RE: [MIPSHOP-MIH-DT] draft-melia-mipshop-mstp-solution-01a.txt
<Gabor.Bajko@nokia.com> Mon, 19 November 2007 03:00 UTC
Return-path: <mipshop-mih-dt-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1Itwrj-00053f-5j; Sun, 18 Nov 2007 22:00:03 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Itwrh-00053a-GQ for mipshop-mih-dt@ietf.org; Sun, 18 Nov 2007 22:00:01 -0500
Received: from smtp.nokia.com ([192.100.122.233] helo=mgw-mx06.nokia.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Itwre-00027H-Hl for mipshop-mih-dt@ietf.org; Sun, 18 Nov 2007 22:00:01 -0500
Received: from esebh106.NOE.Nokia.com (esebh106.ntc.nokia.com [172.21.138.213]) by mgw-mx06.nokia.com (Switch-3.2.6/Switch-3.2.6) with ESMTP id lAJ2xjCx009299; Mon, 19 Nov 2007 04:59:56 +0200
Received: from daebh101.NOE.Nokia.com ([10.241.35.111]) by esebh106.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 19 Nov 2007 04:59:45 +0200
Received: from daebe103.NOE.Nokia.com ([10.241.35.24]) by daebh101.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.1830); Sun, 18 Nov 2007 20:59:43 -0600
x-mimeole: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [MIPSHOP-MIH-DT] draft-melia-mipshop-mstp-solution-01a.txt
Date: Sun, 18 Nov 2007 20:59:40 -0600
Message-ID: <E5E76343C87BB34ABC6C3FDF3B31272701B00D9C@daebe103.NOE.Nokia.com>
In-Reply-To: <473A2D1F.5040604@research.telcordia.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [MIPSHOP-MIH-DT] draft-melia-mipshop-mstp-solution-01a.txt
Thread-Index: AcgmSVoP+mCEQguwS6edJsK+tLdK/QEDp1QA
References: <4739D881.3000407@nw.neclab.eu> <473A2D1F.5040604@research.telcordia.com>
From: Gabor.Bajko@nokia.com
To: subir@research.telcordia.com, melia@nw.neclab.eu
X-OriginalArrivalTime: 19 Nov 2007 02:59:43.0587 (UTC) FILETIME=[3C384B30:01C82A58]
X-Nokia-AV: Clean
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 8f374d0786b25a451ef87d82c076f593
Cc: mipshop-mih-dt@ietf.org
X-BeenThere: mipshop-mih-dt@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: MIPSHOP Media Independent Handover Design Team List <mipshop-mih-dt.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/mipshop-mih-dt>, <mailto:mipshop-mih-dt-request@ietf.org?subject=unsubscribe>
List-Archive: <https://www1.ietf.org/mailman/private/mipshop-mih-dt>
List-Post: <mailto:mipshop-mih-dt@ietf.org>
List-Help: <mailto:mipshop-mih-dt-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/mipshop-mih-dt>, <mailto:mipshop-mih-dt-request@ietf.org?subject=subscribe>
Errors-To: mipshop-mih-dt-bounces@ietf.org
Tele, Subir, Please note that [I-D.ietf-dnsop-dnssec-operational-practices] is RFC4641, so please refer to this RFC number instead. And add the RFC to the informative references section. - gabor -----Original Message----- From: ext Subir Das [mailto:subir@research.telcordia.com] Sent: Tuesday, November 13, 2007 3:03 PM To: Telemaco Melia Cc: mipshop-mih-dt@ietf.org Subject: Re: [MIPSHOP-MIH-DT] draft-melia-mipshop-mstp-solution-01a.txt Tele, Here is the updated Security section that is fine with Yoshi. However, he suggests to add the capability to know the security protocol of choice at the server side during discovery. I discussed with Gabor and he will look into this and find if it can be done by defining a new NAPTR, otherwise I will discuss with Yoshi again and update to you. 8. Security Considerations There are a number of security issues that need to be taken into account during node discovery and information exchange via a transport connection [I-D.ietf-mipshop-mis-ps]. In case where DHCP is used for node discovery and authentication of the source and content of DHCP messages are required, it is recommended to use either DHCP authentication option described in [RFC3118], where available or rely upon link layer security. This will also protect the denial of service attacks to DHCP server.[RFC3118] provides mechanisms for both entity authentication and message authentication. In case where DNS is used for discovering MoS, fake DNS requests and responses may cause DoS and the inability of the MN to perform a proper handover, respectively. Where networks are exposed to such DoS, it is recommended that DNS service providers use the Domain Name System Security Extensions (DNSSEC) as described in [RFC4033]. Readers may also refer to [I-D.ietf-dnsop-dnssec-operational-practices] to consider the aspects of DNSSEC Operational Practices. In case where reliable transport protocol such as TCP is used for transport connection between two MIHF peers, TLS [RFC4346] should be used for message confidentiality and data integrity. In particular, TLS is designed for client/server applications and to prevent eavesdropping, tampering, or message forgery. Readers should also follow the recommendations in [RFC4366] that provides generic extension mechanisms for the TLS protocol suitable for wireless environments. In case where unreliable transport protocol such as UDP is used for transport connection between two MIHF peers, DTLS [RFC4347] should be used for message confidentiality and data integrity. The DTLS protocol is based on the Transport Layer Security (TLS) protocol and provides equivalent security guarantees. Alternatively, generic IP layer security, such as IPSec [RFC2401] may be used where neither transport layer security for a specific transport is available nor server only authentication is required Telemaco Melia wrote: > Guys, > file:///C:/Documents%20and%20Settings/subir/Desktop/GDQ%20Corporate%20 > Directory.lnk <cid:part1.00010001.04030101@research.telcordia.com> > I started the editorial work considering the APs agreed last AC. > I summarize in the following the list of issues and mark them as > solved/open. > I ll be in the office still for a while. Let me know if you wan the > xml to directly edit the text. > > > - Do not mandate anything to .21 on the use of MIHFIDs: SOLVED The > text has been removed accordingly > > - mandate both TCP/UDP server side and leave it optional for MN" > SOLVED Text has been added at the end of section 6. > - Gabor to update the DNS draft to reflect previous point: OPEN > > - Gabor to revise section 5: OPEN > Text has been proposed and the section adjusted. Still work needed. > > - Gabor to update DHCP option draft for scenario 3: OPEN I added the > reference to the draft the integrated bootstrapping ID refers to > (draft-ietf-mip6-hiopt-08.txt) I think the DHCP option document should > contain something similar. > > - me/Subir to suggest AAA extensions based on > draft-ietf-dime-mip6-integrated-06.txt: OPEN I did not touch this yet. > We can simply refer to it for the time being. > > - Subir to revise the flow example: SOLVED > > - Nada to revise the terminology section: SOLVED I already integrated > the text David proposed. > > - Subir to propose some text for L2 security for DHCP: OPEN > > - Subir to propose text discussing the issue when DHCP authentication > is not available: OPEN > > - Subit to clarify with Yoshi about DTLS/TLS: OPEN > > - Tele to expand section 5.3: OPEN > > - Tele to add text that scenario 5.4 only holds for IS: OPEN > > - No need to change MoS to PoS: SOLVED > > - Nada to check with David for additional flows: OPEN > > > > > Tele > > > ---------------------------------------------------------------------- > -- > > _______________________________________________ > MIPSHOP-MIH-DT mailing list > MIPSHOP-MIH-DT@ietf.org > https://www1.ietf.org/mailman/listinfo/mipshop-mih-dt _______________________________________________ MIPSHOP-MIH-DT mailing list MIPSHOP-MIH-DT@ietf.org https://www1.ietf.org/mailman/listinfo/mipshop-mih-dt _______________________________________________ MIPSHOP-MIH-DT mailing list MIPSHOP-MIH-DT@ietf.org https://www1.ietf.org/mailman/listinfo/mipshop-mih-dt
- [MIPSHOP-MIH-DT] draft-melia-mipshop-mstp-solutio… Telemaco Melia
- Re: [MIPSHOP-MIH-DT] draft-melia-mipshop-mstp-sol… Nada Golmie
- Re: [MIPSHOP-MIH-DT] draft-melia-mipshop-mstp-sol… Subir Das
- Re: [MIPSHOP-MIH-DT] draft-melia-mipshop-mstp-sol… Subir Das
- RE: [MIPSHOP-MIH-DT] draft-melia-mipshop-mstp-sol… Gabor.Bajko
- Re: [MIPSHOP-MIH-DT] draft-melia-mipshop-mstp-sol… Telemaco Melia
- Re: [MIPSHOP-MIH-DT] draft-melia-mipshop-mstp-sol… Telemaco Melia
- Re: [MIPSHOP-MIH-DT] draft-melia-mipshop-mstp-sol… Nada Golmie
- RE: [MIPSHOP-MIH-DT] draft-melia-mipshop-mstp-sol… Gabor.Bajko
- Re: [MIPSHOP-MIH-DT] draft-melia-mipshop-mstp-sol… Nada Golmie
- RE: [MIPSHOP-MIH-DT] draft-melia-mipshop-mstp-sol… Sam Xia
- Re: [MIPSHOP-MIH-DT] draft-melia-mipshop-mstp-sol… Subir Das
- RE: [MIPSHOP-MIH-DT] draft-melia-mipshop-mstp-sol… Gabor.Bajko
- RE: [MIPSHOP-MIH-DT] draft-melia-mipshop-mstp-sol… Gabor.Bajko
- Re: [MIPSHOP-MIH-DT] draft-melia-mipshop-mstp-sol… Subir Das