Re: [netlmm] Issue: Auth Option support
Vijay Devarapalli <vijay.devarapalli@azairenet.com> Mon, 10 September 2007 15:00 UTC
Return-path: <netlmm-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IUkkv-0003QU-57; Mon, 10 Sep 2007 11:00:53 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IUkkt-0003O1-Nl for netlmm@ietf.org; Mon, 10 Sep 2007 11:00:51 -0400
Received: from mail2.azairenet.com ([207.47.15.6]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IUkks-0008IU-AQ for netlmm@ietf.org; Mon, 10 Sep 2007 11:00:51 -0400
Received: from [127.0.0.1] ([67.180.82.252]) by mail2.azairenet.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.1830); Mon, 10 Sep 2007 08:00:49 -0700
Message-ID: <46E55C1A.7060900@azairenet.com>
Date: Mon, 10 Sep 2007 08:00:42 -0700
From: Vijay Devarapalli <vijay.devarapalli@azairenet.com>
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: Julien Laganier <julien.IETF@laposte.net>
Subject: Re: [netlmm] Issue: Auth Option support
References: <Pine.GSO.4.63.0708070000100.13701@irp-view13.cisco.com> <01e801c7f0c1$80e341c0$d4f6200a@amer.cisco.com> <46E4B02C.5010101@azairenet.com> <200709101128.08546.julien.IETF@laposte.net>
In-Reply-To: <200709101128.08546.julien.IETF@laposte.net>
Content-Type: text/plain; charset="ISO-8859-15"; format="flowed"
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 10 Sep 2007 15:00:49.0243 (UTC) FILETIME=[5FA4FAB0:01C7F3BB]
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 0ddefe323dd869ab027dbfff7eff0465
Cc: netlmm@ietf.org
X-BeenThere: netlmm@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: NETLMM working group discussion list <netlmm.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/netlmm>, <mailto:netlmm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/netlmm>
List-Post: <mailto:netlmm@ietf.org>
List-Help: <mailto:netlmm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/netlmm>, <mailto:netlmm-request@ietf.org?subject=subscribe>
Errors-To: netlmm-bounces@ietf.org
Julien Laganier wrote: > Hi Vijay, > > One comment below, > > On Monday 10 September 2007, Vijay Devarapalli wrote: >> Sri, >> >> I agree with "SHOULD" for using IPsec and "MUST" for supporting IPsec >> on the MAG and the LMA. >> >> If thats the consensus, we need to modify a few sentences in the >> draft. >> >> In section 4, replace >> >>> The signaling messages, Proxy Binding Update and Proxy Binding >>> Acknowledgement, exchanged between the mobile access gateway and >>> the local mobility anchor MUST be protected using IPsec [RFC-4301] >>> and using the established security association between them. The >>> security association of the specific mobile node for which the >>> signaling message is initiated is not required for protecting these >>> messages. >> with >> >> The signaling messages, Proxy Binding Update and Proxy Binding >> Acknowledgement, exchanged between the mobile access gateway and >> the local mobility anchor MUST be protected using security >> associations established between them. The security association of >> the specific mobile node for which the signaling message is initiated >> is not required for protecting these messages. >> >> We need the MUST above since we have to say that the proxy BU and >> proxy BAck must be protected, irrespective of whether IPsec or some >> other mechanism is used. > > I understand you want to say that integrity and data origin > authentication are MUST's. I'm thus suggesting a minor change to your > text above (rest is fine with me): > > The Proxy Binding Update and Proxy Binding Acknowledgement > signaling messages exchanged between the MAG and LMA MUST be > protected using end-to-end security association(s) offering > integrity and data origin authentication. A security association > with the mobile node for which the signaling message is issued is > not required for protection of these messages. Sounds good to me. Vijay _______________________________________________ netlmm mailing list netlmm@ietf.org https://www1.ietf.org/mailman/listinfo/netlmm
- [netlmm] (no subject) LAI, SHOU WEN -HCHBJ
- RE: [netlmm] Issue: Auth Option support Alper Yegin
- RE: [netlmm] Issue: Auth Option support Sri Gundavelli
- [netlmm] (no subject) Christian Vogt
- [netlmm] Re: your mail Sri Gundavelli
- [netlmm] Issue: Auth Option support Sri Gundavelli
- RE: [netlmm] Issue: Auth Option support Alper Yegin
- Re: [netlmm] Issue: Auth Option support Christian Vogt
- Re: [netlmm] Issue: Auth Option support Vijay Devarapalli
- RE: [netlmm] Issue: Auth Option support Chowdhury, Kuntal
- RE: [netlmm] Issue: Auth Option support Sri Gundavelli
- Re: [netlmm] Issue: Auth Option support Alexandru Petrescu
- RE: [netlmm] Issue: Auth Option support Alper Yegin
- Re: [netlmm] Issue: Auth Option support Alexandru Petrescu
- Re: [netlmm] Issue: Auth Option support Julien Laganier
- Re: [netlmm] Issue: Auth Option support Alexandru Petrescu
- Re: [netlmm] Issue: Auth Option support Julien Laganier
- Re: [netlmm] Issue: Auth Option support Alexandru Petrescu
- RE: [netlmm] Issue: Auth Option support Sri Gundavelli
- RE: [netlmm] Issue: Auth Option support Narayanan, Vidya
- Re: [netlmm] Issue: Auth Option support Basavaraj Patil
- RE: [netlmm] Issue: Auth Option support Sri Gundavelli
- Re: [netlmm] Issue: Auth Option support Basavaraj Patil
- Re: [netlmm] Issue: Auth Option support Vijay Devarapalli
- RE: [netlmm] Issue: Auth Option support Sri Gundavelli
- RE: [netlmm] Issue: Auth Option support Alper Yegin
- Re: [netlmm] Issue: Auth Option support Julien Laganier
- RE: [netlmm] Issue: Auth Option support Ahmad Muhanna
- RE: [netlmm] Issue: Auth Option support Ahmad Muhanna
- Re: [netlmm] Issue: Auth Option support Vijay Devarapalli
- Re: [netlmm] Issue: Auth Option support Vijay Devarapalli
- Re: [netlmm] Issue: Auth Option support Vijay Devarapalli
- RE: [netlmm] Issue: Auth Option support DE JUAN HUARTE FEDERICO
- RE: [netlmm] Issue: Auth Option support Ahmad Muhanna
- RE: [netlmm] Issue: Auth Option support Alper Yegin
- RE: [netlmm] Issue: Auth Option support Alper Yegin
- Re: [netlmm] Issue: Auth Option support Vijay Devarapalli
- [netlmm] Question on security model DE JUAN HUARTE FEDERICO
- RE: [netlmm] Question on security model Sri Gundavelli
- [netlmm] RE: Question on security model Ahmad Muhanna
- Re: [netlmm] Question on security model Julien Laganier
- RE: [netlmm] Question on security model Alper Yegin
- [netlmm] (no subject) Lynoh MaGee