IETF Logo Mail Archive

Re: [netlmm] Issue: Auth Option support

Vijay Devarapalli <vijay.devarapalli@azairenet.com> Mon, 10 September 2007 15:00 UTC

Return-path: <netlmm-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IUkkv-0003QU-57; Mon, 10 Sep 2007 11:00:53 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IUkkt-0003O1-Nl for netlmm@ietf.org; Mon, 10 Sep 2007 11:00:51 -0400
Received: from mail2.azairenet.com ([207.47.15.6]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IUkks-0008IU-AQ for netlmm@ietf.org; Mon, 10 Sep 2007 11:00:51 -0400
Received: from [127.0.0.1] ([67.180.82.252]) by mail2.azairenet.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.1830); Mon, 10 Sep 2007 08:00:49 -0700
Message-ID: <46E55C1A.7060900@azairenet.com>
Date: Mon, 10 Sep 2007 08:00:42 -0700
From: Vijay Devarapalli <vijay.devarapalli@azairenet.com>
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: Julien Laganier <julien.IETF@laposte.net>
Subject: Re: [netlmm] Issue: Auth Option support
References: <Pine.GSO.4.63.0708070000100.13701@irp-view13.cisco.com> <01e801c7f0c1$80e341c0$d4f6200a@amer.cisco.com> <46E4B02C.5010101@azairenet.com> <200709101128.08546.julien.IETF@laposte.net>
In-Reply-To: <200709101128.08546.julien.IETF@laposte.net>
Content-Type: text/plain; charset="ISO-8859-15"; format="flowed"
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 10 Sep 2007 15:00:49.0243 (UTC) FILETIME=[5FA4FAB0:01C7F3BB]
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 0ddefe323dd869ab027dbfff7eff0465
Cc: netlmm@ietf.org
X-BeenThere: netlmm@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: NETLMM working group discussion list <netlmm.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/netlmm>, <mailto:netlmm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/netlmm>
List-Post: <mailto:netlmm@ietf.org>
List-Help: <mailto:netlmm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/netlmm>, <mailto:netlmm-request@ietf.org?subject=subscribe>
Errors-To: netlmm-bounces@ietf.org

Julien Laganier wrote:
> Hi Vijay,
> 
> One comment below,
> 
> On Monday 10 September 2007, Vijay Devarapalli wrote:
>> Sri,
>>
>> I agree with "SHOULD" for using IPsec and "MUST" for supporting IPsec
>> on the MAG and the LMA.
>>
>> If thats the consensus, we need to modify a few sentences in the
>> draft.
>>
>> In section 4, replace
>>
>>>    The signaling messages, Proxy Binding Update and Proxy Binding
>>>    Acknowledgement, exchanged between the mobile access gateway and
>>> the local mobility anchor MUST be protected using IPsec [RFC-4301]
>>> and using the established security association between them.  The
>>> security association of the specific mobile node for which the
>>> signaling message is initiated is not required for protecting these
>>> messages.
>> with
>>
>>     The signaling messages, Proxy Binding Update and Proxy Binding
>>     Acknowledgement, exchanged between the mobile access gateway and
>> the local mobility anchor MUST be protected using security
>> associations established between them. The security association of
>> the specific mobile node for which the signaling message is initiated
>> is not required for protecting these messages.
>>
>> We need the MUST above since we have to say that the proxy BU and
>> proxy BAck must be protected, irrespective of whether IPsec or some
>> other mechanism is used.
> 
> I understand you want to say that integrity and data origin 
> authentication are MUST's. I'm thus suggesting a minor change to your 
> text above (rest is fine with me):
> 
>       The Proxy Binding Update and Proxy Binding Acknowledgement
>       signaling messages exchanged between the MAG and LMA MUST be
>       protected using end-to-end security association(s) offering
>       integrity and data origin authentication. A security association
>       with the mobile node for which the signaling message is issued is
>       not required for protection of these messages.

Sounds good to me.

Vijay

_______________________________________________
netlmm mailing list
netlmm@ietf.org
https://www1.ietf.org/mailman/listinfo/netlmm

v2.23.0 | Report a Bug | By Email