IETF Logo Mail Archive

Re: CGA-based HoA generation for MIP6 (was RE: [Mipshop] Review of draft-arkko-mipshop-cga-cba-04)

Lakshminath Dondeti <ldondeti@qualcomm.com> Tue, 15 August 2006 16:48 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GD25X-0004L9-43; Tue, 15 Aug 2006 12:48:23 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GD25W-0004L3-8p for mipshop@ietf.org; Tue, 15 Aug 2006 12:48:22 -0400
Received: from ithilien.qualcomm.com ([129.46.51.59]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GD25T-0007sa-SD for mipshop@ietf.org; Tue, 15 Aug 2006 12:48:22 -0400
Received: from crowley.qualcomm.com (crowley.qualcomm.com [129.46.61.151]) by ithilien.qualcomm.com (8.13.6/8.12.5/1.0) with ESMTP id k7FGmCug014751 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Tue, 15 Aug 2006 09:48:14 -0700
Received: from LDONDETI.qualcomm.com (ldondeti.na.qualcomm.com [129.46.173.20]) by crowley.qualcomm.com (8.13.6/8.13.6/1.0) with ESMTP id k7FGm6PY015023 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Tue, 15 Aug 2006 09:48:11 -0700 (PDT)
Message-Id: <7.0.1.0.2.20060815094403.05b12f28@qualcomm.com>
X-Mailer: QUALCOMM Windows Eudora Version 7.0.1.0
Date: Tue, 15 Aug 2006 09:47:57 -0700
To: Jari Arkko <jari.arkko@piuha.net>, Christian Vogt <chvogt@tm.uka.de>
From: Lakshminath Dondeti <ldondeti@qualcomm.com>
Subject: Re: CGA-based HoA generation for MIP6 (was RE: [Mipshop] Review of draft-arkko-mipshop-cga-cba-04)
In-Reply-To: <44E1C024.8020103@piuha.net>
References: <C24CB51D5AA800449982D9BCB903251311A60A@NAEX13.na.qualcomm.com> <44E1AB09.2070904@tm.uka.de> <44E1C024.8020103@piuha.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
X-Spam-Score: 0.0 (/)
X-Scan-Signature: a7d6aff76b15f3f56fcb94490e1052e4
Cc: mipshop@ietf.org
X-BeenThere: mipshop@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: mipshop.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/mipshop>, <mailto:mipshop-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:mipshop@ietf.org>
List-Help: <mailto:mipshop-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/mipshop>, <mailto:mipshop-request@ietf.org?subject=subscribe>
Errors-To: mipshop-bounces@ietf.org

At 05:37 AM 8/15/2006, Jari Arkko wrote:
>Christian Vogt wrote:
>
> >From a security perspective, I don't currently see a requirement for the
> >HA to know that the HoA is CGA-based, given that all MN-HA security is
> >IPsec-based:
> >
>Agreed.

I am confused by this and trying to understand the 
statement.  Doesn't this really depend on the security 
requirements?  CGAs and secure channels (IPsec SA) provide very 
different things.  We might say that there are no current 
requirements for HoA authorization and I can buy that, but saying 
that the presence of an IPsec-based secure channel obviates the need 
for CGAs confuses me.  What am I missing?

regards,
Lakshminath


> >From a practical standpoint, there may be a benefit for the HA to know
> >that the MN's HoA is CGA-based.
> >
> >
>Its possible to design mechanisms that employ the same
>tools also for the home agent registrations, or use the
>help of the home agent in the RO process. Such mechanisms
>would likely have some advantages. OTOH, there is also
>some value in keeping the two RO and HA registration
>mechanisms separate. E.g., you don't have to sync HA and
>MN code updates. IKEv2, auth option, and RFC 3776 all
>can support CGAs, though some with extra config effort.
>
>--Jari
>
>
>_______________________________________________
>Mipshop mailing list
>Mipshop@ietf.org
>https://www1.ietf.org/mailman/listinfo/mipshop


_______________________________________________
Mipshop mailing list
Mipshop@ietf.org
https://www1.ietf.org/mailman/listinfo/mipshop

v2.23.0 | Report a Bug | By Email