Re: [Mip6] Summary of Justification for Alternative Authentication Option
Gopal Dommety <gdommety@cisco.com> Sun, 26 September 2004 17:57 UTC
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA21037 for <mip6-web-archive@ietf.org>; Sun, 26 Sep 2004 13:57:39 -0400 (EDT)
Received: from megatron.ietf.org ([132.151.6.71]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1CBdOl-00058N-Dm for mip6-web-archive@ietf.org; Sun, 26 Sep 2004 14:05:23 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CBdFx-0002om-90; Sun, 26 Sep 2004 13:56:17 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CBdCy-0002XC-2y for mip6@megatron.ietf.org; Sun, 26 Sep 2004 13:53:12 -0400
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA20872 for <mip6@ietf.org>; Sun, 26 Sep 2004 13:53:11 -0400 (EDT)
Received: from sj-iport-3-in.cisco.com ([171.71.176.72] helo=sj-iport-3.cisco.com) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1CBdKQ-00053s-Fm for mip6@ietf.org; Sun, 26 Sep 2004 14:00:54 -0400
Received: from sj-core-1.cisco.com (171.71.177.237) by sj-iport-3.cisco.com with ESMTP; 26 Sep 2004 11:05:39 +0000
X-BrightmailFiltered: true
Received: from mira-sjc5-d.cisco.com (IDENT:mirapoint@mira-sjc5-d.cisco.com [171.71.163.28]) by sj-core-1.cisco.com (8.12.10/8.12.6) with ESMTP id i8QHqalr002063; Sun, 26 Sep 2004 10:52:36 -0700 (PDT)
Received: from gdommety-w2k04.cisco.com (sjc-vpn4-903.cisco.com [10.21.83.134]) by mira-sjc5-d.cisco.com (MOS 3.4.6-GR) with ESMTP id AEQ89386; Sun, 26 Sep 2004 10:52:37 -0700 (PDT)
Message-Id: <4.3.2.7.2.20040926105038.02b7cfe8@mira-sjc5-d.cisco.com>
X-Sender: gdommety@mira-sjc5-d.cisco.com
X-Mailer: QUALCOMM Windows Eudora Version 4.3.2
Date: Sun, 26 Sep 2004 10:52:38 -0700
To: Francis Dupont <Francis.Dupont@enst-bretagne.fr>
From: Gopal Dommety <gdommety@cisco.com>
Subject: Re: [Mip6] Summary of Justification for Alternative Authentication Option
In-Reply-To: <200409261727.i8QHR3Sj077583@givry.rennes.enst-bretagne.fr>
References: <Your message of Thu, 23 Sep 2004 14:55:05 PDT. <4.3.2.7.2.20040923143829.029e1a48@mira-sjc5-d.cisco.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
X-Spam-Score: 0.0 (/)
X-Scan-Signature: b280b4db656c3ca28dd62e5e0b03daa8
Cc: mip6@ietf.org
X-BeenThere: mip6@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: mip6.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/mip6>, <mailto:mip6-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:mip6@ietf.org>
List-Help: <mailto:mip6-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/mip6>, <mailto:mip6-request@ietf.org?subject=subscribe>
Sender: mip6-bounces@ietf.org
Errors-To: mip6-bounces@ietf.org
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 73734d43604d52d23b3eba644a169745
Francis, please see inline... At 07:27 PM 9/26/2004 +0200, Francis Dupont wrote: > In your previous mail you wrote: > > Summary > ======= > > The WG has been engaged in a discussion over the last week on the > topic of standardizing an authentication date suboption based > >=> I believe "standardizing" means to make it a Proposed Standard, >doesn't it? Yes. > mechanism for the purpose of registering an MN with its HA via the > BU/BAck messages. > To summarize the discussion in brief: > 1. The I-D draft-patil-mip6-whyauthdataoption-00.txt was used as the > baseline for the discussion > 2. Opinion was expressed that the I-D was more inclined in justifying > why the use of IKE was a problem for setting up the MN-HA IPsec SA > and not really providing sufficient justifications for an > alternative scheme to the use of IPsec for securing the signaling > messages between the MN and HA > 3. There were a few people who expressed strong views of keeping IPsec > as the only means for MIP6 security between MN and HA (Francis and > Hesham (?)) > 4. There were others who claimed the need for an alternate option to > MIP6 including one operator who plans to deploy the protocol in > their network (Raj, James Kempf, Alpesh, Gopal, Kuntal, Vijay, > Michael Roe) > >=> you should be more accurate: just alternate option or standardized >alternate option? > > 5. There was also a note from an implementers perspective on the > challenges of integrating MIP6 with IPsec (Michael Roe) > 6. There was discussion about the problem of replay attacks and the > need for key refreshment > 7. IKEv2 is expected to provide a solution to the problem of setting > up dynamic SAs in networks that rely on AAA infrastructures. While > IKEv2 itself has been approved, the details of how IKEv2 is used > with MIP6 are still being worked out in an I-D that is not ready > yet. > >=> IMHO the main problem with an IKEv2 based solution is that there is >no public implementation... Another point is that IKEv2 does not support >home agent allocation. > > 8. There was an opinion that the bootstrap work being done in the WG > would address the needs of the environment claimed in I-D > draft-patil-mip6-whyauthdataoption-00.txt > >=> some AAA/EAP based solutions are already ready (i.e., implemented) >and of course they support home agent allocation. > >There are some other points: > - we were supposed to ask an advice from security area directors > - the requirement level of auth data option is still not clear enough > - if the auth data option is only for the 3GPP2 environment there is > no reason to standardize it at the IETF: the 3GPP2 can require what > it wants in its own environment. If it likes to get an IETF document, > an informational RFC should be enough and even faster (less possible > concerns from the IESG). >Some of these points were already mentioned on the list... > >Regards > >Francis.Dupont@enst-bretagne.fr > >_______________________________________________ >Mip6 mailing list >Mip6@ietf.org >https://www1.ietf.org/mailman/listinfo/mip6 _______________________________________________ Mip6 mailing list Mip6@ietf.org https://www1.ietf.org/mailman/listinfo/mip6
- [Mip6] Summary of Justification for Alternative A… Gopal Dommety
- Re: [Mip6] Summary of Justification for Alternati… Vijay Devarapalli
- Re: [Mip6] Summary of Justification for Alternati… James Kempf
- Re: [Mip6] Summary of Justification for Alternati… Gopal Dommety
- Re: [Mip6] Summary of Justification for Alternati… Francis Dupont
- Re: [Mip6] Summary of Justification for Alternati… Gopal Dommety