[MEXT] Fwd: [Dime] MIP6 RADIUS and Diameter MIPv6 Split Draft
"Vijay Devarapalli" <dvijay@gmail.com> Tue, 19 August 2008 14:47 UTC
Return-Path: <mext-bounces@ietf.org>
X-Original-To: mip6-archive@megatron.ietf.org
Delivered-To: ietfarch-mip6-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E50303A68BD; Tue, 19 Aug 2008 07:47:00 -0700 (PDT)
X-Original-To: mext@core3.amsl.com
Delivered-To: mext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A9F853A68BD for <mext@core3.amsl.com>; Tue, 19 Aug 2008 07:46:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Yl-rZwQW6sID for <mext@core3.amsl.com>; Tue, 19 Aug 2008 07:46:58 -0700 (PDT)
Received: from el-out-1112.google.com (el-out-1112.google.com [209.85.162.182]) by core3.amsl.com (Postfix) with ESMTP id A97943A6885 for <mext@ietf.org>; Tue, 19 Aug 2008 07:46:58 -0700 (PDT)
Received: by el-out-1112.google.com with SMTP id v27so71924ele.13 for <mext@ietf.org>; Tue, 19 Aug 2008 07:47:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:cc:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=+ueNF+1xwFh+MW7cXSM+ikSlipljYev6MVjJPkn/sn8=; b=V3zdsqvx3qQQ3k7X78P4GIViCHeaJ8ipuEXjhU9JhS9v6FcGdKlGTBAyuCrCsg6z9j tuPRSNs7YgoSphrpQu3UtpsOnTiVyqRT0i9sRpDt+X0MQftqbumfPMeUTjqKpDLrig8a rW2ylSzAwOqMmAqNJdfHeTlE9athmiq01yTuU=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=aAPfJ+HfXZS2h8gAcXvt6vi+1puiimtLEwVItINc5N/pBPixsknfcv/JXRnnPp0bGX QEhwXFxvbjvedI9I9XED/Ghaa19MaNdXMzfQZncP2dSVss/2MxzucOIzTyhufij5avHX x64bodBsjXcdjBFpKVPYd9P1MrGRG9CmGh1tU=
Received: by 10.142.217.17 with SMTP id p17mr2541019wfg.105.1219157224292; Tue, 19 Aug 2008 07:47:04 -0700 (PDT)
Received: by 10.142.200.13 with HTTP; Tue, 19 Aug 2008 07:47:04 -0700 (PDT)
Message-ID: <f1f4dcdc0808190747q34bb8f29t88b5ceab62e7d954@mail.gmail.com>
Date: Tue, 19 Aug 2008 07:47:04 -0700
From: Vijay Devarapalli <dvijay@gmail.com>
To: "mext@ietf.org" <mext@ietf.org>
In-Reply-To: <48A86ED2.7070009@gmx.net>
MIME-Version: 1.0
Content-Disposition: inline
References: <48A86ED2.7070009@gmx.net>
Cc: Hannes Tschofenig <hannes.Tschofenig@gmx.net>
Subject: [MEXT] Fwd: [Dime] MIP6 RADIUS and Diameter MIPv6 Split Draft
X-BeenThere: mext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Mobile IPv6 EXTensions WG <mext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/mext>, <mailto:mext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/mext>
List-Post: <mailto:mext@ietf.org>
List-Help: <mailto:mext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mext>, <mailto:mext-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: mext-bounces@ietf.org
Errors-To: mext-bounces@ietf.org
FYI. Please respond on the DIME mailing list or directly to Hannes. We discussed the RADIUS MIP6 draft in the MEXT meeting in Dublin. Vijay ---------- Forwarded message ---------- From: Hannes Tschofenig <Hannes.Tschofenig@gmx.net> Date: Sun, Aug 17, 2008 at 11:32 AM Subject: [Dime] MIP6 RADIUS and Diameter MIPv6 Split Draft To: dime@ietf.org Hi all, Avi gave a presentation about the MIP6 RADIUS draft http://www3.ietf.org/proceedings/08jul/slides/mext-9.ppt and the MIP6 RADIUS draft http://www.ietf.org/internet-drafts/draft-ietf-mip6-radius-05.txt is the RADIUS counterpart of our Diameter Mobility documents: http://www.ietf.org/internet-drafts/draft-ietf-dime-mip6-split-10.txt and http://www.ietf.org/internet-drafts/draft-ietf-dime-mip6-integrated-09.txt Now, here is the important part. As part of the work on the draft, the feedback Avi got during the presentation and offlist comments from Pasi and Jari there are some concerns about the security properties provided by the following two mechanisms: * IKEv2 with PSKs * IKEv2 with CERTs To briefly summarize the problems (also described in the slide set) there are the following issues: * Having the AAA deliver a PSK key to the HA without the AAA performing authentication introduces security vulnerabilities. The discussed possible solutions where the AAA could authenticate the PSK are somewhat "clunky" since IKEv2 was never meant to be used in such a way. * Similar problems arise with IKEv2 and Certificates where the AAA server is used to just authorize without getting involved in the authentication procedure itself. In an offline discussion between Jari, Pasi, Avi, and Jouni the idea came up to drop these two mechanisms from the MIP6 RADIUS document and consequently also from the Diameter MIPv6 Split draft. Is this a bad thing? I don't think so. Currently, we don't know anyone who would be using them. Hence, there are somewhat "theoretical" at the moment. We could specify them once deployments would be asking for them. Who has objections against dropping the above-described mechanisms from the Diameter MIPv6 Split draft? Ciao Hannes _______________________________________________ DiME mailing list DiME@ietf.org https://www.ietf.org/mailman/listinfo/dime _______________________________________________ MEXT mailing list MEXT@ietf.org https://www.ietf.org/mailman/listinfo/mext
- [MEXT] Fwd: [Dime] MIP6 RADIUS and Diameter MIPv6… Vijay Devarapalli