IETF Logo Mail Archive

RE: [Seamoby] [issue30] How to handle bad MN's authorization Toke n?

Nakhjiri Madjid-MNAKHJI1 <Madjid.Nakhjiri@motorola.com> Mon, 15 December 2003 21:23 UTC

Received: from optimus.ietf.org ([132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA00655 for <seamoby-archive@odin.ietf.org>; Mon, 15 Dec 2003 16:23:32 -0500 (EST)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AW0BD-0007vV-B5 for seamoby-archive@odin.ietf.org; Mon, 15 Dec 2003 16:23:04 -0500
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id hBFLN3mZ030465 for seamoby-archive@odin.ietf.org; Mon, 15 Dec 2003 16:23:03 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AW0BD-0007vI-7k for seamoby-web-archive@optimus.ietf.org; Mon, 15 Dec 2003 16:23:03 -0500
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA00634 for <seamoby-web-archive@ietf.org>; Mon, 15 Dec 2003 16:23:00 -0500 (EST)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1AW0BB-0001HQ-00 for seamoby-web-archive@ietf.org; Mon, 15 Dec 2003 16:23:01 -0500
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1AW0BA-0001HI-00 for seamoby-web-archive@ietf.org; Mon, 15 Dec 2003 16:23:01 -0500
Received: from [132.151.1.19] (helo=optimus.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 1AW0BA-0001HC-00 for seamoby-web-archive@ietf.org; Mon, 15 Dec 2003 16:23:00 -0500
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AW0BA-0007uQ-Cl; Mon, 15 Dec 2003 16:23:00 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AW0Av-0007u1-OP for seamoby@optimus.ietf.org; Mon, 15 Dec 2003 16:22:46 -0500
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA00621 for <seamoby@ietf.org>; Mon, 15 Dec 2003 16:22:43 -0500 (EST)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1AW0At-0001Gv-00 for seamoby@ietf.org; Mon, 15 Dec 2003 16:22:44 -0500
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1AW0As-0001Go-00 for seamoby@ietf.org; Mon, 15 Dec 2003 16:22:43 -0500
Received: from motgate6.mot.com ([144.189.100.106]) by ietf-mx with esmtp (Exim 4.12) id 1AW0As-0001Gj-00 for seamoby@ietf.org; Mon, 15 Dec 2003 16:22:42 -0500
Received: from az33exr03.mot.com (pobox3.mot.com [10.64.251.242]) by motgate6.mot.com (Motorola/Motgate6) with ESMTP id hBFLM7EK027706 for <seamoby@ietf.org>; Mon, 15 Dec 2003 14:22:07 -0700 (MST)
Received: from il27exm02.cig.mot.com (il27exm02.cig.mot.com [10.17.193.3]) by az33exr03.mot.com (Motorola/az33exr03) with ESMTP id hBFLHln1001077 for <seamoby@ietf.org>; Mon, 15 Dec 2003 15:17:47 -0600
Received: by il27exm02.cig.mot.com with Internet Mail Service (5.5.2657.2) id <YWKBSTAG>; Mon, 15 Dec 2003 15:17:51 -0600
Message-ID: <EBF631554F9CD7118D0B00065BF34DCB03D2A79B@il27exm03.cig.mot.com>
From: Nakhjiri Madjid-MNAKHJI1 <Madjid.Nakhjiri@motorola.com>
To: 'Rajeev Koodli' <rajeev@iprg.nokia.com>, Nakhjiri Madjid-MNAKHJI1 <Madjid.Nakhjiri@motorola.com>
Cc: Seamoby CTP Issues <ctp_issues@danforsberg.info>, seamoby@ietf.org
Subject: RE: [Seamoby] [issue30] How to handle bad MN's authorization Toke n?
Date: Mon, 15 Dec 2003 15:17:47 -0600
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2657.2)
Content-Type: text/plain
Sender: seamoby-admin@ietf.org
Errors-To: seamoby-admin@ietf.org
X-BeenThere: seamoby@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/seamoby>, <mailto:seamoby-request@ietf.org?subject=unsubscribe>
List-Id: Context Transfer, Handoff Candidate Discovery, and Dormant Mode Host Alerting <seamoby.ietf.org>
List-Post: <mailto:seamoby@ietf.org>
List-Help: <mailto:seamoby-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/seamoby>, <mailto:seamoby-request@ietf.org?subject=subscribe>
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org
X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=no version=2.60

Hi Rajeev,

No that was not my original concern (although that is a valid concern)
the concern was somebody spoofing nAR, and hence the need for 
message authentication between pAR and nAR. 
Originally we didn't go as far as requiring message authentication
for all messages between pAR and nAR (and yes the routers should have
SAs, as the requirement stated, in case context delivery needs to be secure),
but that was when we didn't have authentication token by the users.
If you want the pAR to do something for every failed authentication 
token, then you are setting yourself for trouble (DoS attacks), especially
since CT has to happen so quickly. Does the nAR has to keep any state?

Madjid

-----Original Message-----
From: rajeev@darkstar.iprg.nokia.com
[mailto:rajeev@darkstar.iprg.nokia.com]On Behalf Of Rajeev Koodli
Sent: Friday, December 12, 2003 6:02 PM
To: Nakhjiri Madjid-MNAKHJI1
Cc: Seamoby CTP Issues; seamoby@ietf.org
Subject: Re: [Seamoby] [issue30] How to handle bad MN's authorization
Token?



Hi,

is your concern message tampering between pAR and nAR ?
If so, that should apply to all contexts. I think we address that
by saying the routers SHOULD have SAs.

Regards,

-Rajeev


Nakhjiri Madjid-MNAKHJI1 wrote:

> Rajeev,
>
> I don't recall whether there was a message authentication procedure between
> the pAR and nAR, if there is none, and the pAR can't verify the authorization
> token, then we may open the door to DoS attacks on the pAR. So responding to
> nAR may have bad consequences...
> If there is no message authentication between nAR and pAR, while you are expecting
> the MN to authenticate itself to pAR (to me this is half way solution), then the
> pAR should ignore the request.
>
> Madjid
>
> -----Original Message-----
> From: seamoby-admin@ietf.org [mailto:seamoby-admin@ietf.org]On Behalf Of
> Rajeev Koodli
> Sent: Monday, December 08, 2003 1:14 PM
> To: Seamoby CTP Issues
> Cc: seamoby@ietf.org
> Subject: Re: [Seamoby] [issue30] How to handle bad MN's authorization
> Token?
>
> John Loughney SEAMOBY-Issues wrote:
>
> > New submission from John Loughney <john.loughney@nokia.com>:
> >
> > In case nAR requests the transfer by a CTR message, the pAR must verify
> > the MN's authorization token. If this token is unvalid, what do we do ?
> >
> > Possible solutions:
> >
> >  - nothing ? the pAR does not answer to nAR.
> >  - pAR indicates the error to nAR:
> >         * In the CTD message.
> >         * In a error message which could carry error information.
> >
>
> pAR MUST respond to nAR with an appropriate error.
> nAR SHOULD convey the result to the MN.
>
> -Rajeev
>
> >
> > others ?
> >
> > ----------
> > category: Editorial
> > document: draft-ietf-seamoby-ctp-05.txt
> > messages: 39
> > nosy: jloughney
> > priority: Should Fix
> > status: No Discussion
> > title: How to handle bad MN's authorization Token?
> > _____________________________________________________________
> > Seamoby CTP Issues <ctp_issues@danforsberg.info>
> > <http://danforsberg.info:8080/draft-ietf-seamoby-ctp/issue30>
> > _____________________________________________________________
> >
> > _______________________________________________
> > Seamoby mailing list
> > Seamoby@ietf.org
> > https://www1.ietf.org/mailman/listinfo/seamoby
>
> _______________________________________________
> Seamoby mailing list
> Seamoby@ietf.org
> https://www1.ietf.org/mailman/listinfo/seamoby

_______________________________________________
Seamoby mailing list
Seamoby@ietf.org
https://www1.ietf.org/mailman/listinfo/seamoby

v2.23.0 | Report a Bug | By Email