[Mip6] Comments on draft-ietf-mip6-mn-ident-option-00.txt
Jari Arkko <jari.arkko@kolumbus.fi> Sat, 18 December 2004 19:52 UTC
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA14341 for <mip6-web-archive@ietf.org>; Sat, 18 Dec 2004 14:52:13 -0500 (EST)
Received: from megatron.ietf.org ([132.151.6.71]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1Cfklb-0002hk-Ne for mip6-web-archive@ietf.org; Sat, 18 Dec 2004 15:01:27 -0500
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1Cfkac-0002xk-LK; Sat, 18 Dec 2004 14:50:06 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CfkYm-0002NB-Er for mip6@megatron.ietf.org; Sat, 18 Dec 2004 14:48:12 -0500
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA14043 for <mip6@ietf.org>; Sat, 18 Dec 2004 14:48:10 -0500 (EST)
Received: from p130.piuha.net ([193.234.218.130]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1Cfkhg-0002aW-43 for mip6@ietf.org; Sat, 18 Dec 2004 14:57:24 -0500
Received: from kolumbus.fi (p130.piuha.net [193.234.218.130]) by p130.piuha.net (Postfix) with ESMTP id 4C4D3898A6 for <mip6@ietf.org>; Sat, 18 Dec 2004 21:47:39 +0200 (EET)
Message-ID: <41C48949.9080005@kolumbus.fi>
Date: Sat, 18 Dec 2004 21:47:21 +0200
From: Jari Arkko <jari.arkko@kolumbus.fi>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7b) Gecko/20040316
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: mip6@ietf.org
References: <697DAA22C5004B4596E033803A7CEF4403B1C2D5@daebe007.americas.nokia.com>
In-Reply-To: <697DAA22C5004B4596E033803A7CEF4403B1C2D5@daebe007.americas.nokia.com>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 8fbbaa16f9fd29df280814cb95ae2290
Content-Transfer-Encoding: 7bit
Subject: [Mip6] Comments on draft-ietf-mip6-mn-ident-option-00.txt
X-BeenThere: mip6@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: mip6.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/mip6>, <mailto:mip6-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:mip6@ietf.org>
List-Help: <mailto:mip6-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/mip6>, <mailto:mip6-request@ietf.org?subject=subscribe>
Sender: mip6-bounces@ietf.org
Errors-To: mip6-bounces@ietf.org
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 7da5a831c477fb6ef97f379a05fb683c
Content-Transfer-Encoding: 7bit
I have reviewed this document. Here are my comments: Substantial: > [RFC2486] Aboba, B. and M. Beadles, "The Network Access Identifier", RFC 2486, January 1999. It may be appropriate to refer to draft-ietf-radext-rfc2486bis-03.txt instead. This document is in IETF LC at the moment, which means that its in front of the ident-option draft; reference delay should not be a problem. One good reason for switching to the bis reference is that the ABNF in the original RFC had a number of problems. > If this option is present in the Binding Update, it MUST be included in the corresponding reply (Binding Acknowledgement). Hmm... why? Does not seem to be grounds for a MUST. But I wonder why you need it in the first place. > 5. IANA Considerations This one is missing the text about the subtype registry. Here's a suggestion: In addition, the IANA needs to create a new namespace for the subtype field of the Mobile Node Identifier Option. The currently allocated values are as follows: NAI (defined in this document) [1] New values for this namespace can be allocated using Standards Action [RFC 2434]. > it MUST be present in all subsequent Binding Updates > used to renew the binding cache entry. Is this really necessary? Presumably you could store the identifier in the BCE. This would also provide some privacy benefits, see also below. > 4. Security Considerations > > None. This document defines new identifiers for a mobile node and > does not introduce new security threats. I don't think this covers it completely. Here's some suggested text that deals with a few issues: Mobile IPv6 already contains one mechanism for identifying mobile nodes, the Home Address Option [RFC 3775]. As a result, the vulnerabilities of the new option defined in this document are similar to those that already exist for Mobile IPv6. In particular, the use of a permanent, stable identifier may compromise the privacy of the user, making it possible to track a particular device or user as it moves through different locations. In addition, since an NAI reveals the home affiliation of a user, it may assist an attacker in determining the identity of the user, help the attacker in targeting specific victims, or assist in further probing of the username space. These vulnerabilities can be addressed through various mechanisms, such as those discussed below: o Encrypting traffic at link layer such that other users on the same link do not see the identifiers. This mechanism does not help against attackers on the rest of the path between the mobile node and its home agent. o Encrypting the whole packet, such as when using IPsec to protect the communications with the home agent [RFC 3776]. o Using an authentication mechanism that enables the use of privacy NAIs [RFC2486bis] or temporary, changing "pseudonyms" as identifiers. In any case, it should be noted that as the identifier option is only needed on the first registration at the home agent and subsequent registrations can use the home address, the window of privacy vulnerability in this document is reduced as compared to the RFC 3775. In addition, this document is a part of a solution to allow dynamic home addresses to be used. This is an improvement to privacy as well, and affects both communications with the home agent and the correspondent nodes, both of which have to be told the home address. > The MN-NAI mobility option uses an identifier of the form user@realm > [RFC2486]. Perhaps you could indicate whether you allow the use of the privacy, internationalization, or bang syntaxes from RFC2486bis. Editorial: > Alignment requirements: > > This option does not have any alignment requirements. This looks like a field description. Change to: > This option does not have any alignment requirements. (That is, indent as regular text and delete the heading.) > Title: MN Identifier Option for Mobile IPv6 Change to "Mobile Node Identifier Option for Mobile IPv6". > 3. MN Identifier option 3.1 MN-NAI mobility option I guess I'm confused here. You are defining just one Mobile IPv6 option. I think its name should be the "Mobile Node Identifier Option". If you want to have a subsection 3.1 to talk about the case when the type of identifier is a NAI, that's fine. But the current 3.1. sounds like you were defining another option. > authentication enabling extension Change to "authentication related extension" > IANA should record value for this new Mobility Option. ... should record *a* value ... --Jari _______________________________________________ Mip6 mailing list Mip6@ietf.org https://www1.ietf.org/mailman/listinfo/mip6
- [Mip6] WG LC (Deadline Dec 18th, 04) for I-Ds: dr… Basavaraj.Patil
- Re: [Mip6] WG LC (Deadline Dec 18th, 04) for I-Ds… Junghoon Jee
- Re: [Mip6] WG LC (Deadline Dec 18th, 04) for I-Ds… Francis Dupont
- Re: [Mip6] Comments on draft-ietf-mip6-auth-proto… Jari Arkko
- Re: [Mip6] WG LC (Deadline Dec 18th, 04) for I-Ds… Vijay Devarapalli
- Re: [Mip6] WG LC (Deadline Dec 18th, 04) for I-Ds… Charlie P
- Re: [Mip6] WG LC (Deadline Dec 18th, 04) for I-Ds… Kent Leung
- Re: [Mip6] WG LC (Deadline Dec 18th, 04) for I-Ds… James Kempf
- Re: [Mip6] WG LC (Deadline Dec 18th, 04) for I-Ds… Rajeev Koodli
- Re: [Mip6] WG LC (Deadline Dec 18th, 04) for I-Ds… Kent Leung
- Re: [Mip6] WG LC (Deadline Dec 18th, 04) for I-Ds… Wing Cheong Lau
- RE: [Mip6] WG LC (Deadline Dec 18th, 04) for I-Ds… alpesh
- RE: [Mip6] Comments on draft-ietf-mip6-auth-proto… alpesh
- Re: [Mip6] WG LC (Deadline Dec 18th, 04) for I-Ds… Kent Leung
- Re: [Mip6] WG LC (Deadline Dec 18th, 04) for I-Ds… James Kempf
- RE: [Mip6] WG LC (Deadline Dec 18th, 04) for I-Ds… alpesh
- [Mip6] Comments on draft-ietf-mip6-mn-ident-optio… Jari Arkko
- [Mip6] Comments on draft-ietf-mip6-auth-protocol-… Jari Arkko
- Re: [Mip6] WG LC (Deadline Dec 18th, 04) for I-Ds… Francis Dupont
- Re: [Mip6] Comments on draft-ietf-mip6-auth-proto… AC Mahendran
- RE: [Mip6] WG LC (Deadline Dec 18th, 04) for I-Ds… alpesh
- Re: [Mip6] Comments on draft-ietf-mip6-auth-proto… Charles E. Perkins
- Re: [Mip6] WG LC (Deadline Dec 18th, 04) for I-Ds… Francis Dupont
- Re: [Mip6] WG LC (Deadline Dec 18th, 04) for I-Ds… Francis Dupont
- RE: [Mip6] WG LC (Deadline Dec 18th, 04) for I-Ds… alpesh