Re: [netlmm] Issue: Auth Option support
Julien Laganier <julien.IETF@laposte.net> Mon, 10 September 2007 09:28 UTC
Return-path: <netlmm-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IUfZ5-0001K3-AU; Mon, 10 Sep 2007 05:28:19 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IUfZ4-0001Jy-Mz for netlmm@ietf.org; Mon, 10 Sep 2007 05:28:18 -0400
Received: from ug-out-1314.google.com ([66.249.92.168]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IUfZ3-0007Ab-Fw for netlmm@ietf.org; Mon, 10 Sep 2007 05:28:18 -0400
Received: by ug-out-1314.google.com with SMTP id u2so1439494uge for <netlmm@ietf.org>; Mon, 10 Sep 2007 02:28:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:from:to:subject:date:user-agent:cc:references:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:message-id:sender; bh=PCBmhfvDf066lSjJzuEY4MNdWBmvIQBUxlGl2y057Y4=; b=lY5svSfSFLOodxhTSQkmVS8EhTLfd1GNTL2MBT0o70F5/XBOXfrZzvQkCZ65zT0ualrnGE7VOHL7CzHXocf9WmQcRaeZuc4S2Xo34VDRpGC+EAg5D9Vmmpzj10ZLdaNukfLx12VO/ZM2kruSfN3LSQM6YTNyZoVx68fIPgJYbBY=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:from:to:subject:date:user-agent:cc:references:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:message-id:sender; b=eXNFpl2V1ha8xBITrfM6G35XWKcrPMJ5jTKKdtecv5MW8zbeN+MnbLLQcVbpDbUUU0Ps6FK/WEiDhekYueVgswngBz1L8OdKcOdf2G+8iSnEXRk+By7qrgAWhzdlFTf2cKEnRB2uRalwoD/us97G8p/ywW2unne4wBmzfw++LUQ=
Received: by 10.67.32.13 with SMTP id k13mr4517598ugj.1189416496486; Mon, 10 Sep 2007 02:28:16 -0700 (PDT)
Received: from klee.local ( [212.119.9.178]) by mx.google.com with ESMTPS id e34sm9114686ugd.2007.09.10.02.28.13 (version=SSLv3 cipher=OTHER); Mon, 10 Sep 2007 02:28:14 -0700 (PDT)
From: Julien Laganier <julien.IETF@laposte.net>
To: netlmm@ietf.org
Subject: Re: [netlmm] Issue: Auth Option support
Date: Mon, 10 Sep 2007 11:28:08 +0200
User-Agent: KMail/1.9.6
References: <Pine.GSO.4.63.0708070000100.13701@irp-view13.cisco.com> <01e801c7f0c1$80e341c0$d4f6200a@amer.cisco.com> <46E4B02C.5010101@azairenet.com>
In-Reply-To: <46E4B02C.5010101@azairenet.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-15"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200709101128.08546.julien.IETF@laposte.net>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 769a46790fb42fbb0b0cc700c82f7081
Cc:
X-BeenThere: netlmm@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: NETLMM working group discussion list <netlmm.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/netlmm>, <mailto:netlmm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/netlmm>
List-Post: <mailto:netlmm@ietf.org>
List-Help: <mailto:netlmm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/netlmm>, <mailto:netlmm-request@ietf.org?subject=subscribe>
Errors-To: netlmm-bounces@ietf.org
Hi Vijay, One comment below, On Monday 10 September 2007, Vijay Devarapalli wrote: > Sri, > > I agree with "SHOULD" for using IPsec and "MUST" for supporting IPsec > on the MAG and the LMA. > > If thats the consensus, we need to modify a few sentences in the > draft. > > In section 4, replace > > > The signaling messages, Proxy Binding Update and Proxy Binding > > Acknowledgement, exchanged between the mobile access gateway and > > the local mobility anchor MUST be protected using IPsec [RFC-4301] > > and using the established security association between them. The > > security association of the specific mobile node for which the > > signaling message is initiated is not required for protecting these > > messages. > > with > > The signaling messages, Proxy Binding Update and Proxy Binding > Acknowledgement, exchanged between the mobile access gateway and > the local mobility anchor MUST be protected using security > associations established between them. The security association of > the specific mobile node for which the signaling message is initiated > is not required for protecting these messages. > > We need the MUST above since we have to say that the proxy BU and > proxy BAck must be protected, irrespective of whether IPsec or some > other mechanism is used. I understand you want to say that integrity and data origin authentication are MUST's. I'm thus suggesting a minor change to your text above (rest is fine with me): The Proxy Binding Update and Proxy Binding Acknowledgement signaling messages exchanged between the MAG and LMA MUST be protected using end-to-end security association(s) offering integrity and data origin authentication. A security association with the mobile node for which the signaling message is issued is not required for protection of these messages. --julien _______________________________________________ netlmm mailing list netlmm@ietf.org https://www1.ietf.org/mailman/listinfo/netlmm
- [netlmm] (no subject) LAI, SHOU WEN -HCHBJ
- RE: [netlmm] Issue: Auth Option support Alper Yegin
- RE: [netlmm] Issue: Auth Option support Sri Gundavelli
- [netlmm] (no subject) Christian Vogt
- [netlmm] Re: your mail Sri Gundavelli
- [netlmm] Issue: Auth Option support Sri Gundavelli
- RE: [netlmm] Issue: Auth Option support Alper Yegin
- Re: [netlmm] Issue: Auth Option support Christian Vogt
- Re: [netlmm] Issue: Auth Option support Vijay Devarapalli
- RE: [netlmm] Issue: Auth Option support Chowdhury, Kuntal
- RE: [netlmm] Issue: Auth Option support Sri Gundavelli
- Re: [netlmm] Issue: Auth Option support Alexandru Petrescu
- RE: [netlmm] Issue: Auth Option support Alper Yegin
- Re: [netlmm] Issue: Auth Option support Alexandru Petrescu
- Re: [netlmm] Issue: Auth Option support Julien Laganier
- Re: [netlmm] Issue: Auth Option support Alexandru Petrescu
- Re: [netlmm] Issue: Auth Option support Julien Laganier
- Re: [netlmm] Issue: Auth Option support Alexandru Petrescu
- RE: [netlmm] Issue: Auth Option support Sri Gundavelli
- RE: [netlmm] Issue: Auth Option support Narayanan, Vidya
- Re: [netlmm] Issue: Auth Option support Basavaraj Patil
- RE: [netlmm] Issue: Auth Option support Sri Gundavelli
- Re: [netlmm] Issue: Auth Option support Basavaraj Patil
- Re: [netlmm] Issue: Auth Option support Vijay Devarapalli
- RE: [netlmm] Issue: Auth Option support Sri Gundavelli
- RE: [netlmm] Issue: Auth Option support Alper Yegin
- Re: [netlmm] Issue: Auth Option support Julien Laganier
- RE: [netlmm] Issue: Auth Option support Ahmad Muhanna
- RE: [netlmm] Issue: Auth Option support Ahmad Muhanna
- Re: [netlmm] Issue: Auth Option support Vijay Devarapalli
- Re: [netlmm] Issue: Auth Option support Vijay Devarapalli
- Re: [netlmm] Issue: Auth Option support Vijay Devarapalli
- RE: [netlmm] Issue: Auth Option support DE JUAN HUARTE FEDERICO
- RE: [netlmm] Issue: Auth Option support Ahmad Muhanna
- RE: [netlmm] Issue: Auth Option support Alper Yegin
- RE: [netlmm] Issue: Auth Option support Alper Yegin
- Re: [netlmm] Issue: Auth Option support Vijay Devarapalli
- [netlmm] Question on security model DE JUAN HUARTE FEDERICO
- RE: [netlmm] Question on security model Sri Gundavelli
- [netlmm] RE: Question on security model Ahmad Muhanna
- Re: [netlmm] Question on security model Julien Laganier
- RE: [netlmm] Question on security model Alper Yegin
- [netlmm] (no subject) Lynoh MaGee