[Mipshop] Comments on drafts of hmip sa and hmipv6 security
"DENG, HUI -HCHBJ" <hdeng@hitachi.cn> Mon, 30 October 2006 05:30 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GePjR-0006dE-Ja; Mon, 30 Oct 2006 00:30:45 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GePjP-0006bb-DF for mipshop@ietf.org; Mon, 30 Oct 2006 00:30:43 -0500
Received: from static-ip-163-194-65-202.rev.dyxnet.com ([202.65.194.163] helo=hitachihk6.hitachi.cn) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1GePjI-0004T2-Jm for mipshop@ietf.org; Mon, 30 Oct 2006 00:30:43 -0500
Received: (qmail 7966 invoked from network); 30 Oct 2006 05:30:10 -0000
X-NetworkBox-HamSign: 0101;OUT;hitachihk6;1b9e155cd533f8c49e61e6ed4adebc5d;
Received: from unknown (HELO hitachihk5.hitachi.cn) (170.95.94.1) by static-ip-163-194-65-202.rev.dyxnet.com with SMTP; 30 Oct 2006 05:30:10 -0000
Received: (qmail 3071 invoked from network); 30 Oct 2006 05:30:10 -0000
X-NetworkBox-HamSign: 0101;OUT;hitachihk5;b664e2f83fc5cf05199b815fc882c9ac;
Received: from hchidc204.hitachi-china.com (HELO hchidc204.hitachi.cn) (170.95.82.6) by 172.16.10.9 with SMTP; 30 Oct 2006 05:30:10 -0000
Received: from hcbjdc2.hitachi.cn ([170.95.81.2]) by hchidc204.hitachi.cn with Microsoft SMTPSVC(6.0.3790.1830); Mon, 30 Oct 2006 13:30:09 +0800
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-7"
Content-Transfer-Encoding: 7bit
X-MimeOLE: Produced By Microsoft Exchange V6.0.6603.0
Date: Mon, 30 Oct 2006 13:30:08 +0800
Message-ID: <8386EDF347730C46BA47710F87AE1FE902BA0E@hcbjdc2>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Comments on drafts of hmip sa and hmipv6 security
Thread-Index: Acb59hOLjnRaZG/6QG瀳雞Ǭᘍ
From: "DENG, HUI -HCHBJ" <hdeng@hitachi.cn>
To: mipshop@ietf.org
X-OriginalArrivalTime: 30 Oct 2006 05:30:09.0792 (UTC) FILETIME=[77382000:01C6FBE4]
X-Scanned-By-hitachihk5: Virus scan performed by network-box
X-Scanned-By-hitachihk5: Scanner file id is hitachihk5-1162186210.314-3068-000
X-Scanned-By-hitachihk5: No known viruses found in message (received+scanned in 0.02/0.06 secs)
X-Scanned-By-hitachihk5: Spam-Check-Result: No, hits=0 required=7 tests= autolearn=no version=2.0
X-Spam-Status: No
X-Scanned-By-hitachihk6: Virus scan performed by network-box
X-Scanned-By-hitachihk6: Scanner file id is hitachihk6-1162186210.570-7956-000
X-Scanned-By-hitachihk6: No known viruses found in message (received+scanned in 0.02/0.04 secs)
X-Scanned-By-hitachihk6: Spam-Check-Result: No, hits=0 required=7 tests= autolearn=no version=2.0
X-Scanned-By-hitachihk6: Whitelisted with valid signature (outbound via Network Box hitachihk5)
X-Spam-Score: 0.1 (/)
X-Scan-Signature: f607d15ccc2bc4eaf3ade8ffa8af02a0
Subject: [Mipshop] Comments on drafts of hmip sa and hmipv6 security
X-BeenThere: mipshop@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: mipshop.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/mipshop>, <mailto:mipshop-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:mipshop@ietf.org>
List-Help: <mailto:mipshop-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/mipshop>, <mailto:mipshop-request@ietf.org?subject=subscribe>
Errors-To: mipshop-bounces@ietf.org
Hello,
After reading two drafts:
1) draft-yegin-hmip-sa-00.txt
2) draft-haddad-mipshop-hmipv6-security-06.txt
I would like to say sth here:
Since both two drafts talk about SA establishment between MN and MAP,
let's go to the definition of Security Association (SA) in RFC 2828.
<snip>
security association
(I) A relationship established between two or more entities to
enable them to protect data they exchange. The relationship is
used to negotiate characteristics of protection mechanisms, but
does not include the mechanisms themselves. (See: association.)
(C) A security association describes how entities will use
security services. The relationship is represented by a set of
information that is shared between the entities and is agreed upon
and considered a contract between them.
(O) IPsec usage: A simplex (uni-directional) logical connection
created for security purposes and implemented with either AH or
ESP (but not both). The security services offered by a security
association depend on the protocol selected, the IPsec mode
(transport or tunnel), the endpoints, and the election of optional
services within the protocol. A security association is identified
by a triple consisting of (a) a destination IP address, (b) a
protocol (AH or ESP) identifier, and (c) a Security Parameter
Index.
<snip>
draft-haddad-mipshop-hmipv6-security-06.txt does not mention
the cipher suite of the SA,
draft-yegin-hmip-sa-00.txt defined HMIP-SPI and increase by 1
per authentication, so how to get the common initial SPI which could
not be out of the scope of this draft.
Furthermore draft-yegin-hmip-sa-00.txt, whether we need dervie
hmip-key from MSK will be the question. isn't USRK better than MSK?
Regarding to security guarantee of HMIP, and if EAP is considered,
a full eap authentication procedure is not necessary each handover,
a handover key could be used to enhance this performance,
which has been described in our draft:
draft-deng-mipshop-hmip-hhokey-00.txt
Thanks for your comments,
-Hui
Disclaimer:
The contents of this e-mail, and its attachments, if any, are confidential and may be protected
by law against any unauthorized use. If you have received this e-mail by mistake or have
reason to believe that you are not the intended recipient, please notify the sender by reply
e-mail as soon as possible and delete it from your computer system immediately thereafter.
If you are not the intended recipient, you must not copy this e-mail or attachment or disclose
the contents to any other person. While we have made every effort to keep our network virus free,
we take no responsibility for any computer virus which might be transferred by way of this e-mail.
_______________________________________________
Mipshop mailing list
Mipshop@ietf.org
https://www1.ietf.org/mailman/listinfo/mipshop
- [Mipshop] Comments on drafts of hmip sa and hmipv… DENG, HUI -HCHBJ
- RE: [Mipshop] Comments on drafts of hmip sa and h… Alper Yegin
- Re: [Mipshop] Comments on drafts of hmip sa and h… liangjing