RE: [Mip6] Summary of Justification for AlternativeAuthenticationOption
Basavaraj.Patil@nokia.com Fri, 24 September 2004 16:07 UTC
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA20669 for <mip6-web-archive@ietf.org>; Fri, 24 Sep 2004 12:07:19 -0400 (EDT)
Received: from megatron.ietf.org ([132.151.6.71]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1CAsiS-0004Uq-GE for mip6-web-archive@ietf.org; Fri, 24 Sep 2004 12:14:37 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CAsRv-0001yK-A0; Fri, 24 Sep 2004 11:57:31 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CAsO7-0001FI-LK for mip6@megatron.ietf.org; Fri, 24 Sep 2004 11:53:35 -0400
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA19873 for <mip6@ietf.org>; Fri, 24 Sep 2004 11:53:33 -0400 (EDT)
From: Basavaraj.Patil@nokia.com
Received: from mgw-x2.nokia.com ([131.228.20.22]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1CAsV7-0004FB-RW for mip6@ietf.org; Fri, 24 Sep 2004 12:00:51 -0400
Received: from esdks003.ntc.nokia.com (esdks003.ntc.nokia.com [172.21.138.158]) by mgw-x2.nokia.com (Switch-2.2.8/Switch-2.2.8) with ESMTP id i8OFrRL21371; Fri, 24 Sep 2004 18:53:27 +0300 (EET DST)
X-Scanned: Fri, 24 Sep 2004 18:51:55 +0300 Nokia Message Protector V1.3.31 2004060815 - RELEASE
Received: (from root@localhost) by esdks003.ntc.nokia.com (8.12.9/8.12.9) id i8OFptSL029942; Fri, 24 Sep 2004 18:51:55 +0300
Received: from mgw-int2.ntc.nokia.com (172.21.143.97) by esdks003.ntc.nokia.com 00yYanP7; Fri, 24 Sep 2004 18:51:53 EEST
Received: from daebh002.NOE.Nokia.com (daebh002.americas.nokia.com [10.241.35.122]) by mgw-int2.ntc.nokia.com (Switch-2.2.8/Switch-2.2.8) with ESMTP id i8OFplS25453; Fri, 24 Sep 2004 18:51:47 +0300 (EET DST)
Received: from daebe007.NOE.Nokia.com ([10.241.35.107]) by daebh002.NOE.Nokia.com with Microsoft SMTPSVC(5.0.2195.6881); Fri, 24 Sep 2004 10:51:40 -0500
x-mimeole: Produced By Microsoft Exchange V6.0.6487.1
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [Mip6] Summary of Justification for AlternativeAuthenticationOption
Date: Fri, 24 Sep 2004 10:51:38 -0500
Message-ID: <697DAA22C5004B4596E033803A7CEF4403B1BE7C@daebe007.americas.nokia.com>
Thread-Topic: [Mip6] Summary of Justification for AlternativeAuthenticationOption
Thread-Index: AcSh+tHCAvrx9XBMTKCkwIH+9oKyhwAU2neQ
To: kempf@docomolabs-usa.com, mip6@ietf.org, gdommety@cisco.com
X-OriginalArrivalTime: 24 Sep 2004 15:51:40.0020 (UTC) FILETIME=[6180DB40:01C4A24E]
X-Spam-Score: 0.3 (/)
X-Scan-Signature: a87a9cdae4ac5d3fbeee75cd0026d632
Content-Transfer-Encoding: quoted-printable
X-BeenThere: mip6@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: mip6.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/mip6>, <mailto:mip6-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:mip6@ietf.org>
List-Help: <mailto:mip6-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/mip6>, <mailto:mip6-request@ietf.org?subject=subscribe>
Sender: mip6-bounces@ietf.org
Errors-To: mip6-bounces@ietf.org
X-Spam-Score: 0.3 (/)
X-Scan-Signature: 6d95a152022472c7d6cdf886a0424dc6
Content-Transfer-Encoding: quoted-printable
James, I disagree with the need for having such a mechanism in view of the fact that an HA is expected to support both the authentication schemes mandatorily. -BPa > > Gopal, > > I believe you missed the need for some mechanism to allow an > MN to determine > which authentication technique to use. Without this, there is an > interoperability problem, because the MN cannot infer simply from the > failure of the signaling that it should try the other method. > > jak > > ----- Original Message ----- > From: "Gopal Dommety" <gdommety@cisco.com> > To: <mip6@ietf.org> > Sent: Thursday, September 23, 2004 2:55 PM > Subject: [Mip6] Summary of Justification for Alternative > AuthenticationOption > > > > Hello All, > > > > I am attaching a summary of the discussion > that took place on > > justification of an alternate authentication mechanism. > Please let me > know if > > I have left out any important issue in the summary. I could > have also > mis-read > > people opinions, so if there is a correction please let me > know. I will > > send a follow-up > > email with the next steps. > > > > > > Thanks, > > -Gopal > > > > > > Summary > > ======= > > > > The WG has been engaged in a discussion over the last week on the > > topic of standardizing an authentication date suboption based > > mechanism for the purpose of registering an MN with its HA via the > > BU/BAck messages. > > To summarize the discussion in brief: > > 1. The I-D draft-patil-mip6-whyauthdataoption-00.txt was used as the > > baseline for the discussion > > 2. Opinion was expressed that the I-D was more inclined in > justifying > > why the use of IKE was a problem for setting up the > MN-HA IPsec SA > > and not really providing sufficient justifications for an > > alternative scheme to the use of IPsec for securing the > signaling > > messages between the MN and HA > > 3. There were a few people who expressed strong views of > keeping IPsec > > as the only means for MIP6 security between MN and HA > (Francis and > > Hesham (?)) > > 4. There were others who claimed the need for an alternate option to > > MIP6 including one operator who plans to deploy the protocol in > > their network (Raj, James Kempf, Alpesh, Gopal, Kuntal, > Vijay, Michael > Roe) > > 5. There was also a note from an implementers perspective on the > > challenges of integrating MIP6 with IPsec (Michael Roe) > > 6. There was discussion about the problem of replay attacks and the > > need for key refreshment > > 7. IKEv2 is expected to provide a solution to the problem of setting > > up dynamic SAs in networks that rely on AAA > infrastructures. While > > IKEv2 itself has been approved, the details of how IKEv2 is used > > with MIP6 are still being worked out in an I-D that is not ready > > yet. > > 8. There was an opinion that the bootstrap work being done in the WG > > would address the needs of the environment claimed in I-D > > draft-patil-mip6-whyauthdataoption-00.txt > > > > > > _______________________________________________ > > Mip6 mailing list > > Mip6@ietf.org > > https://www1.ietf.org/mailman/listinfo/mip6 > > > > > > _______________________________________________ > Mip6 mailing list > Mip6@ietf.org > https://www1.ietf.org/mailman/listinfo/mip6 > _______________________________________________ Mip6 mailing list Mip6@ietf.org https://www1.ietf.org/mailman/listinfo/mip6
- RE: [Mip6] Summary of Justification for Alternati… Basavaraj.Patil
- Re: [Mip6] Summary of Justification for Alternati… James Kempf
- Re: [Mip6] Summary of Justification for Alternati… Gopal Dommety
- Re: [Mip6] Summary of Justification for Alternati… Gopal Dommety