IETF Logo Mail Archive

RE: [Mip6] WG LC (Deadline Dec 18th, 04) for I-Ds: draft-ietf-mip6-auth-protocol-01.txtand draft-ietf-mip6-mn-ident-option-00.txt

"alpesh" <alpesh@cisco.com> Thu, 16 December 2004 22:55 UTC

Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA23054 for <mip6-web-archive@ietf.org>; Thu, 16 Dec 2004 17:55:30 -0500 (EST)
Received: from megatron.ietf.org ([132.151.6.71]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1Cf4fV-0004lm-56 for mip6-web-archive@ietf.org; Thu, 16 Dec 2004 18:04:22 -0500
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1Cf4J4-0004h4-FT; Thu, 16 Dec 2004 17:41:10 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1Cf4Hy-0004D5-8M for mip6@megatron.ietf.org; Thu, 16 Dec 2004 17:40:02 -0500
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA21595 for <mip6@ietf.org>; Thu, 16 Dec 2004 17:39:59 -0500 (EST)
Received: from sj-iport-5.cisco.com ([171.68.10.87]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1Cf4QT-0004F7-Dw for mip6@ietf.org; Thu, 16 Dec 2004 17:48:50 -0500
Received: from sj-core-1.cisco.com (171.71.177.237) by sj-iport-5.cisco.com with ESMTP; 16 Dec 2004 14:40:14 -0800
X-BrightmailFiltered: true
X-Brightmail-Tracker: AAAAAA==
Received: from mira-sjc5-b.cisco.com (IDENT:mirapoint@mira-sjc5-b.cisco.com [171.71.163.14]) by sj-core-1.cisco.com (8.12.10/8.12.6) with ESMTP id iBGMdPVw015700; Thu, 16 Dec 2004 14:39:25 -0800 (PST)
Received: from alpeshw2k03 (sjc-vpn1-13.cisco.com [10.21.96.13]) by mira-sjc5-b.cisco.com (MOS 3.4.5-GR) with ESMTP id AZW98215; Thu, 16 Dec 2004 14:49:25 -0800 (PST)
Message-Id: <200412162249.AZW98215@mira-sjc5-b.cisco.com>
From: alpesh <alpesh@cisco.com>
To: 'Rajeev Koodli' <rajeev@iprg.nokia.com>, 'Francis Dupont' <Francis.Dupont@enst-bretagne.fr>
Subject: RE: [Mip6] WG LC (Deadline Dec 18th, 04) for I-Ds: draft-ietf-mip6-auth-protocol-01.txtand draft-ietf-mip6-mn-ident-option-00.txt
Date: Thu, 16 Dec 2004 14:39:26 -0800
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4939.300
Thread-Index: AcTi/D5q/vlpbvM4Tcaoh0IlXTk0/AAw1fAw
In-Reply-To: <41C0BFED.8010608@iprg.nokia.com>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: cd26b070c2577ac175cd3a6d878c6248
Content-Transfer-Encoding: 7bit
Cc: mip6@ietf.org, Basavaraj.Patil@nokia.com
X-BeenThere: mip6@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: mip6.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/mip6>, <mailto:mip6-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:mip6@ietf.org>
List-Help: <mailto:mip6-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/mip6>, <mailto:mip6-request@ietf.org?subject=subscribe>
Sender: mip6-bounces@ietf.org
Errors-To: mip6-bounces@ietf.org
X-Spam-Score: 0.0 (/)
X-Scan-Signature: b7b9551d71acde901886cc48bfc088a6
Content-Transfer-Encoding: 7bit

Rajeev -

Thanks for the comments, please see inline ... 

> -----Original Message-----
> From: mip6-bounces@ietf.org [mailto:mip6-bounces@ietf.org] On 
> Behalf Of Rajeev Koodli
> Sent: Wednesday, December 15, 2004 2:51 PM
> To: Francis Dupont
> Cc: mip6@ietf.org; Basavaraj.Patil@nokia.com
> Subject: Re: [Mip6] WG LC (Deadline Dec 18th,04) for I-Ds: 
> draft-ietf-mip6-auth-protocol-01.txtand 
> draft-ietf-mip6-mn-ident-option-00.txt
> 
> 
> 
> Francis Dupont wrote:
> 
> > - 5.2 MN-AAA auth mob option: the BA is not protected. This is a
> >   major security issue.
> >  
> >
> HA _could_ include MN-HA auth option in the BA.

Correct, that was an oversight - has been fixed now.

> 
> Also, I have few nits:
> 
> - replace HAAA by AAAH
Sure.

> - Authenticator is not a good term. It reflects a node rather 
> than data. 
> How about Authentication Data?

Resonable.

> - Section 5.2: is CHAP_SPI the only value defined? If so, the 
> following statement should remove "When" to disambiguate.

Changed to have HMAC_SHA1 as the only algorithm now.

> - Bootstrapping session key with HA using MN-AAA 
> authentication is deliberately omitted? Perhaps making it 
> clear would be useful.

Yes, that is intentional to maintain the scope of the draft and converge in
a timely manner. We may publish the session key generation draft soon.

> - I guess NAI is not optional in the BU containing MN - AAA 
> auth option? 

Well, it can be optional - if the AAA uses IP address to identify the MN and
MN
Uses static addresses. We are keeping it optional (since the base draft uses
static
IP addresses).

> Please fix the operational flow diagram/text

Per Francis's comments, right? If so, I have modified it.

Thx
-a
> 
> Regards,
> 
> -Rajeev
> 
> 
> 
> 
> 
> _______________________________________________
> Mip6 mailing list
> Mip6@ietf.org
> https://www1.ietf.org/mailman/listinfo/mip6
> 

_______________________________________________
Mip6 mailing list
Mip6@ietf.org
https://www1.ietf.org/mailman/listinfo/mip6

v2.23.0 | Report a Bug | By Email