Re: [netext] Stephen Farrell's Discuss on draft-ietf-netext-update-notifications-08: (with DISCUSS and COMMENT)

"Sri Gundavelli (sgundave)" <> Tue, 24 September 2013 13:27 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 1721E11E8122; Tue, 24 Sep 2013 06:27:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 6Pn4sGvHcU20; Tue, 24 Sep 2013 06:27:44 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 6386311E811E; Tue, 24 Sep 2013 06:27:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;;; l=1436; q=dns/txt; s=iport; t=1380029264; x=1381238864; h=from:to:cc:subject:date:message-id:in-reply-to: content-id:content-transfer-encoding:mime-version; bh=+PHAdeyapithEVv5eYTNjk1kalxgM1xBX4a/tQSd7Wg=; b=Cxn/ID5NzrOJd8eB62KYXYCWLDMoYsiPBg9qlIMzxkA1bVLpVRDKCI0F 4VHB3dJ6Mq3dXwPCndBKAp4fEtd96jiw88w3n+9s+d6zvkzRwwDaO8BVw KXvu3R3DkD8f3Xp2pG386ng00ouGyg08d+ktmsHSm19Evw5lgUwgq5NiA g=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="4.90,970,1371081600"; d="scan'208";a="263807753"
Received: from ([]) by with ESMTP; 24 Sep 2013 13:27:44 +0000
Received: from ( []) by (8.14.5/8.14.5) with ESMTP id r8ODRhVw011576 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Tue, 24 Sep 2013 13:27:43 GMT
Received: from ([]) by ([]) with mapi id 14.02.0318.004; Tue, 24 Sep 2013 08:27:43 -0500
From: "Sri Gundavelli (sgundave)" <>
To: Stephen Farrell <>, The IESG <>
Thread-Topic: Stephen Farrell's Discuss on draft-ietf-netext-update-notifications-08: (with DISCUSS and COMMENT)
Thread-Index: AQHOuSnZF13R9nrGG0696RVYFVYAZQ==
Date: Tue, 24 Sep 2013 13:27:43 +0000
Message-ID: <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
user-agent: Microsoft-MacOutlook/
x-originating-ip: []
Content-Type: text/plain; charset="Windows-1252"
Content-ID: <>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "" <>, "" <>, "" <>
Subject: Re: [netext] Stephen Farrell's Discuss on draft-ietf-netext-update-notifications-08: (with DISCUSS and COMMENT)
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Mailing list for discusion of extensions to network mobility protocol, i.e PMIP6. " <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 24 Sep 2013 13:27:50 -0000


On 9/24/13 5:56 AM, "Stephen Farrell" <> wrote:

>On 09/24/2013 01:53 PM, Sri Gundavelli (sgundave) wrote:
>>Hi Stephen,
>>Thanks for the reviews.
>>>5.2: What happens if the IPsec SA is re-negotiated
>>Renegotiation of IPSec SA should result in updated SPD and PAD entries at
>>both the peers. Wondering, if MAG/LMA entities need to be aware of this,
>>or assume IKEv2/IPsec layer is handling that. SA Renegotiation could
>>potentially occur in the base protocol without this extension as well.
>>thinking, as long as the SPD entries cover the new MH type, the
>>handling/validation is happening at the correct layers and no new checks
>>are needed.
>Perhaps those checks are already needed. What is currently done
>in implementations?

Not beyond ensuring that the MH message that made it to the MIP layer had
IPSec protection. There are no special interactions between MIP and IPsec
layer, at least not in PMIP. For CMIP, there is lot of dance in 5555, for
supporting NAT traversalŠthere they both almost live together ...

>But is the current text about "same SA" correct? I don't recall
>such text in the base spec, but maybe its there. And presumably
>re-negotiation is more likely when pushing notifications.

Can rephrase this to suggest, "currently established Security Association
for protecting PBU/PBA Š"