IETF Logo Mail Archive

Re: [Mip6] Summary of Justification for Alternative AuthenticationOption

"James Kempf" <kempf@docomolabs-usa.com> Fri, 24 September 2004 05:51 UTC

Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id BAA26634 for <mip6-web-archive@ietf.org>; Fri, 24 Sep 2004 01:51:16 -0400 (EDT)
Received: from megatron.ietf.org ([132.151.6.71]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1CAj6A-0002RA-OD for mip6-web-archive@ietf.org; Fri, 24 Sep 2004 01:58:26 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CAixT-0000bO-3L; Fri, 24 Sep 2004 01:49:27 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CAiwz-0000UE-RG for mip6@megatron.ietf.org; Fri, 24 Sep 2004 01:48:57 -0400
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id BAA26513 for <mip6@ietf.org>; Fri, 24 Sep 2004 01:48:57 -0400 (EDT)
Received: from key1.docomolabs-usa.com ([216.98.102.225] helo=fridge.docomolabs-usa.com ident=fwuser) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1CAj3l-0002OX-Eu for mip6@ietf.org; Fri, 24 Sep 2004 01:56:08 -0400
Message-ID: <06a601c4a1fa$45827510$5f6015ac@dcml.docomolabsusa.com>
From: James Kempf <kempf@docomolabs-usa.com>
To: mip6@ietf.org, Gopal Dommety <gdommety@cisco.com>
References: <4.3.2.7.2.20040923143829.029e1a48@mira-sjc5-d.cisco.com>
Subject: Re: [Mip6] Summary of Justification for Alternative AuthenticationOption
Date: Thu, 23 Sep 2004 22:49:27 -0700
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 00e94c813bef7832af255170dca19e36
Content-Transfer-Encoding: 7bit
X-BeenThere: mip6@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: mip6.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/mip6>, <mailto:mip6-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:mip6@ietf.org>
List-Help: <mailto:mip6-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/mip6>, <mailto:mip6-request@ietf.org?subject=subscribe>
Sender: mip6-bounces@ietf.org
Errors-To: mip6-bounces@ietf.org
X-Spam-Score: 0.0 (/)
X-Scan-Signature: d185fa790257f526fedfd5d01ed9c976
Content-Transfer-Encoding: 7bit

Gopal,

I believe you missed the need for some mechanism to allow an MN to determine
which authentication technique to use. Without this, there is an
interoperability problem, because the MN cannot infer simply from the
failure of the signaling that it should try the other method.

            jak

----- Original Message ----- 
From: "Gopal Dommety" <gdommety@cisco.com>
To: <mip6@ietf.org>
Sent: Thursday, September 23, 2004 2:55 PM
Subject: [Mip6] Summary of Justification for Alternative
AuthenticationOption


> Hello All,
>
>              I am attaching a summary of the discussion that took place on
> justification of an alternate authentication mechanism.  Please let me
know if
> I have left out any important issue in the summary. I could have also
mis-read
> people opinions, so if there is a correction please let me know. I will
> send a follow-up
>   email with the next steps.
>
>
> Thanks,
> -Gopal
>
>
> Summary
> =======
>
> The WG has been engaged in a discussion over the last week on the
> topic of standardizing an authentication date suboption based
> mechanism for the purpose of registering an MN with its HA via the
> BU/BAck messages.
> To summarize the discussion in brief:
> 1. The I-D draft-patil-mip6-whyauthdataoption-00.txt was used as the
>     baseline for the discussion
> 2. Opinion was expressed that the I-D was more inclined in justifying
>     why the use of  IKE was a problem for setting up the MN-HA IPsec SA
>     and not really providing sufficient justifications for an
>     alternative scheme to the use of IPsec for securing the signaling
>     messages between the MN and HA
> 3. There were a few people who expressed strong views of keeping IPsec
>     as the only means for MIP6 security between MN and HA (Francis and
> Hesham (?))
> 4. There were others who claimed the need for an alternate option to
>     MIP6 including one operator who plans to deploy the protocol in
>     their network (Raj, James Kempf, Alpesh, Gopal, Kuntal, Vijay, Michael
Roe)
> 5. There was also a note from an implementers perspective on the
>     challenges of integrating MIP6 with IPsec (Michael Roe)
> 6. There was discussion about the problem of replay attacks and the
>     need for key refreshment
> 7. IKEv2 is expected to provide a solution to the problem of setting
>     up dynamic SAs in networks that rely on AAA infrastructures. While
>     IKEv2 itself has been approved, the details of how IKEv2 is used
>     with MIP6 are still being worked out in an I-D that is not ready
>     yet.
> 8. There was an opinion that the bootstrap work being done in the WG
>     would address the needs of the environment claimed in I-D
>     draft-patil-mip6-whyauthdataoption-00.txt
>
>
> _______________________________________________
> Mip6 mailing list
> Mip6@ietf.org
> https://www1.ietf.org/mailman/listinfo/mip6
>



_______________________________________________
Mip6 mailing list
Mip6@ietf.org
https://www1.ietf.org/mailman/listinfo/mip6

v2.23.0 | Report a Bug | By Email