Re: [MIPSHOP-MIH-DT] draft-melia-mipshop-mstp-solution-01a.txt
Subir Das <subir@research.telcordia.com> Mon, 19 November 2007 18:39 UTC
Return-path: <mipshop-mih-dt-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IuBXL-0006hj-Mc; Mon, 19 Nov 2007 13:39:59 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IuBXK-0006fq-6T for mipshop-mih-dt@ietf.org; Mon, 19 Nov 2007 13:39:58 -0500
Received: from thumper.research.telcordia.com ([128.96.41.1]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IuBXG-0002jt-GU for mipshop-mih-dt@ietf.org; Mon, 19 Nov 2007 13:39:58 -0500
Received: from mailee.research.telcordia.com (mailee [192.4.16.29]) by thumper.research.telcordia.com (8.13.6/8.13.5) with ESMTP id lAJIdrgk010450; Mon, 19 Nov 2007 13:39:53 -0500 (EST)
Received: from [128.96.58.78] (vpntnlA78 [128.96.58.78]) by mailee.research.telcordia.com (8.9.3/8.9.3) with ESMTP id NAA16176; Mon, 19 Nov 2007 13:39:53 -0500 (EST)
Message-ID: <4741D87A.9050509@research.telcordia.com>
Date: Mon, 19 Nov 2007 13:39:54 -0500
From: Subir Das <subir@research.telcordia.com>
User-Agent: Thunderbird 2.0.0.9 (Windows/20071031)
MIME-Version: 1.0
To: Gabor.Bajko@nokia.com
Subject: Re: [MIPSHOP-MIH-DT] draft-melia-mipshop-mstp-solution-01a.txt
References: <4739D881.3000407@nw.neclab.eu> <473A2D1F.5040604@research.telcordia.com> <E5E76343C87BB34ABC6C3FDF3B31272701B00D9C@daebe103.NOE.Nokia.com>
In-Reply-To: <E5E76343C87BB34ABC6C3FDF3B31272701B00D9C@daebe103.NOE.Nokia.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 03169bfe4792634a390035a01a6c6d2f
Cc: mipshop-mih-dt@ietf.org
X-BeenThere: mipshop-mih-dt@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: MIPSHOP Media Independent Handover Design Team List <mipshop-mih-dt.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/mipshop-mih-dt>, <mailto:mipshop-mih-dt-request@ietf.org?subject=unsubscribe>
List-Archive: <https://www1.ietf.org/mailman/private/mipshop-mih-dt>
List-Post: <mailto:mipshop-mih-dt@ietf.org>
List-Help: <mailto:mipshop-mih-dt-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/mipshop-mih-dt>, <mailto:mipshop-mih-dt-request@ietf.org?subject=subscribe>
Errors-To: mipshop-mih-dt-bounces@ietf.org
Gabor, Thanks. I will update it if not done by Tele already. -Subir Gabor.Bajko@nokia.com wrote: > Tele, Subir, > > Please note that [I-D.ietf-dnsop-dnssec-operational-practices] is > RFC4641, so please refer to this RFC number instead. And add the RFC to > the informative references section. > > - gabor > > -----Original Message----- > From: ext Subir Das [mailto:subir@research.telcordia.com] > Sent: Tuesday, November 13, 2007 3:03 PM > To: Telemaco Melia > Cc: mipshop-mih-dt@ietf.org > Subject: Re: [MIPSHOP-MIH-DT] draft-melia-mipshop-mstp-solution-01a.txt > > Tele, > Here is the updated Security section that is fine with Yoshi. However, > he suggests to add the capability to know the security protocol of > choice at the server side during discovery. I discussed with Gabor and > he will look into this and find if it can be done by defining a new > NAPTR, otherwise I will discuss with Yoshi again and update to you. > > 8. Security Considerations > > There are a number of security issues that need to be taken into > account during node discovery and information exchange via a > transport connection [I-D.ietf-mipshop-mis-ps]. > > In case where DHCP is used for node discovery and authentication of > the source and content of DHCP messages are required, it is > recommended > to use either DHCP authentication option described in [RFC3118], > where > available or rely upon link layer security. This will also protect > the > denial of service attacks to DHCP server.[RFC3118] provides > mechanisms > for both entity authentication and message authentication. > > In case where DNS is used for discovering MoS, fake DNS requests and > responses may cause DoS and the inability of the MN to perform a > proper handover, respectively. Where networks are exposed to such > DoS, it is recommended that DNS service providers use the Domain Name > System Security Extensions (DNSSEC) as described in [RFC4033]. > Readers may also refer to > [I-D.ietf-dnsop-dnssec-operational-practices] to consider the aspects > of DNSSEC Operational Practices. > > In case where reliable transport protocol such as TCP is used for > transport connection between two MIHF peers, TLS [RFC4346] should be > used for message confidentiality and data integrity. In particular, > TLS is designed for client/server applications and to prevent > eavesdropping, tampering, or message forgery. Readers should also > follow the recommendations in [RFC4366] that provides generic > extension mechanisms for the TLS protocol suitable for wireless > environments. > > In case where unreliable transport protocol such as UDP is used for > transport connection between two MIHF peers, DTLS [RFC4347] should be > used for message confidentiality and data integrity. The DTLS > protocol is based on the Transport Layer Security (TLS) protocol and > provides equivalent security guarantees. > > Alternatively, generic IP layer security, such as IPSec [RFC2401] may > be used where neither transport layer security for a specific > transport > is available nor server only authentication is required > > > > > > Telemaco Melia wrote: > >> Guys, >> file:///C:/Documents%20and%20Settings/subir/Desktop/GDQ%20Corporate%20 >> Directory.lnk <cid:part1.00010001.04030101@research.telcordia.com> >> I started the editorial work considering the APs agreed last AC. >> I summarize in the following the list of issues and mark them as >> solved/open. >> I ll be in the office still for a while. Let me know if you wan the >> xml to directly edit the text. >> >> >> - Do not mandate anything to .21 on the use of MIHFIDs: SOLVED The >> text has been removed accordingly >> >> - mandate both TCP/UDP server side and leave it optional for MN" >> SOLVED Text has been added at the end of section 6. >> - Gabor to update the DNS draft to reflect previous point: OPEN >> >> - Gabor to revise section 5: OPEN >> Text has been proposed and the section adjusted. Still work needed. >> >> - Gabor to update DHCP option draft for scenario 3: OPEN I added the >> reference to the draft the integrated bootstrapping ID refers to >> (draft-ietf-mip6-hiopt-08.txt) I think the DHCP option document should >> > > >> contain something similar. >> >> - me/Subir to suggest AAA extensions based on >> draft-ietf-dime-mip6-integrated-06.txt: OPEN I did not touch this yet. >> > > >> We can simply refer to it for the time being. >> >> - Subir to revise the flow example: SOLVED >> >> - Nada to revise the terminology section: SOLVED I already integrated >> the text David proposed. >> >> - Subir to propose some text for L2 security for DHCP: OPEN >> >> - Subir to propose text discussing the issue when DHCP authentication >> is not available: OPEN >> >> - Subit to clarify with Yoshi about DTLS/TLS: OPEN >> >> - Tele to expand section 5.3: OPEN >> >> - Tele to add text that scenario 5.4 only holds for IS: OPEN >> >> - No need to change MoS to PoS: SOLVED >> >> - Nada to check with David for additional flows: OPEN >> >> >> >> >> Tele >> >> >> ---------------------------------------------------------------------- >> -- >> >> _______________________________________________ >> MIPSHOP-MIH-DT mailing list >> MIPSHOP-MIH-DT@ietf.org >> https://www1.ietf.org/mailman/listinfo/mipshop-mih-dt >> > > _______________________________________________ > MIPSHOP-MIH-DT mailing list > MIPSHOP-MIH-DT@ietf.org > https://www1.ietf.org/mailman/listinfo/mipshop-mih-dt > _______________________________________________ MIPSHOP-MIH-DT mailing list MIPSHOP-MIH-DT@ietf.org https://www1.ietf.org/mailman/listinfo/mipshop-mih-dt
- [MIPSHOP-MIH-DT] draft-melia-mipshop-mstp-solutio… Telemaco Melia
- Re: [MIPSHOP-MIH-DT] draft-melia-mipshop-mstp-sol… Nada Golmie
- Re: [MIPSHOP-MIH-DT] draft-melia-mipshop-mstp-sol… Subir Das
- Re: [MIPSHOP-MIH-DT] draft-melia-mipshop-mstp-sol… Subir Das
- RE: [MIPSHOP-MIH-DT] draft-melia-mipshop-mstp-sol… Gabor.Bajko
- Re: [MIPSHOP-MIH-DT] draft-melia-mipshop-mstp-sol… Telemaco Melia
- Re: [MIPSHOP-MIH-DT] draft-melia-mipshop-mstp-sol… Telemaco Melia
- Re: [MIPSHOP-MIH-DT] draft-melia-mipshop-mstp-sol… Nada Golmie
- RE: [MIPSHOP-MIH-DT] draft-melia-mipshop-mstp-sol… Gabor.Bajko
- Re: [MIPSHOP-MIH-DT] draft-melia-mipshop-mstp-sol… Nada Golmie
- RE: [MIPSHOP-MIH-DT] draft-melia-mipshop-mstp-sol… Sam Xia
- Re: [MIPSHOP-MIH-DT] draft-melia-mipshop-mstp-sol… Subir Das
- RE: [MIPSHOP-MIH-DT] draft-melia-mipshop-mstp-sol… Gabor.Bajko
- RE: [MIPSHOP-MIH-DT] draft-melia-mipshop-mstp-sol… Gabor.Bajko
- Re: [MIPSHOP-MIH-DT] draft-melia-mipshop-mstp-sol… Subir Das