Re: [MEXT] [RFC3775 changes] Use of DHAAD mechanism?
Alexandru Petrescu <alexandru.petrescu@gmail.com> Tue, 18 December 2007 09:00 UTC
Return-path: <mext-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1J4YJr-0006hQ-Pe; Tue, 18 Dec 2007 04:00:55 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1J4YJp-0006ZW-Us for mext@ietf.org; Tue, 18 Dec 2007 04:00:53 -0500
Received: from mail119.messagelabs.com ([216.82.241.179]) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1J4YJp-0008KA-Iu for mext@ietf.org; Tue, 18 Dec 2007 04:00:53 -0500
X-VirusChecked: Checked
X-Env-Sender: alexandru.petrescu@gmail.com
X-Msg-Ref: server-8.tower-119.messagelabs.com!1197968452!27051474!1
X-StarScan-Version: 5.5.12.14.2; banners=.,-,-
X-Originating-IP: [144.189.100.101]
Received: (qmail 7093 invoked from network); 18 Dec 2007 09:00:52 -0000
Received: from motgate2.mot.com (HELO motgate2.mot.com) (144.189.100.101) by server-8.tower-119.messagelabs.com with SMTP; 18 Dec 2007 09:00:52 -0000
Received: from az33exr03.mot.com (az33exr03.mot.com [10.64.251.233]) by motgate2.mot.com (8.12.11/Motorola) with ESMTP id lBI90q7T012711; Tue, 18 Dec 2007 02:00:52 -0700 (MST)
Received: from az10vts04.mot.com (az10vts04.mot.com [10.64.251.245]) by az33exr03.mot.com (8.13.1/Vontu) with SMTP id lBI90pBW009577; Tue, 18 Dec 2007 03:00:51 -0600 (CST)
Received: from [127.0.0.1] (zfr01-2117.crm.mot.com [10.161.201.117]) by az33exr03.mot.com (8.13.1/8.13.0) with ESMTP id lBI90n7Q009490; Tue, 18 Dec 2007 03:00:50 -0600 (CST)
Message-ID: <47678C3B.5080401@gmail.com>
Date: Tue, 18 Dec 2007 10:00:43 +0100
From: Alexandru Petrescu <alexandru.petrescu@gmail.com>
User-Agent: Thunderbird 2.0.0.9 (Windows/20071031)
MIME-Version: 1.0
To: Jean-Michel Combes <jeanmichel.combes@gmail.com>
Subject: Re: [MEXT] [RFC3775 changes] Use of DHAAD mechanism?
References: <729b68be0712110521g51bde3c5wb83d8569fa170449@mail.gmail.com> <475FF84F.7000802@gmail.com> <729b68be0712171524gcc5d42xb1294369e65e72c6@mail.gmail.com>
In-Reply-To: <729b68be0712171524gcc5d42xb1294369e65e72c6@mail.gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Antivirus: avast! (VPS 071217-0, 17/12/2007), Outbound message
X-Antivirus-Status: Clean
X-CFilter-Loop: Reflected
X-Spam-Score: -4.0 (----)
X-Scan-Signature: 25620135586de10c627e3628c432b04a
Cc: mext@ietf.org
X-BeenThere: mext@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Mobile IPv6 EXTensions WG <mext.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/mext>, <mailto:mext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/mext>
List-Post: <mailto:mext@ietf.org>
List-Help: <mailto:mext-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/mext>, <mailto:mext-request@ietf.org?subject=subscribe>
Errors-To: mext-bounces@ietf.org
Jean-Michel Combes wrote: > Hi Alex, > > 2007/12/12, Alexandru Petrescu <alexandru.petrescu@gmail.com>: >> Jean-Michel Combes wrote: >>> Hi, >>> >>> >>> Section, sub-section and paragraph involved: 5.3, 6.5, 6.6, 10.5, >>> 11.4.1 >>> >>> OLD TEXT: -- >>> >>> NEW TEXT: None >>> >>> Motivations: - Two proposals have been specified and adopted by >>> the MIP6 WG to allow a MN to get its HA (i.e. bootstrapping >>> mechanisms for the split and the integrated scenario). - The >>> present DHAAD mechanism is, more or less, a scanning tool >>> allowing anyone to know what/where are the HAs owned by a >>> Mobility Service Provider. - AFAIK, DHAAD has not a critical use >>> in others MIPv6 based protocols >>> >>> So, I wonder if it is still useful to keep the DHAAD mechanism in >>> the MIPv6 specification. >>> >>> Comments are welcome. >> I support keeping DHAAD in the current spec. If necessary, I can >> suggest new clarifying text saying that DHAAD used in conjunction >> with MPD and a proper IPsec SA setting leads to effective HA >> address and Home Address bootstrapping on MN while at home and >> while away from home. > > In your reply, there are 2 points: > > o DHAAD is unsecured I'm not sure how much insecure it is. I agree that the semantics of a anycast address seem less securable than a unicast address (with IPsec.) > I strongly agree and this is one reason of this thread. There was a > long discussion, IIRC, at Yokohama about this point but, again IIRC, > at the moment, DHAAD was the only mechanism for a MN to discover its > potential HAs. There were drafts about this security issue and > potential solutions: at first to secure DHAAD > (draft-dupont-mip6-dhaadharmful) and, later, the MIPv6 bootstrapping > solution in the split scenario (draft-dupont-ikev2-haassign). Any address discovery mechanism has an insecurity part in it. DHCPv6 has too. It's not like there's a secure counterpart that we should use instead of the insecure DHAAD. IKEv2 could securely assign the HA and maybe the HoA too, but maybe has too many message exchanges. > o DHAAD as alternative MIPv6 bootstrapping solution That would mean > to keep a third MIPv6 bootstrapping solution. I'd call it a 0th :-) > So, IHMO, I still don't see concrete/critical reasons to keep the > DHAAD mechanism in the RFC3775bis. Ok, let's see. Alex ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________ _______________________________________________ MEXT mailing list MEXT@ietf.org https://www1.ietf.org/mailman/listinfo/mext
- [MEXT] [RFC3775 changes] Use of DHAAD mechanism? Jean-Michel Combes
- Re: [MEXT] [RFC3775 changes] Use of DHAAD mechani… Alexandru Petrescu
- Re: [MEXT] [RFC3775 changes] Use of DHAAD mechani… George Tsirtsis
- Re: [MEXT] [RFC3775 changes] Use of DHAAD mechani… Vijay Devarapalli
- Re: [MEXT] [RFC3775 changes] Use of DHAAD mechani… Basavaraj Patil
- Re: [MEXT] [RFC3775 changes] Use of DHAAD mechani… Jean-Michel Combes
- Re: [MEXT] [RFC3775 changes] Use of DHAAD mechani… Jean-Michel Combes
- Re: [MEXT] [RFC3775 changes] Use of DHAAD mechani… Jean-Michel Combes
- Re: [MEXT] [RFC3775 changes] Use of DHAAD mechani… Vijay Devarapalli
- Re: [MEXT] [RFC3775 changes] Use of DHAAD mechani… Jean-Michel Combes
- Re: [MEXT] [RFC3775 changes] Use of DHAAD mechani… George Tsirtsis
- Re: [MEXT] [RFC3775 changes] Use of DHAAD mechani… Alexandru Petrescu
- Re: [MEXT] [RFC3775 changes] Use of DHAAD mechani… Jean-Michel Combes
- Re: [MEXT] [RFC3775 changes] Use of DHAAD mechani… Jean-Michel Combes
- Re: [MEXT] [RFC3775 changes] Use of DHAAD mechani… Vijay Devarapalli
- Re: [MEXT] [RFC3775 changes] Use of DHAAD mechani… Alexandru Petrescu
- Re: [MEXT] [RFC3775 changes] Use of DHAAD mechani… Jean-Michel Combes
- Re: [MEXT] [RFC3775 changes] Use of DHAAD mechani… Charles E. Perkins
- Re: [MEXT] [RFC3775 changes] Use of DHAAD mechani… Jean-Michel Combes
- Re: [MEXT] [RFC3775 changes] Use of DHAAD mechani… Jean-Michel Combes
- Re: [MEXT] [RFC3775 changes] Wrap-up on "Use of D… Julien Laganier
- Re: [MEXT] [RFC3775 changes] Use of DHAAD mechani… Alexandru Petrescu
- Re: [MEXT] [RFC3775 changes] Use of DHAAD mechani… Francis Dupont
- Re: [MEXT] [RFC3775 changes] Use of DHAAD mechani… Jean-Michel Combes
- Re: [MEXT] [RFC3775 changes] Use of DHAAD mechani… Alexandru Petrescu
- Re: [MEXT] [RFC3775 changes] Use of DHAAD mechani… Alexandru Petrescu
- Re: [MEXT] [RFC3775 changes] Use of DHAAD mechani… Francis Dupont
- Re: [MEXT] [RFC3775 changes] Use of DHAAD mechani… Francis Dupont
- Re: [MEXT] [RFC3775 changes] Use of DHAAD mechani… Alexandru Petrescu
- Re: [MEXT] [RFC3775 changes] Use of DHAAD mechani… Francis Dupont
- Re: [MEXT] Relying on DNS and AAA instead of DHAA… Alexandru Petrescu
- Re: [MEXT] [RFC3775 changes] Use of DHAAD mechani… Jean-Michel Combes
- Re: [MEXT] Relying on DNS and AAA instead of DHAA… Jean-Michel Combes
- Re: [MEXT] Relying on DNS and AAA instead of DHAA… Francis Dupont
- Re: [MEXT] Relying on DNS and AAA instead of DHAA… George Tsirtsis
- Re: [MEXT] Relying on DNS and AAA instead of DHAA… Jean-Michel Combes
- Re: [MEXT] Relying on DNS and AAA instead of DHAA… Sri Gundavelli
- Re: [MEXT] [RFC3775 changes] Wrap-up on "Use of D… George Tsirtsis
- Re: [MEXT] [RFC3775 changes] Wrap-up on "Use of D… Jean-Michel Combes
- Re: [MEXT] [RFC3775 changes] Wrap-up on "Use of D… Jean-Michel Combes
- Re: [MEXT] [RFC3775 changes] Wrap-up on "Use of D… Alexandru Petrescu
- Re: [MEXT] [RFC3775 changes] Wrap-up on "Use of D… Julien Laganier
- Re: [MEXT] [RFC3775 changes] Wrap-up on "Use of D… Julien Laganier
- Re: [MEXT] [RFC3775 changes] Wrap-up on "Use of D… Alexandru Petrescu
- Re: [MEXT] [RFC3775 changes] Wrap-up on "Use of D… Julien Laganier
- Re: [MEXT] [RFC3775 changes] Wrap-up on "Use of D… Alexandru Petrescu
- Re: [MEXT] [RFC3775 changes] Wrap-up on "Use of D… Julien Laganier
- Re: [MEXT] [RFC3775 changes] Wrap-up on "Use of D… Jean-Michel Combes
- Re: [MEXT] [RFC3775 changes] Wrap-up on "Use of D… Alexandru Petrescu
- Re: [MEXT] [RFC3775 changes] Wrap-up on "Use of D… Alexandru Petrescu
- Re: [MEXT] [RFC3775 changes] Wrap-up on "Use of D… Alexandru Petrescu
- Re: [MEXT] [RFC3775 changes] Wrap-up on "Use of D… Alexandru Petrescu
- Re: [MEXT] [RFC3775 changes] Wrap-up on "Use of D… Vijay Devarapalli
- Re: [MEXT] [RFC3775 changes] Wrap-up on "Use of D… Vijay Devarapalli
- Re: [MEXT] [RFC3775 changes] Wrap-up on "Use of D… Benjamin Lim
- Re: [MEXT] [RFC3775 changes] Wrap-up on "Use of D… Alexandru Petrescu
- Re: [MEXT] [RFC3775 changes] Wrap-up on "Use of D… Vijay Devarapalli
- Re: [MEXT] [RFC3775 changes] Wrap-up on "Use of D… Vijay Devarapalli
- Re: [MEXT] [RFC3775 changes] Wrap-up on "Use of D… Alexandru Petrescu
- Re: [MEXT] [RFC3775 changes] Wrap-up on "Use of D… Jean-Michel Combes
- Re: [MEXT] [RFC3775 changes] Wrap-up on "Use of D… Alexandru Petrescu
- Re: [MEXT] [RFC3775 changes] Wrap-up on "Use of D… Jean-Michel Combes
- Re: [MEXT] [RFC3775 changes] Wrap-up on "Use of D… Vijay Devarapalli
- Re: [MEXT] [RFC3775 changes] Wrap-up on "Use of D… George Tsirtsis
- Re: [MEXT] [RFC3775 changes] Wrap-up on "Use of D… Alexandru Petrescu
- Re: [MEXT] [RFC3775 changes] Wrap-up on "Use of D… George Tsirtsis
- Re: [MEXT] improving rfc3775 by replacing dhaad, … Alexandru Petrescu
- Re: [MEXT] improving rfc3775 by replacing dhaad, … George Tsirtsis
- Re: [MEXT] improving rfc3775 by replacing dhaad, … Alexandru Petrescu
- [MEXT] [RFC3775 changes] Wrap-up Take II on "Use … Julien Laganier
- Re: [MEXT] [RFC3775 changes] Wrap-up Take II on "… George Tsirtsis
- Re: [MEXT] [RFC3775 changes] Wrap-up Take II on "… Alexandru Petrescu
- Re: [MEXT] [RFC3775 changes] Wrap-up Take II on "… Vijay Devarapalli
- Re: [MEXT] [RFC3775 changes] Wrap-up Take II on "… Jean-Michel Combes
- Re: [MEXT] [RFC3775 changes] Wrap-up Take II on "… Jean-Michel Combes
- Re: [MEXT] [RFC3775 changes] Wrap-up Take II on "… Vijay Devarapalli