo Mail Archive

Re: [Mip6] Bootstrapping DT solution draft

Christian Vogt <chvogt@tm.uka.de> Wed, 20 July 2005 19:40 UTC

Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1DvKQb-0000Ib-89; Wed, 20 Jul 2005 15:40:25 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1DvKQZ-0000IE-Ff for mip6@megatron.ietf.org; Wed, 20 Jul 2005 15:40:23 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA24671 for <mip6@ietf.org>; Wed, 20 Jul 2005 15:40:21 -0400 (EDT)
Received: from iramx2.ira.uni-karlsruhe.de ([141.3.10.81] ident=[U2FsdGVkX1+HQzpATSWsTvalzUm+yddKkPpj7qvUuuE=]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1DvKuQ-0003n1-Ne for mip6@ietf.org; Wed, 20 Jul 2005 16:11:17 -0400
Received: from hsi-kbw-082-212-035-085.hsi.kabelbw.de ([82.212.35.85] helo=[192.168.123.123]) by iramx2.ira.uni-karlsruhe.de with esmtpsa id 1DvKQK-0000Uc-2Y; Wed, 20 Jul 2005 21:40:12 +0200
Message-ID: <42DEA893.3000804@tm.uka.de>
Date: Wed, 20 Jul 2005 21:40:03 +0200
From: Christian Vogt <chvogt@tm.uka.de>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; de-DE; rv:1.7.5) Gecko/20041206 Thunderbird/1.0 Mnenhy/0.7.2.0
X-Accept-Language: de-DE, de, en-us, en
MIME-Version: 1.0
To: Gerardo Giaretta <Gerardo.Giaretta@TILAB.COM>
Subject: Re: [Mip6] Bootstrapping DT solution draft
References: <DA62A6E0CDD1B34A84557FF1AC850C5769E4BC@EXC01B.cselt.it>
In-Reply-To: <DA62A6E0CDD1B34A84557FF1AC850C5769E4BC@EXC01B.cselt.it>
X-Enigmail-Version: 0.89.6.0
X-Enigmail-Supports: pgp-inline, pgp-mime
X-Spam-Score: -2.5 (--)
X-Spam-Status: No
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 10ba05e7e8a9aa6adb025f426bef3a30
Cc: mip6@ietf.org
X-BeenThere: mip6@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: mip6.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/mip6>, <mailto:mip6-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:mip6@ietf.org>
List-Help: <mailto:mip6-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/mip6>, <mailto:mip6-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============1045226183=="
Sender: mip6-bounces@ietf.org
Errors-To: mip6-bounces@ietf.org

Hi Gerardo, hi DT members,

thanks for the bootstrapping I-D; you did a very good job!

Some comments (and questions) from my side:

(1)  The DT draft doesn't yet specify the backend AAA protocol, e.g., a
Diameter application.  Is this your next step?  (IMO, considering a
split scenario makes sense only when you specify the AAA protocol, too,
because that AAA protocol---neither the DNS lookup nor the MN-HA IKEv2
exchange---is affected by the split.)

(2)  Draft-ietf-mip6-ikev2-ipsec-01.txt already defines how to
dynamically assign a HoA during the IKEv2 handshake.  Why do you use
different Configuration Payloads?

(3) In order to contact DNS, the MN needs IP connectivity.  Is your
assumption that the visited network (ASP/ASA) authorizes the MN for IP
connectivity first, and the MN bootstraps Mobile IPv6 thereafter?  (This
would preclude an all-in-one solution like, e.g., the one described in
draft-le-aaa-diameter-mobileipv6-04.txt.)

(4) Are you assuming that the DNS server belongs to the MSA?  If not,
the MN probably won't have an SA with the DNS server, so DNS requests
are unauthenticated and DNS responses are not encrypted.  (Note that I
am NOT talking about DNS updates here.)  As a consequence, information
about the home topology is accessible to anybody.  Is this an issue?

(5)  The DNS server can store multiple HA addresses, so dynamic HA
assignment is possible in principle.  Do you assume that the DNS server
is in charge of load balancing or that it can assign a HA topologically
close to the MN?  (Fault tolerance could be handled by DHAAD.)

Allright then.

- Christian

--
Christian Vogt, Institute of Telematics, University of Karlsruhe
www.tm.uka.de/~chvogt/pubkey/



Gerardo Giaretta wrote:
> Dear WG,
>
> the bootstrapping DT has submitted a solution draft. The document
> defines how a Mobile Node can bootstrap MIPv6 operations from
> non-topological information and pre-configured security credentials. The
> solution solves the boostrapping problem when the Mobile Node's mobility
> service is authorized by a different service provider than basic network
> access (i.e. split scenario).
>
> The draft can be found at
> http://www.ietf.org/internet-drafts/draft-ietf-mip6-bootstrapping-split-
> 00.txt.
>
> The DT is currently working on optimized solutions for integrated
> scenario (i.e. mobility service and basic network access are authorized
> by the same entity).
>
> Please read the document and provide comments.
>
> Thanks and regards,
>
> --Gerardo (DT editor)



_______________________________________________
Mip6 mailing list
Mip6@ietf.org
https://www1.ietf.org/mailman/listinfo/mip6

v2.23.0 | Report a Bug | By Email