[Mip6] mip6-precfgkbm-01.txt review
Jari Arkko <jari.arkko@kolumbus.fi> Sun, 15 May 2005 20:41 UTC
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1DXPvb-0005aC-Rx; Sun, 15 May 2005 16:41:35 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1DXPvZ-0005a7-UJ for mip6@megatron.ietf.org; Sun, 15 May 2005 16:41:34 -0400
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA07746 for <mip6@ietf.org>; Sun, 15 May 2005 16:41:31 -0400 (EDT)
Received: from p130.piuha.net ([193.234.218.130]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1DXQBy-0005X1-8i for mip6@ietf.org; Sun, 15 May 2005 16:58:31 -0400
Received: from [127.0.0.1] (p130.piuha.net [193.234.218.130]) by p130.piuha.net (Postfix) with ESMTP id D619089879; Sun, 15 May 2005 23:41:09 +0300 (EEST)
Message-ID: <4287B3F0.600@kolumbus.fi>
Date: Sun, 15 May 2005 23:41:20 +0300
From: Jari Arkko <jari.arkko@kolumbus.fi>
User-Agent: Mozilla Thunderbird 1.0 (X11/20041206)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: mip6@ietf.org, Charlie P <charliep@iprg.nokia.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: e8c5db863102a3ada84e0cd52a81a79e
Content-Transfer-Encoding: 7bit
Cc:
Subject: [Mip6] mip6-precfgkbm-01.txt review
X-BeenThere: mip6@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: mip6.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/mip6>, <mailto:mip6-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:mip6@ietf.org>
List-Help: <mailto:mip6-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/mip6>, <mailto:mip6-request@ietf.org?subject=subscribe>
Sender: mip6-bounces@ietf.org
Errors-To: mip6-bounces@ietf.org
Hi Charlie, As a part of ongoing last call I have reviewed this draft. Overall: - This is a solid draft and, with some modifications, should move forward. Its never been my big favorite due to its limited applicability, but it is also very efficient where it works. More efficient than pretty much anything else anyone has come up with in this space, so... - I found a few areas where you could give more information and context to the reader, e.g., explaining the difference and impacts of using this vs. RFC 3775 mechanisms. - I'm not too happy about all the details in the applicability statement text, but I have provided alternative suggestions. Substantial: - The title, "Precomputable Binding Management Key Kbm for Mobile IPv6" is correct, but at least to me, also not very descriptive from the point of view of what people want from this. What I think most people are interested to hear about is that if you have a preconfigured secret then you can use this draft for an efficient form of RO security. Suggestion: change title to "Securing Mobile IPv6 Route Optimization Using a Shared Key". - Similarly, I think the introduction could say a few words to the reader on how this is different wrt base route optimization security. Suggested text below. "0. Introduction This specification introduces an alternative, low-latency security mechanism for protecting signaling related to the route optimization in Mobile IPv6. The default mechanism specified in [1] uses a periodic return routability test to verify both the "right" of the mobile node to a use a specific home address, as well as the validity of the claimed care-of address. This mechanism requires no configuration and no trusted entities beyond the mobile node's home agent. The mechanism specified in this specification, however, requires the configuration of a shared secret between mobile node and its correspondent node. As a result, messages relating to the routability tests can be omitted, leading to significantly smaller latency. In addition, the right to use a specific address is assured in a stronger manner than in [1]. On the other hand, the applicability of this mechanisms is limited due to the need for pre-configuration. This mechanism is also limited to use only in scenarios where mobile nodes can be trusted to not misbehave, as the validity of the claimed care-of addresses is not verified." - Details about replay protection. The draft says > For this reason, a correspondent > node that uses a precomputable Kbm also MUST keep track of the most > recent value of the Sequence Number field of Binding Update messages > using the precomputable Kbm value. I would be interested in knowing whether this MUST requires you to keep the sequence numbers in nvm storage or if the intent is to only require this on a per-boot basis. The draft might benefit from slight text changes depending on the answer to this question. For instance, per-boot semantics are OK then s/MUST/SHOULD/ might be appropriate. Otherwise the text should probably be explicit about the requirement to do this with nvm storage. - Behavior in a misconfiguration or delayed configuration cases. The draft says... > The Nonce Indices option SHOULD NOT > be present. If it is present, the nonce indices supplied MAY be > ignored and are not included as part of the calculation for the > authentication data, which is to be carried exactly as specified > in [1]. However, this implies that if the preshared secret configuration is entered to the correspondent node but not yet to the mobile node, both preshared approach and base Mipv6 procedure will fail. I think this is in fact correct, due to the need to avoid bidding down attacks to base mechanism. But this could be explicitly stated somewhere, maybe in Section 3. - Requirements for assignment of keys. The draft says: > - the method of assignment for keys between the correspondent node > and mobile node results in a stronger security association than > what can be provided by the Return Routability procedure. This seems a bit weak, imho. It seems to imply that there are different methods to assigning the keys and we are not being told what they are. I would rather simply require that there must be per-mobile node preconfiguration of the required data (and I see that in Section 3 you already prohibited group keys, good...). This would also make it less likely that someone misuses this draft in ways it was not intended to be used. - Nits on applicability stament. The draft says: > - diagnostic procedures > - software development and testing I would delete these. Of course anything can be used for diagnostics. - Overall applicability text. Given the above comments, I wanted to see if I could come up with some suggested text. Here's my attempt: "This mechanism is useful in the specific scenario where the following conditions are all met: - Mobile node and correspondent node are administered within the same domain. - The correspondent node has good reason to trust the actions of the mobile node. In particular, the correspondent node needs to be certain that the mobile node will not launch flooding attacks against a third party as described in [2, draft-ietf-mip6-ro-sec]. - The configuration effort related to this mechanism is acceptable. - There is a desire to take advantage of higher efficiency or greater assurance with regards to the correctness of the home address offered via this mechanism. Generally speaking, the required level of trust that the correspondent node needs for enabling a precomputable Kbm with a mobile node is more often found within relatively small, closed groups of users who are personally familiar with each other, or who have some external basis for establishing trustworthy interactions. A typical example scenario where this mechanism is applicable is within a corporation, or between specific users. Application in the general Internet use is typically not possible due to the configuration effort. Application at a public network operator is typically not possible due to requirements placed on the trustworthiness of mobile nodes." - Is there any change wrt the lifetime of bindings created through this mechanism vs. RFC 3775? Seems like they could be higher. Editorial: - Citations > The first citation is normative, and the second citation is > informative only. I'd prefer separate lists, most I-D tools should generate them. Don't worry about this if your tool has trouble, however. - Missing space? > abovementioned - Change > very, very to just "very" --Jari _______________________________________________ Mip6 mailing list Mip6@ietf.org https://www1.ietf.org/mailman/listinfo/mip6
- [Mip6] mip6-precfgkbm-01.txt review Jari Arkko
- Re: [Mip6] mip6-precfgkbm-01.txt review Thomas Narten
- [Mip6] Re: mip6-precfgkbm-01.txt review Charles E.Perkins
- Re: [Mip6] mip6-precfgkbm-01.txt review Charles E.Perkins
- Re: [Mip6] mip6-precfgkbm-01.txt review Thomas Narten
- Re: [Mip6] mip6-precfgkbm-01.txt review Jari Arkko