Re: v4 CoA and route optimization [Re: [Mip6] draft-solimananddraft-wakikawa]
Pekka Savola <pekkas@netcore.fi> Wed, 06 April 2005 13:23 UTC
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA10209 for <mip6-web-archive@ietf.org>; Wed, 6 Apr 2005 09:23:21 -0400 (EDT)
Received: from megatron.ietf.org ([132.151.6.71]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1DJAdV-0007O0-Ol for mip6-web-archive@ietf.org; Wed, 06 Apr 2005 09:32:01 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1DJAMO-0006YU-CN; Wed, 06 Apr 2005 09:14:20 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1DJAML-0006YO-Vw for mip6@megatron.ietf.org; Wed, 06 Apr 2005 09:14:18 -0400
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA09496 for <mip6@ietf.org>; Wed, 6 Apr 2005 09:14:16 -0400 (EDT)
Received: from netcore.fi ([193.94.160.1]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1DJAUg-00078p-SH for mip6@ietf.org; Wed, 06 Apr 2005 09:22:56 -0400
Received: from localhost (pekkas@localhost) by netcore.fi (8.11.6/8.11.6) with ESMTP id j36DE3718321; Wed, 6 Apr 2005 16:14:03 +0300
Date: Wed, 06 Apr 2005 16:14:03 +0300
From: Pekka Savola <pekkas@netcore.fi>
To: Alexandru Petrescu <Alexandru.Petrescu@motorola.com>
Subject: Re: v4 CoA and route optimization [Re: [Mip6] draft-solimananddraft-wakikawa]
In-Reply-To: <4253D83F.9030805@motorola.com>
Message-ID: <Pine.LNX.4.61.0504061607410.18053@netcore.fi>
References: <E97F4F806500194FBCF9BF32EF6A07DB08127B@mvebe101.NOE.Nokia.com> <4253D039.8020004@motorola.com> <Pine.LNX.4.61.0504061514070.16412@netcore.fi> <4253D83F.9030805@motorola.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
X-Spam-Score: 0.0 (/)
X-Scan-Signature: e1e48a527f609d1be2bc8d8a70eb76cb
Cc: H.Soliman@flarion.com, mip6@ietf.org, Vijay.Devarapalli@nokia.com, ryuji@sfc.wide.ad.jp, henrik@levkowetz.com
X-BeenThere: mip6@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: mip6.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/mip6>, <mailto:mip6-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:mip6@ietf.org>
List-Help: <mailto:mip6-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/mip6>, <mailto:mip6-request@ietf.org?subject=subscribe>
Sender: mip6-bounces@ietf.org
Errors-To: mip6-bounces@ietf.org
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 4adaf050708fb13be3316a9eee889caa
On Wed, 6 Apr 2005, Alexandru Petrescu wrote: >> You also lose at least 1 RTT for signalling. > > Yes, but it's impossible to just send an enhanced BU to HA without first > setting up some state on GW and MN about the v4/NAT traversal. The state on > MN, NAT and GW must be synchronized somehow and doing it with only one > message MN->NAT->GW is impossible, I mean some acknowledgement is necessary. I'm not sure what you mean. MN can send a message directly to the HA (or tunnel server, if applicable), going through the NAT; this also (implicitly) punches a hole in the NAT. The HA (or tunnel server) naturally acknowledges the set up of the tunnel, but if the acknowledgement comes from the same UDP port (etc.), it will use the already established NAT state. >> However, if the client knows in advance which encapsulation type to >> use, it can just send in a request, piggybacking the data, and if the >> tunnel is set up, the tunnel server can immediate forward the data >> and set up the tunnel, otherwise reject setting up the tunnel and >> discard the data. > > To this scenario I object with the security aspects. If the tunnel server > puts up a tunnel whenever a Client requests it, and if they don't share a > secret, DoS attacks are obviously possible. Obviously the client can include whichever secret it wants. Too bad 0.5 RTT doesn't allow a challenge-response negotiation, so it's effectively a shared, plain-text secret. There are other options, though. See draft-parent-v6tc-protocol-exploration-00 section 2.1.2 for an example how SEND could be used in this context securely without any extra roundtrips. But this discussion is probably going to too much detail at this point, so I guess we should take the followups off-list(s). -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings _______________________________________________ Mip6 mailing list Mip6@ietf.org https://www1.ietf.org/mailman/listinfo/mip6
- RE: v4 CoA and route optimization [Re: [Mip6] dra… Pascal Thubert (pthubert)
- RE: v4 CoA and route optimization [Re: [Mip6] dra… Vijay.Devarapalli
- Re: v4 CoA and route optimization [Re: [Mip6] dra… Alexandru Petrescu
- Re: v4 CoA and route optimization [Re: [Mip6] dra… Pekka Savola
- Re: v4 CoA and route optimization [Re: [Mip6] dra… Alexandru Petrescu
- Re: v4 CoA and route optimization [Re: [Mip6] dra… Pekka Savola
- Re: v4 CoA and route optimization [Re: [Mip6] dra… Alexandru Petrescu
- RE: v4 CoA and route optimization [Re: [Mip6] dra… Vijay.Devarapalli
- Re: v4 CoA and route optimization [Re: [Mip6] dra… Alexandru Petrescu