Re: [secdir] [DMM] Secdir last call review of draft-ietf-dmm-ondemand-mobility-15
Daniel Migault <daniel.migault@ericsson.com> Fri, 15 February 2019 23:40 UTC
Return-Path: <daniel.migault@ericsson.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 91DD4131205 for <secdir@ietfa.amsl.com>; Fri, 15 Feb 2019 15:40:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.29
X-Spam-Level:
X-Spam-Status: No, score=-4.29 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com header.b=SeoBBtGJ; dkim=pass (1024-bit key) header.d=ericsson.com header.b=Yrav6J4D
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h2uUqcLAHbp5 for <secdir@ietfa.amsl.com>; Fri, 15 Feb 2019 15:39:55 -0800 (PST)
Received: from sesbmg23.ericsson.net (sesbmg23.ericsson.net [193.180.251.37]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1F079131151 for <secdir@ietf.org>; Fri, 15 Feb 2019 15:39:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/relaxed; q=dns/txt; i=@ericsson.com; t=1550273984; x=1552865984; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:CC:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=jg9Wew5jJ/Roiey28kQHDKc2IqSNOJXo2LSVIScGgk8=; b=SeoBBtGJGXvsW5CnCJ8FTh+Vgl4ruFxhhc6mIrtKmA8rcp4n5cywJM45Y/ir6IN6 PhFZSopQPSzs72k3vU8frnMwE2KDuZGrKzF5KVatLNhDjy2IUG72/GaY/f0FGlMU oF8XIQXwJFv35DouO3RKCxXkhkAodu/BYN8bBsIamWg=;
X-AuditID: c1b4fb25-da1ff70000005ff7-91-5c674dc04c45
Received: from ESESSMB505.ericsson.se (Unknown_Domain [153.88.183.123]) by sesbmg23.ericsson.net (Symantec Mail Security) with SMTP id BF.D1.24567.0CD476C5; Sat, 16 Feb 2019 00:39:44 +0100 (CET)
Received: from ESESSMR503.ericsson.se (153.88.183.112) by ESESSMB505.ericsson.se (153.88.183.166) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3; Sat, 16 Feb 2019 00:39:43 +0100
Received: from ESESSMB505.ericsson.se (153.88.183.166) by ESESSMR503.ericsson.se (153.88.183.112) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3; Sat, 16 Feb 2019 00:39:42 +0100
Received: from NAM02-CY1-obe.outbound.protection.outlook.com (153.88.183.157) by ESESSMB505.ericsson.se (153.88.183.166) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3 via Frontend Transport; Sat, 16 Feb 2019 00:39:42 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jg9Wew5jJ/Roiey28kQHDKc2IqSNOJXo2LSVIScGgk8=; b=Yrav6J4DDc9hT+70mJ3KH8fofIWi1QdGvbw2QR4HwLoExmlhvcd4GXtD285Y7gc5dVsLi9ylyXi6BtejV7YHEDiDnahCdTp28/WjdMp+yI/a5DgO93AtWHYNjkflxGc2za3OeRF7YTxpakX82nfH3VAGsPo+TRMolzcJDFHEbnY=
Received: from BN8PR15MB3090.namprd15.prod.outlook.com (20.178.221.213) by BN8PR15MB3489.namprd15.prod.outlook.com (20.179.76.143) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1622.16; Fri, 15 Feb 2019 23:39:38 +0000
Received: from BN8PR15MB3090.namprd15.prod.outlook.com ([fe80::592:2ca9:ed41:b420]) by BN8PR15MB3090.namprd15.prod.outlook.com ([fe80::592:2ca9:ed41:b420%4]) with mapi id 15.20.1622.018; Fri, 15 Feb 2019 23:39:38 +0000
From: Daniel Migault <daniel.migault@ericsson.com>
To: "Moses, Danny" <danny.moses@intel.com>, "secdir@ietf.org" <secdir@ietf.org>
CC: "draft-ietf-dmm-ondemand-mobility.all@ietf.org" <draft-ietf-dmm-ondemand-mobility.all@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>, "dmm@ietf.org" <dmm@ietf.org>, "mglt.ietf@gmail.com" <mglt.ietf@gmail.com>
Thread-Topic: [DMM] Secdir last call review of draft-ietf-dmm-ondemand-mobility-15
Thread-Index: AQHUrqDqIVG+1Oi8y0SXiju3hVFS06XhhbHA
Date: Fri, 15 Feb 2019 23:39:37 +0000
Message-ID: <BN8PR15MB3090DA22E91DA6E0936493EDE3600@BN8PR15MB3090.namprd15.prod.outlook.com>
References: <154760741387.10854.10303591799017138670@ietfa.amsl.com> <F0CF5715D3D1884BAC731EA1103AC281441C1044@HASMSX106.ger.corp.intel.com>
In-Reply-To: <F0CF5715D3D1884BAC731EA1103AC281441C1044@HASMSX106.ger.corp.intel.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=daniel.migault@ericsson.com;
x-originating-ip: [70.80.131.240]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: d0c4e309-bca3-42b8-3ff0-08d6939ed964
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600110)(711020)(4605077)(2017052603328)(7153060)(7193020); SRVR:BN8PR15MB3489;
x-ms-traffictypediagnostic: BN8PR15MB3489:
x-ms-exchange-purlcount: 12
x-microsoft-exchange-diagnostics: 1;BN8PR15MB3489;23:/Oz8UKONX3i0od+v1gI6zPvoIM6vUmHLZvoKcZfVEQhSge+tpmYYLpupFYdrnxGLbl9J5hox3umJ41HT5x/uG2aTvb2DuVNMps2IkMADy/G3pPel1sz8rsMFmLk9ot9pAnWF5SKHD3/4QCPUnCINWnIK9uDacfasNkMszPbd45Q5w/5ndiHQKYOWDtBHyHdyx/lp+1QHFTB0zb36NwmGaCE4pYk8exfFRjWEi4+wq5fKQAx+wJySS8/wKCcfaLD0JQ9MOYdt2YrBvJmXjp43/Yq/hYcfc4mxqzIS/4xTyAMCX/V4zvDMXiji242htzZlilGCEe3tV8xIMd5UaocO2uB59a/rpqVrtDtLX6DcLGKxIHem6yrw7p7PRyGU1Ai02KvCI2rfeqMn2h1Y/J4IXsUJhurcF111dPgVdiZCl4fxhBA3HZfzMFP1UpY8IrDszn6dhv8nf6hDN6F13sf84FchYUm0FLZ6vky4RyqIuD6HdGflQniJZEq8jxOgpyKW6QC02BWeOE3Uvj46qTGymnN1OwNzdq9NOpdSTUX1QGbPPNOPGOic50Rz0FLfo1gmZVXhrcQa/XlxEzycOutmTGa1e1ZwjCuM+gLCWeD+lffB2uJrNvD/NsJfr4XUsTEehIv7KMW62nTmEr0kvCVJ1WWno/5ZzN+5viB+K9bMLTPld0gXASzZzXVh6uTpjTGtUmVFihV7pkNucIPw3/xzXfL85zBYGVvVlQDNp6NzGWyayg2Jjpb8G7pkY55BItHP+GfM4ZhDIe2ZJ8vkRp2oa61ANvFVY2tUH9o1Ch+RQR3i2tA86E9ZKEEaLi6p02kGD5SRdc4jYK+ow2hQZhKbUTrAqlEynecd+1FO+eh8FjdzWAuS3GDAD19rndxa7EQBlyBhKFercPgPh4V+9MIRXWSvu33RRky4sivmhho3S0oanSGHboFzmM2TuOPAglDxxKAFBHdWYPMpY6jncwymycPze/koNZl4gYRqs+fCKL23n5/mcpFciO0Z+5O5pBsWopsJGxtXU/v1OqcI0mFMOGdm/onlSR9I/r4M5Pt1Elde2aXXpXdYwC+QGB2WMAx+JwpLkt9F9vpHy4AxBQDL97JI9gbCHJdQlzV10ABQlt1Af5qW+foXaliTzW+0s1khcBhuiws176UI3U7HO1igo4EZUbA4hl7uwg6l8JFto0GlHYEiSE4l7f6Vz/M4IIDt5Vb4AVCExStuuvlj2CcGzuZ4lYlOz/JG78pPWFscRpD3K0fMnfGrThCK09V5iziZSl/H7+wWXdkC5+6mK6vphFt7VodLGrzRYMvmZtxUxuA6rZr92Ym84HmYuE8x0ypLCH86/QOCW/R0eJqEmuIkpU3Q1ZRKjcHUzE7mKonwYrGSFp6/xYU6Fhm7yHCishItqPCYU2npH761Zc3csucZn3Dpn0/OHPBAMjWEZjU/rxh7ZYGIX9NNKLoK+AM9UNfZiOgXd8Tyizu+5qlbGwBtTegPQwmpo91Vbyq8b2eKPEAZTU4yImgzwcweKin/b5Q/YYRjSJc2+S8ZByTW6wGWf8Wkp/dpP1B/aE772b4hAQLBPwSnxWUoz0bRUs+sXNyhPHbroJaoLaAtwB3MwQ5VdA==
x-microsoft-antispam-prvs: <BN8PR15MB3489E5FE174906F8F4B9AC2BE3600@BN8PR15MB3489.namprd15.prod.outlook.com>
x-forefront-prvs: 09497C15EB
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(376002)(396003)(366004)(136003)(39860400002)(346002)(15374003)(51914003)(51444003)(13464003)(199004)(189003)(30864003)(66066001)(486006)(110136005)(316002)(25786009)(99286004)(86362001)(7696005)(102836004)(53546011)(6506007)(26005)(54906003)(71200400001)(71190400001)(6246003)(66574012)(53936002)(4326008)(186003)(44832011)(476003)(11346002)(76176011)(14454004)(478600001)(966005)(106356001)(2501003)(33656002)(9326002)(81166006)(8676002)(8936002)(3846002)(7736002)(74316002)(6116002)(790700001)(81156014)(68736007)(229853002)(446003)(105586002)(606006)(54896002)(236005)(55016002)(6306002)(9686003)(5024004)(6436002)(14444005)(256004)(2906002)(97736004)(114624004)(53946003)(5660300002)(579004)(559001)(569006); DIR:OUT; SFP:1101; SCL:1; SRVR:BN8PR15MB3489; H:BN8PR15MB3090.namprd15.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: IirkJKMJ7TA5DZiiJHRv2T3lk9TeJDdvyrKMQhEoEKWptIq6IOnXNx1W6QEd/pI/7qcfVPMQM0kdZp1Fz7gUQV7p3WgHOZzC/mnFPsY1XNAeU/dG+kWaSPDNCjIh/Iri19C+xzLs3ZKFkP0q77rKUEOVt+4qDIu2c7111XOX1fQLLvD6oyW1LQCzvDlyRMjzGH9mZdWGXjNyoebsXTDGKpkf/m98xJWRXAmmFkcp649jNoMNAaef5gcHDMmxvzjR1Drrl+Xjrl+hFxmRDjiosR30qcnOfcbcaXL3SLfsdfGyTchSBmIoBP07l5FhEBmJi0ByubbmMNiCEuyxc05zLc/l472Erd8sAsNuEFcek4Uy0ibBOmYwZVCGkBO4DU0ypJs7j+iATR8iKobcFLlBG43AKF/SHpxVpY/BwLW1dqg=
Content-Type: multipart/alternative; boundary="_000_BN8PR15MB3090DA22E91DA6E0936493EDE3600BN8PR15MB3090namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: d0c4e309-bca3-42b8-3ff0-08d6939ed964
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Feb 2019 23:39:37.9174 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN8PR15MB3489
X-OriginatorOrg: ericsson.com
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrMKsWRmVeSWpSXmKPExsUyM2J7te4B3/QYg5+fxSxunHrBanH/UY3F 33VPmS2ebZzPYrHrsbvFh4UPWRzYPHbOusvusWTJTyaPxXteMgUwR3HZpKTmZJalFunbJXBl LHr1l63gyRyhimONaxkbGF88EOxi5OCQEDCRmPPOpYuRi0NI4AijROuhblYI5xujxKoXHcxw zoz/Z6AyS5gk9nx9D+awCExgluh8+4gdIjOFSWLportsEM4DRomeBxMZuxg5OdgEjCTaDvWz g9giAoESZz/cZAQpYha4xijx4NhaJpCEsECwxMJJjcwQRSESS3rOQtlGEk9uXGIBsVkEVCX6 Th8GG8orECMx6dwaFohtfYwSC05MZQf5iROoedkXG5AaRgExie+n1oDNZxYQl7j1ZD6YLSEg ILFkz3lmCFtU4uXjf6wQ9XES3z72QMUVJd7sXMMKYctKXJrfzQhh+0qcuvkL7EsJgZuMEncn vYcaqiXx7Nk9Vki4SktsPJEMUXNLVOLX5h1QzdkS877/gBoqIzH912rmCYx6s5DcB2HnS+w9 voZ5FtifghInZz5hmQU0lllAU2L9Ln2IEkWJKd0P2SFsDYnWOXPZkcUXMLKvYhQtTi1Oyk03 MtZLLcpMLi7Oz9PLSy3ZxAhMWge3/FbdwXj5jeMhRgEORiUe3s+y6TFCrIllxZW5hxglOJiV RHjDvYFCvCmJlVWpRfnxRaU5qcWHGKU5WJTEef8ICcYICaQnlqRmp6YWpBbBZJk4OKUaGP1P +0wzvBq2oVT/481ihztTzq7P7fr5Ye7dt9XOv3+7bnQw1D51N8r4oM6lQxd0G2+tMJkuOXlp /eN1xi5r9ric5jixaqETX4KNvnXEg9nFStwnkrOmNixvXy2/OlyYPzpnnrbnXm+dOfbHbmz8 0HDxbIaX8IwHcjcN1E/obLkVZZDi2aUi9UaJpTgj0VCLuag4EQCAia+fVgMAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/ojRge8y9Oxxy_pfPQwhqpmuN_bU>
Subject: Re: [secdir] [DMM] Secdir last call review of draft-ietf-dmm-ondemand-mobility-15
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Feb 2019 23:40:09 -0000
Hi, Thanks for the responses. I missed your email and dig for it while reviewing version 16. Please find my comments inline. Overall your responses addressed my concerned, but I am still thinking that the Security Considerations section could be completed. Feel free to let me know what you think. Yours, Daniel From: Moses, Danny <danny.moses@intel.com> Sent: Thursday, January 17, 2019 3:11 PM To: Daniel Migault <daniel.migault@ericsson.com>; secdir@ietf.org Cc: draft-ietf-dmm-ondemand-mobility.all@ietf.org; ietf@ietf.org; dmm@ietf.org Subject: RE: [DMM] Secdir last call review of draft-ietf-dmm-ondemand-mobility-15 Daniel, Thanks for a very thorough review and the detailed comments. I appreciate your invested time. There were one or two comments I did not fully understand. I have used many of them to improve the document. There were some which I thought differently and provided by reasoning. Please see my detailed response below. Thanks and regards, Danny 1. “inefficiencies” seem too vague… I am adding a reference to RFC 7333 that describe these inefficiencies in section 4. <mglt>Thanks that is clearer to me.</mglt> 1. Use “IP session continuity” rather than “session continuity” The original definition was “IP session continuity”. However, Brian Haberman in the early review commented that this term is confusing since the IP layer is not a session layer and thus, “IP Session” is not defined. To resolve this, we agreed to change “IP session continuity” to “session continuity” in version 15 of this draft. I feel comfortable with any of these definitions, so if the reviewers can agree on a term, I will adopt it. In any case, I believe the text clearly describe the behavior of the network. <mglt>The text is clear.</mglt> 1. Recommended reordering of the text in section 1. I did not understand the recommended order, that is, which paragraph needs to be moved to which place. Please help clarify this comment. <mglt> Well I think the introduction could be better articulated. But as it seems I am the only one raising the concern, I guess that is fine. What I meant was to have it as follows: Mobile IP is designed to provide both session continuity and IP address reachability to mobile hosts. Architectures utilizing these protocols (e.g., 3GPP, 3GPP2, WIMAX) ensure that any mobile host attached to the compliant networks can enjoy these benefits. Any application running on these mobile hosts is subjected to the same treatment with respect to session continuity and IP address reachability. Achieving session continuity and IP address reachability with Mobile IP incurs some cost. Mobile IP protocol forces the mobile host's IP traffic to traverse a centrally-located router (Home Agent, HA), which incurs additional transmission latency and use of additional network resources, adds to the network CAPEX and OPEX, and decreases the reliability of the network due to the introduction of a single point of failure [RFC7333]. Therefore, session continuity and IP address reachability SHOULD be provided only when necessary. It should be noted that in reality not every application may need these benefits. IP address reachability is required for applications running as servers (e.g., a web server running on the mobile host). But, a typical client application (e.g., web browser) does not necessarily require IP address reachability. Similarly, session continuity is not required for all types of applications either. Applications performing brief communication (e.g., ping) can survive without having session continuity support </mglt> 1. Replace ‘ping’ with a more useful application as an example. Use text messaging instead. <mglt>I believe that is a more convincing example.</mglt> 1. Split the feature versus its implementation should be done in a similar manner for both session continuity and reachability to ease reading. After giving it some thought, I tend to think differently. This is the Introduction section and as such should be short. I do not think the splitting is needed to understand the rest of the document. I prefer to keep this section short. <mglt>I agree with you. What confused at first was the session continuity.</mglt> 1. Add a paragraph that indicates the address reachability can be performed by applications using other means than IP reachability. I do not think this is required. The motivation of this Introduction is to convince the reader that there is a benefit from enabling applications to indicate their requirements from the mobile network, rather than getting the full service support. I think the message is clear as it is. <mglt>I agree for the same as above. To me I believe what would have been very convincing is an approach where we mention what application need rather than what they do not need. But again that is more related to the presentation.</mglt> 1. Add a reference to RFC 5014 and the usage of home and care-of addresses. Actually, for mobile IP, this document is not required. If the mobile host supports mobile IP, it can enable applications to select either a home address or a care-of address to use for the IP connection and by that, use or choose not to use mobility services prided by the mobile network. This document addresses the case where the network provide these services by proxy and thus, provides the full mobility service regardless of whether or not they are needed. For proxy services, we need a way for applications to express their true needs and for the network stack to convey these needs to the network. <mglt>In my opinion – and not being an mobility expert – the addition of the text in the introduction would be great. </mglt> 1. Indicate ‘on demand’ in the Introduction. I thought this is clear from the fact that each application indicates it mobility service requirements. As applications could be launched separately from each other with possible large time gaps, on-demand is deducted. But to be on the safe side, I will add ‘on demand’. <mglt>ok.</mglt> 1. In the several definitions of types IP address in section 3 replace ‘guarantee’ with ‘remains’ I prefer ‘guarantee’ because it better indicates the commitment of the network to preserve the address. <mglt>ok, I am not English native, so your choice is more appropriated. However I got that guarantee comes with more commitment.</mglt> 1. A suggestion regarding the definition of Non-persistent IP address. I did not quite understand this suggestion. Something to do with Home Address and mobile IP. However, I believe the definition of Non-persistent IP address in this section is good as it is. <mglt>I was wondering how different the address could be from a care-of-address. Again my confusion was that I considered the host a MIP node.</mglt> 1. There are additional comments regarding mobile IP. As I indicated before, this document is not about mobile IP where the mobile host has control over the selection of care-of versus Home addresses. It is about proxy solutions, in which the mobile host does not have any control over the mobility service because it is done by-proxy by the network. <mglt>Exactly. I apology for not catching this.</mglt> 1. Need to mention the overlaps of the address types. Yes, there are overlaps but I do not see why mentioning them helps. <mglt>that was more for the selection.</mglt> 1. List the different address types in the same order in all sections to ease the reading. I agree. Changing the order in section 3.3. <mglt>ok,that was a nit.</mglt> 1. A comment about having the application request the minimal capability and the network automatically providing the next level if it cannot fulfill this minimal level. This is a point we considered along with enabling applications to request several levels in parallel and letting the network select the most preferable one. After some evaluation, we decided that this flexibility is counter-productive and it is best to specify a specific service type, and expect it to either be fulfilled or have the request fail. This way, no ‘smart’ decisions are made automatically by the network. Remember however, that the application requests the service from the network stack, and the network stack requests it from the network. We do not provide any restrictions on the implementations of network stacks. Some could perform caching of network capabilities, and select to respond to applications without interacting with the network. <mglt>ok.</mglt> 1. Another comment about the behavior of the API, assuming a request might not be fulfilled without resulting in an error response. So as I described previously, API requests that cannot be fulfilled exactly as specified, result with an error response. <mglt>got it.</mglt> 1. A question about the ON_NET flag. Yes, your understanding is correct. <mglt>😉</mglt> 1. Request an example with the ON_NET flag. There could be other examples as well. There are all kinds of cases that could be presented. There is a trade-off between the size of an RFC and a text book. We thought it would be useful to provide an example of a non-trivial case and leave other cases to future text books and tutorials. <mglt>agree</mglt> 1. OnDeman versus On Demand versus On-Demand. Be consistent. I agree. Will be fixed. <mglt>ok</mglt> 1. IP v6 versus IPv6. Be consistent. I agree. Will be fixed. <mglt>ok</mglt> 1. Describe the mechanism in which the address type is indicated by the network to the host. Unfortunately I cannot. Such a mechanism does not exist at the moment. We are working on that as well. <mglt>not sure we should not mention that is ongoing work as well as possible directions.</mglt> 1. In section 5.2, need to describe how the new IP stack needs to behave when an application that does not support On-Demand opens initiates a network connection. ‘legacy manner’ is not a good description. The next paragraph in this section does exactly that. Describes how the IP stack should interact with the network. <mglt>ok. I believe what was unclear to me was that I expected legacy to include MIP nodes. </mglt> 1. Place the statement about networks supporting or not supporting On-Demand functionality in the introduction. I prefer not to do that. I am trying to keep the Introduction short and crisp. Listing all use-cases, backwards compatibility and other details – for that we have the rest of the document. The ‘Introdcution’ in my opinion should only provide information to help the reader decide it it should continue reading the document or not. <mglt>This is clear to me know.</mglt> 1. The description regarding the use-case of using both setsockopt() and setsc()/bind() is hard to read. Clarify. OK. I will try to simplify it. By the way, your understanding is correct. <mglt>That was a nit.</mglt> 1. A comment about the placement of the flags and address types. I did not quite get this comment. I would like to clarify that we are providing the Socket API as an example to clarify the concept. We expect other standard bodies to use this document to specify the exact implementation in different programming languages. <mglt>I envisioned that FLAGS are the standard way applications will use to communicate their need to the OS. This is not an IANA registry, but I would have expected to have the list defined in a header file.</mglt> 1. Security threats. I would like some clarification about these threats. My understanding is that these threats are relevant to the protocol use by the mobile host (or specifically its IP stack) to interact with the network to convey the desired mobility service, and receive the granted service. But this document does not define these protocols. It defines the On-Demand concept and the features needed by the API between applications and the network stack. Shouldn’t these threats be described in the specification of the protocol between the mobile host and network? <mglt>I believe that the threats apply to the ability to request different types of addresses as well as the information leaked by the IP address regarding the application. The protocol between the mobile host and the network will also have to mention some of these threats, but these are primarily associated to the ability to select some IP addresses with different functionalities. More especially, The document describes how applications provides the OS their requirements in order to select the appropriated IP address. The resource are associated to different costs. While the cost is primarily on the operator side, it is likely that usage by the mobile node comes with some restrictions, limitation or direct cost. Typically, some type of IP address may be provided by the operator for a limited number of bytes upon which the IP address type will not be available to the mobile node or may be charged. A malicious application may use these limitations to generate extra billing of the mobile node or to prevent the usage of some applications by exhausting the expected type of IP address. <mglt>I believe the threat here is that a malicious application can select an IP address with more expensive categories. This seems to me related to the On-Demand concept. Do you think otherwise ?</mglt> In order to prevent such scenario, the mobile node SHOULD be able to authorize specific PI address types to privilege application. With these new types of IP addresses, the IP address leaks some connectivity requirements of the application. This also means that additional information is provided to the destination which could reveal to a passive monitoring attacker some information such as the type of application and the application itself even though the packet is protected by IPsec or TLS. <mglt>I believe the threat here is that IP address do not only carry information about the destination but also about the functionalities expected by the application. This seems to me related to the On-Demand concept. Do you think otherwise ?</mglt> To avoid profiling an application according to the type of IP addresses, it is expected that prefixes provided by the operator are associated to various type of addresses over time. As a result, the type of address could not be associated to the prefix, making application profiling based on the type of address harder. Application using multiple type of IP addresses to avoid being profiled is likely to create some patterns. So that remains a hard problem to solve by the application. The usage of a fixed IP address, enables tracking the mobile node, or its application over time. This is a similar problem as the one encountered with Public IP addresses. The usage of the Fixed IP addresses should be limited. <mglt>I believe the threat here is related to the selection of a fixed IP address. This seems to me related to the On-Demand concept in the sense that if you can deal with non persistent that may be better.</mglt> To limit the effect of IP tracking, the application or the OS should ensure that IP addresses regularly change to limit IP tracking by a passive observer. The application should regularly set the On Demand flag. The application should be able to ensure that session lasting IP address are regularly changed by setting a lifetime for example handled by the application. In addition, the application should consider the use of graceful replacement IP addresses. Similarly, the OS may also associated IP addresses with a lifetime. Upon receiving a request for a given type of IP address, after some time, the OS should request a new address to the network even if it already has one IP address available with the requested type. This includes any type of IP address. Addresses of type graceful replacement or non persistent IP addresses should be regularly renewed by the OS. The lifetime of an IP address may be expressed in number of seconds or in number of bytes sent through this IP address. Session lasting IP address could be used to avoid tracking and should be preferred. However, there should be a way to specify between one session lasting or if the IP address can last multiple sessions. </mglt> One additional nit: // LAsting source IP address -----Original Message----- From: dmm [mailto:dmm-bounces@ietf.org] On Behalf Of Daniel Migault Sent: Wednesday, January 16, 2019 04:57 To: secdir@ietf.org<mailto:secdir@ietf.org> Cc: draft-ietf-dmm-ondemand-mobility.all@ietf.org<mailto:draft-ietf-dmm-ondemand-mobility.all@ietf.org>; ietf@ietf.org<mailto:ietf@ietf.org>; dmm@ietf.org<mailto:dmm@ietf.org> Subject: [DMM] Secdir last call review of draft-ietf-dmm-ondemand-mobility-15 Reviewer: Daniel Migault Review result: Not Ready Hi, I am the assigned Secdir reviewer for this draft. The Security Directorate (Secdir) reviews all IETF documents being processed by the IESG for the IETF Chair. Please treat these comments just like any other last call comments. Yours, Daniel On Demand Mobility Management draft-ietf-dmm-ondemand-mobility-15 Abstract Applications differ with respect to whether they need session continuity and/or IP address reachability. The network providing the same type of service to any mobile host and any application running on the host yields inefficiencies. <mglt> "inefficiencies" seems too vague to me and it could be clarified. Reading the abstract, it is unclear (to me) if the issue is on the application side or the network operator side. I guess this is the network side. It is also unclear the nature of the inefficiency. </mglt> This document describes a solution for taking the application needs into account by selectively providing session continuity and IP address reachability on a per- socket basis. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on January 27, 2019. Copyright Notice Copyright (c) 2018 IETF Trust and the persons identified as the document authors. All rights reserved. Yegin, et al. Expires January 27, 2019 [Page 1] Internet-Draft On Demand Mobility July 2018 This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Notational Conventions . . . . . . . . . . . . . . . . . . . 4 3. Solution . . . . . . . . . . . . . . . . . . . . . . . . . . 4 3.1. Types of IP Addresses . . . . . . . . . . . . . . . . . . 4 3.2. Granularity of Selection . . . . . . . . . . . . . . . . 6 3.3. On Demand Nature . . . . . . . . . . . . . . . . . . . . 6 3.4. Conveying the Desired Address Type . . . . . . . . . . . 7 4. Usage example . . . . . . . . . . . . . . . . . . . . . . . . 8 4.1. Pseudo-code example . . . . . . . . . . . . . . . . . . . 8 4.2. Message Flow example . . . . . . . . . . . . . . . . . . 10 5. Backwards Compatibility Considerations . . . . . . . . . . . 11 5.1. Applications . . . . . . . . . . . . . . . . . . . . . . 11 5.2. IP Stack in the Mobile Host . . . . . . . . . . . . . . . 12 5.3. Network Infrastructure . . . . . . . . . . . . . . . . . 12 5.4. Merging this work with RFC5014 . . . . . . . . . . . . . 12 6. Summary of New Definitions . . . . . . . . . . . . . . . . . 13 6.1. New APIs . . . . . . . . . . . . . . . . . . . . . . . . 13 6.2. New Flags . . . . . . . . . . . . . . . . . . . . . . . . 13 7. Security Considerations . . . . . . . . . . . . . . . . . . . 14 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 14 9. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 14 10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 14 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 14 11.1. Normative References . . . . . . . . . . . . . . . . . . 15 11.2. Informative References . . . . . . . . . . . . . . . . . 15 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 16 1. Introduction In the context of Mobile IP [RFC5563][RFC6275][RFC5213][RFC5944], the following two attributes are defined for IP service provided to mobile hosts: Session continuity: The ability to maintain an ongoing transport interaction by keeping the same local end-point IP address throughout the life-time of the IP socket despite the mobile host changing its Yegin, et al. Expires January 27, 2019 [Page 2] Internet-Draft On Demand Mobility July 2018 point of attachment within the IP network topology. The IP address of the host may change after closing the IP socket and before opening a new one, but that does not jeopardize the ability of applications using these IP sockets to work flawlessly. Session continuity is essential for mobile hosts to maintain ongoing flows without any interruption. <mglt> Session continuity can be provided at multiple layers thus I would recommend for clarity to change session continuity to IP session continuity and insists that this is being provided at the IP layer. Not that IP is sessionless, so here session seems similar to reachability but 'orchestrated' by a higher session protocol. The difference I see is that reachability is a commitment (by the ISP) for not changing the IP address while with session continuity the commitment is related to the use of the IP address. In other words, with a limited period of time. </mglt> IP address reachability: The ability to maintain the same IP address for an extended period of time. The IP address stays the same across independent sessions, and even in the absence of any session. The IP address may be published in a long-term registry (e.g., DNS), and is made available for serving incoming (e.g., TCP) connections. IP address reachability is essential for mobile hosts to use specific/ published IP addresses. Mobile IP is designed to provide both session continuity and IP address reachability to mobile hosts. Architectures utilizing these protocols (e.g., 3GPP, 3GPP2, WIMAX) ensure that any mobile host attached to the compliant networks can enjoy these benefits. Any application running on these mobile hosts is subjected to the same treatment with respect to session continuity and IP address reachability. <mglt> My understanding of the text is that Mobile IP is expensive to deploy and I believe it would be easier for the reader to state it here before developing all mechanisms that have been designed to overcome session continuity in a different way. Thus I would put the following text right here: Achieving session continuity and IP address reachability with Mobile IP incurs some cost. Mobile IP protocol forces the mobile host's IP traffic to traverse a centrally-located router (Home Agent, HA), which incurs additional transmission latency and use of additional network resources, adds to the network CAPEX and OPEX, and decreases the reliability of the network due to the introduction of a single point of failure [RFC7333]. Therefore, session continuity and IP address reachability SHOULD be provided only when necessary. </mglt> It should be noted that in reality not every application may need these benefits. IP address reachability is required for applications running as servers (e.g., a web server running on the mobile host). But, a typical client application (e.g., web browser) does not necessarily require IP address reachability. Similarly, session continuity is not required for all types of applications either. Applications performing brief communication (e.g., ping) can survive without having session continuity support. <mglt> I believe that session continuity is the main motivation of the draft. Mentioning ping as an example is counter productive as I doubt this is the target application of the draft. Thus citing an application no one really wants could mean that we have not found any other application that do not need session continuity, which could be interpreted as every application needs session continuity at the IP layer. This is not the intention of the text, so we should find another example. Well I think reachability and session continuity are two different features. Applications may only need one of these features not both. In addition, application can provide these features at the IP layer layer or using other mechanisms. As a reason the use of Mobile IP is limited to applications that needs both features being performed at the IP layer which only concern a small fraction of applications. Reading the text above seems to take for granted that reachability is performed only at the IP layer. Splitting the feature versus its implementation should be done in a similar manner for both session continuity and reachability to ease the reading. </mglt> Achieving session continuity and IP address reachability with Mobile IP incurs some cost. Mobile IP protocol forces the mobile host's IP traffic to traverse a centrally-located router (Home Agent, HA), which incurs additional transmission latency and use of additional network resources, adds to the network CAPEX and OPEX, and decreases the reliability of the network due to the introduction of a single point of failure [RFC7333]. Therefore, session continuity and IP address reachability SHOULD be provided only when necessary. <mglt> This section should be moved up. Here it is splitting the discussion on session continuity and reachability, which is confusing. </mglt> Furthermore, when an application needs session continuity, it may be able to satisfy that need by using a solution above the IP layer, such as MPTCP [RFC6824], SIP mobility [RFC3261], or an application- layer mobility solution. These higher-layer solutions are not subject to the same issues that arise with the use of Mobile IP since they can utilize the most direct data path between the end-points. But, if Mobile IP is being applied to the mobile host, the higher- Yegin, et al. Expires January 27, 2019 [Page 3] Internet-Draft On Demand Mobility July 2018 layer protocols are rendered useless because their operation is inhibited by Mobile IP. Since Mobile IP ensures that the IP address of the mobile host remains fixed (despite the location and movement of the mobile host), the higher-layer protocols never detect the IP- layer change and never engage in mobility management. <mglt> The same paragraph should say the reachability can be performed by application using other means than IP reachability. </mglt> This document proposes a solution for applications running on mobile hosts to indicate whether they need session continuity or IP address reachability. The network protocol stack on the mobile host, in conjunction with the network infrastructure, provides the required type of service. <mglt> I assume that session continuity is only understood as IP session continuity and not the transport layer. </mglt> It is for the benefit of both the users and the network operators not to engage an extra level of service unless it is absolutely necessary. It is expected that applications and networks compliant with this specification will utilize this solution to use network resources more efficiently. <mglt> The introduction should also position it work regarding 5014. At the point it is not clear why the recommendations could not be such as: * when IP session reachability only is requires the application indicates a preference for Public IP addresses * when IP session continuity is needed the application sends a preference for home of address. * when none is required the application sends a preference for Care of Address. </mglt> <mglt> While on demand is mentioned in the title, it does not appear in the introduction. I believe the introduction should expose why there is a need to have this feature. </mglt> 2. Notational Conventions The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. 3. Solution 3.1. Types of IP Addresses Four types of IP addresses are defined with respect to mobility management. - Fixed IP Address A Fixed IP address is an address with a guarantee to be valid for a very long time, regardless of whether it is being used in any packet to/from the mobile host, or whether or not the mobile host is connected to the network, or whether it moves from one point-of- attachment to another (with a different IP prefix) while it is connected. <mglt> Thought english is not my first language, "guarantee" sounds a bit inappropriate. I might be wrong but the following text seems clearer to me: OLD: A Fixed IP address is an address with a guarantee to be valid for a very long time NEW: A Fixed IP address is an address that remains valid for a very long time </mglt> Fixed IP addresses are required by applications that need both session continuity and IP address reachability. <mglt> I think the document should clarify how this is different from a public address 5014. </mglt> - Session-lasting IP Address A session-lasting IP address is an address with a guarantee to be valid throughout the life-time of the socket(s) for which it was requested. It is guaranteed to be valid even after the mobile host had moved from one point-of-attachment to another (with a different IP prefix). <mglt> Similarly I would propose the following text: OLD: A session-lasting IP address is an address with a guarantee to be valid throughout the life-time of the socket(s) NEW: A session-lasting IP address is an address valid throughout the life-time of the socket(s) OLD: It is guaranteed to be valid even after NEW: It remains valid even after </mglt> Yegin, et al. Expires January 27, 2019 [Page 4] Internet-Draft On Demand Mobility July 2018 Session-lasting IP addresses are required by applications that need session continuity but do not need IP address reachability. <mglt> Home of Address provides IP reachability, but it is unclear if IP session continuity can be provided by other mechanisms that Mobile IP. If that were the case, it would be good to specify how this coudl be provided without IP reachability. </mglt> - Non-persistent IP Address This type of IP address has no guarantee to exist after a mobile host moves from one point-of-attachment to another, and therefore, no session continuity nor IP address reachability are provided. The IP address is created from an IP prefix that is obtained from the serving IP gateway and is not maintained across gateway changes. In other words, the IP prefix may be released and replaced by a new one when the IP gateway changes due to the movement of the mobile host forcing the creation of a new source IP address with the updated allocated IP prefix. <mglt> It woudl be good to position this toward the care of address. </mglt> - Graceful Replacement IP Address In some cases, the network cannot guarantee the validity of the provided IP prefix throughout the duration of the opened socket, but can provide a limited graceful period of time in which both the original IP prefix and a new one are valid. This enables the application some flexibility in the transition from the existing source IP address to the new one. This gracefulness is still better than the non-persistence type of address for applications that can handle a change in their source IP address but require that extra flexibility. <mglt> The classes defined above have overlaps. I believe that we have: Fixed IP Address \in Session-lasting IP Address \in Graceful Replacement IP Address \in Non-persistent IP Address I think that should be stated in the section. </mglt> Applications running as servers at a published IP address require a Fixed IP Address. Long-standing applications (e.g., an SSH session) may also require this type of address. Enterprise applications that connect to an enterprise network via virtual LAN require a Fixed IP Address. Applications with short-lived transient sessions can use Session- lasting IP Addresses. For example: Web browsers. Applications with very short sessions, such as DNS clients and instant messengers, can utilize Non-persistent IP Addresses. Even though they could very well use Fixed or Session-lasting IP Addresses, the transmission latency would be minimized when a Non- persistent IP Addresses are used. Applications that can tolerate a short interruption in connectivity can use the Graceful-replacement IP addresses. For example, a streaming client that has buffering capabilities. Yegin, et al. Expires January 27, 2019 [Page 5] Internet-Draft On Demand Mobility July 2018 3.2. Granularity of Selection IP address type selection is made on a per-socket granularity. Different parts of the same application may have different needs. For example, the control-plane of an application may require a Fixed IP Address in order to stay reachable, whereas the data-plane of the same application may be satisfied with a Session-lasting IP Address. 3.3. On Demand Nature At any point in time, a mobile host may have a combination of IP addresses configured. Zero or more Non-persistent, zero or more Session-lasting, zero or more Fixed and zero or more Graceful- Replacement IP addresses may be configured by the IP stack of the host. The combination may be as a result of the host policy, application demand, or a mix of the two. <mglt> Listing the different classes in the same order as the one of the definitions may ease the reading. </mglt> When an application requires a specific type of IP address and such an address is not already configured on the host, the IP stack SHALL attempt to configure one. For example, a host may not always have a Session-lasting IP address available. When an application requests one, the IP stack SHALL make an attempt to configure one by issuing a request to the network (see Section 3.4 below for more details). If the operation fails, the IP stack SHALL fail the associated socket request and return an error. If successful, a Session-lasting IP Address gets configured on the mobile host. If another socket requests a Session-lasting IP address at a later time, the same IP address may be served to that socket as well. When the last socket using the same configured IP address is closed, the IP address may be released or kept for future applications that may be launched and require a Session-lasting IP address. <mglt> I suspect the application is expected to request the type of IP with minimal capabilities. In some cases the OS may not have the requested type of address bu may have another type of addresses that could fulfill the application requirements. I believe the text should specify what should be done in this situation. I suppose the text will say that the host sends a request to the network. However, I suspect that allowing the OS to return higher capabilities would encourage the applications to send a minimal level of expectation so to maximize the probability of avoiding a interaction between the host and the network to request the specific type of IP address. </mglt> In some cases it might be preferable for the mobile host to request a new Session-lasting IP address for a new opening of an IP socket (even though one was already assigned to the mobile host by the network and might be in use in a different, already active IP sockets). It is outside the scope of this specification to define criteria for choosing to use available addresses or choosing to request new ones. It supports both alternatives (and any combination). It is outside the scope of this specification to define how the host requests a specific type of prefix and how the network indicates the type of prefix in its advertisement or in its reply to a request). The following are matters of policy, which may be dictated by the host itself, the network operator, or the system architecture standard: Yegin, et al. Expires January 27, 2019 [Page 6] Internet-Draft On Demand Mobility July 2018 - The initial set of IP addresses configured on the host at boot time. - Permission to grant various types of IP addresses to a requesting application. - Determination of a default address type when an application does not make any explicit indication, whether it already supports the required API or it is just a legacy application. 3.4. Conveying the Desired Address Type [RFC5014] introduced the ability of applications to influence the source address selection with the IPV6_ADDR_PREFERENCE option at the IPPROTO_IPV6 level. This option is used with setsockopt() and getsockopt() calls to set/get address selection preferences. Extending this further by adding more flags does not work when a request for an address of a certain type results in requiring the IP stack to wait for the network to provide the desired source IP prefix and hence causing the setsockopt() call to block until the prefix is allocated (or an error indication from the network is received). <mglt> One thing is the value of the flags, another thing is the behaviour of the API. So I understand that the new API provides more flexibility in the sense that a requirement that cannot be fulfilled does not necessarily end up in an error. Instead it can lead in an IP address that does not fulfill the application requirement. If that is correct, this is still something the application will have to deal with. IN one case, it will need to deal with an error, in the other case, with something that does not fulfill the requirements. If that is correct, I believe the benefit of it should be highlighted. </mglt> Alternatively a new socket API is defined - getsc() which allows applications to express their desired type of session continuity service. The new getsc() API will return an IPv6 address that is associated with the desired session continuity service and with status information indicating whether or not the desired service was provided. An application that wishes to secure a desired service will call getsc() with the service type definition and a place to contain the provided IP address, and call bind() to associate that IP address with the socket (See pseudo-code example in Section 4 below). When the IP stack is required to use a source IP address of a specified type, it can use an existing address, or request a new IP prefix (of the same type) from the network and create a new one. If the host does not already have an IPv6 prefix of that specific type, it MUST request one from the network. Using an existing address from an existing prefix is faster but might yield a less optimal route (if a hand-off event occurred after its configuration). On the other hand, acquiring a new IP prefix from the network may be slower due to signaling exchange with the network. Applications can control the stack's operation by setting a new flag - ON_NET flag - which directs the IP stack whether to use a Yegin, et al. Expires January 27, 2019 [Page 7] Internet-Draft On Demand Mobility July 2018 preconfigured source IP address (if exists) or to request a new IPv6 prefix from the current serving network and configure a new IP address. This new flag is added to the set of flags in the IPV6_ADDR_PREFERENCES option at the IPPROTO_IPV6 level. It is used in setsockopt() to set the desired behavior. <mglt> My understanding of the flag is that it forces the OS to request the network. This means that even if it already has teh desired IP address the ON_NET flag set will force the OS to re-ask. When unset, the decision to re-ask or not is let to the OS. IS that correct ? </mglt> 4. Usage example 4.1. Pseudo-code example <mglt> It would be good the example also shows the ON_NET flag. </mglt> The following example shows pseudo-code for creating a Stream socket (TCP) with a Session-Lasting source IP address: #include <sys/socket.h> #include <netinnet/in.h> // Socket information int s ; // socket id // Source information (for secsc() and bind()) sockaddr_in6 sourceInfo // my address and port for bind() in6_addr sourceAddress // will contain the provisioned // source IP address uint8_t sc_type = IPV6_REQUIRE_SESSION_LASTING_IP ; // For requesting a Session-Lasting // source IP address // Destination information (for connect()) sockaddr_in6 serverInfo ; // server info for connect() // Create an IPv6 TCP socket s = socket(AF_INET6, SOCK_STREAM, 0) ; if (s!=0) { // Handle socket creation error // ... } // if socket creation failed else { // Socket creation is successful // The application cannot connect yet, since it wants to use // a Session-Lasting source IP address It needs to request // the Session-Lasting source IP before connecting if (setsc(s, &sourceAddress, &sc_type)) == 0){ // setting session continuity to Session Lasting is // Successful. sourceAddress now contains the Session- // LAsting source IP address <mglt>s/LAsting/Lasting/gc</mglt> Yegin, et al. Expires January 27, 2019 [Page 8] Internet-Draft On Demand Mobility July 2018 // Bind to that source IP address sourceInfo.sin6_family = AF_INET6 ; sourceInfo.sin6_port = 0 // let the stack choose the port sourceInfo.sin6_address = sourceAddress ; // Use the source address that was // generated by the setsc() call if (bind(s, &sourceInfo, sizeof(sourceInfo))==0){ // Set the desired server's information for connect() serverInfo.sin6_family = AF_INET6 ; serverInfo.sin6_port = SERVER_PORT_NUM ; serverAddress.sin6_addr = SERVER_IPV6_ADDRESS ; // Connect to the server if (connect(s, &serverInfo, sizeof(serverInfo))==0) { // connect successful (3-way handshake has been // completed with Session-Lasting source address. // Continue application functionality // ... } // if connect() is successful else { // connect failed // ... // Application code that handles connect failure and // closes the socket // ... } // if connect() failed } // if bind() successful else { // bind() failed // ... // Application code that handles bind failure and // closes the socket // ... } // if bind() failed } // if setsc() was successful and of a Session-Lasting // source IP address was provided else { // application code that does not use Session-lasting IP // address. The application may either connect without // the desired Session-lasting service, or close the // socket... } // if setsc() failed } // if socket was created successfully // The rest of the application's code // ... Yegin, et al. Expires January 27, 2019 [Page 9] Internet-Draft On Demand Mobility July 2018 4.2. Message Flow example The following message flow illustrates a possible interaction for achieving OnDemand functionality. It is an example of one scenario and should not be regarded as the only scenario or the preferred one. <mglt>OnDemand versus On Demand versus On-Demand. The text should be consistent. </mglt> This flow describes the interaction between the following entities: - Applications requiring different types of OnDemand service. - The mobile host's IP stack. - The network infrastructure providing the services. In this example, the network infrastructure provides 2 IPv6 prefixes upon attachment of the mobile host to the network: A Session-lasting IPv6 prefix and a Non-persistent IPv6 prefix. Whenever the mobile host moves to a different point-of-attachment, the network infrastructure provides a new Non-persistent IPv6 address. In this example, the network infrastructure does not support Fixed IP addresses nor Graceful-replacement IP addresses. Whenever an application opens an IP socket and requests a specific IPv6 address type, the IP stack will provide one from its available IPv6 prefixes or return an error message if the request cannot be fulfilled. Message Flow: - The mobile device attaches to the network. - The Network provides two IPv6 prefixes: PREFsl1 - a Session-lasting IPv6 prefix and PREFnp1 - a Non-persistent IP v6 prefix. <mglt>IP v6/IPv6/gc</mglt> <mglt>It would ease the reading if the mechanism used to specify the Type of the address by the operator to the host being described - at least an example. </mglt> - An application on the mobile host is launched. It opens an IP socket and requests a Non-persistent IPv6 address. - The IP stack provides IPnp1 which is generated from PREFnp1. - Another application is launched, requesting a Non-persistent IPv6 address. - The IP stack provides IPnp1 again. - A third application is launched. This time, it requires a Session- lasting IPv6 address. <mglt>second ?</mglt> Yegin, et al. Expires January 27, 2019 [Page 10] Internet-Draft On Demand Mobility July 2018 - The IP stack provides IPsl1 which is generated from PREFsl1. - The mobile hosts moves to a new point-of-attachment. - The network provides a new Non-persistent IPv6 prefix - PREFnp2. PREFnp1 is no longer valid. - The applications that were given IPnp1 re-establish the socket and receive a new IPv6 address - IPnp2 which is generated from PREFnp2 - The application that is using IPsl1 can still use it since the network guaranteed that PREFsl1 will be valid even after moving to a new point-of-attachment. - A new application is launched, this time requiring a Graceful- replacement IPv6 address. - The IP stack returns setsc() with an error since the network does not support this service. - The application re-attempts to open a socket, this time requesting a Session-lasting IPv6 address. - The IP stack provides IPsl1. 5. Backwards Compatibility Considerations Backwards compatibility support is REQUIRED by the following 3 types of entities: - The Applications on the mobile host - The IP stack in the mobile host - The network infrastructure 5.1. Applications Legacy applications that do not support the OnDemand functionality will use the legacy API and will not be able to take advantage of the On-Demand Mobility feature. Applications using the new OnDemand functionality MUST be aware that they may be executed in legacy environments that do not support it. Such environments may include a legacy IP stack on the mobile host, legacy network infrastructure, or both. In either case, the API will return an error code and the invoking applications may just give up and use legacy calls. Yegin, et al. Expires January 27, 2019 [Page 11] Internet-Draft On Demand Mobility July 2018 5.2. IP Stack in the Mobile Host New IP stacks MUST continue to support all legacy operations. If an application does not use On-Demand functionality, the IP stack MUST respond in a legacy manner. <mglt> The legacy manner does not seems to be a standard way of behavior. It seems to me as the way the OS used to behave. I believe the draft shoudl be a bit more specific here. </mglt> If the network infrastructure supports On-Demand functionality, the IP stack SHOULD follow the application request: If the application requests a specific address type, the stack SHOULD forward this request to the network. If the application does not request an address type, the IP stack MUST NOT request an address type and leave it to the network's default behavior to choose the type of the allocated IP prefix. If an IP prefix was already allocated to the host, the IP stack uses it and may not request a new one from the network. 5.3. Network Infrastructure The network infrastructure may or may not support the On-Demand functionality. How the IP stack on the host and the network infrastructure behave in case of a compatibility issue is outside the scope of this API specification. <mglt> I believe that such statement should be made in the introduction with the addition of a list of potential mechanism to provide the type of IP addresses by the network. There is a need to have such mechanisms since the OS cannot derive the properties from the IP address itself. Which was teh case with Home of address, care of address, cga.... </mglt> 5.4. Merging this work with RFC5014 [RFC5014] defines new flags that may be used with setsockopt() to influence source IP address selection for a socket. The list of flags include: source home address, care-of address, temporary address, public address CGA (Cryptographically Created Address) and non-CGA. When applications require session continuity service and use setsc() and bind(), they SHOULD NOT set the flags specified in [RFC5014]. However, if an application sets a specific option using setsockopt() with one of the flags specified in [RFC5014] and also selects a source IP address using setsc() and bind() the IP address that was generated by setsc() and bound using bind() will be the one used by traffic generated using that socket and options set by setsockopt() will be ignored. <mglt>The sentence above is hard to read - at least to me. I suspect "the" is missing after "by". What the text says is that after bind setsockopt will be ignored. Correct ? </mglt> If bind() was not invoked after setsc() by the application, the IP address generated by setsc() will not be used and traffic generated by the socket will use a source IP address that complies with the options selected by setsockopt(). Yegin, et al. Expires January 27, 2019 [Page 12] Internet-Draft On Demand Mobility July 2018 6. Summary of New Definitions <mglt> Flags and address types should in my opinion be placed in evidence. (.h) </mglt> 6.1. New APIs setsc() enables applications to request a specific type of source IP address in terms of session continuity. Its definition is: int setsc(int sockfd, in6_addr *sourceAddress, sc_type addressType); Where: - sockfd - is the socket descriptor of the socket with which a specific address type is associated - sourceAddress - is a pointer to an area allocated for setsc() to place the generated source IP address of the desired session continuity type - addressType - Is the desired type of session continuity service. It is a 3-bit field containing one of the following values: 0 - Reserved 1 - FIXED_IPV6_ADDRESS 2 - SESSION_LASTING_IPV6_ADDRESS 3 - NON_PERSISTENT_IPV6_ADDRESS 4 - GRACEFUL_REPLACEMENT_IPV6_ADDRESS 5-7 - Reserved setsc() returns the status of the operation: - 0 - Address was successfully generated - EAI_REQUIREDIPNOTSUPPORTED - the required service type is not supported - EAI_REQUIREDIPFAILED - the network could not fulfill the desired request setsc() MAY block the invoking thread if it triggers the TCP/IP stack to request a new IP prefix from the network to construct the desired source IP address. If an IP prefix with the desired session continuity features already exists (was previously allocated to the mobile host) and the stack is not required to request a new one as a result of setting the IPV6_REQUIRE_SRC_ON_NET flag (defined below), setsc() MAY return immediately with the constructed IP address and will not block the thread. 6.2. New Flags The following flag is added to the list of flags in the IPV6_ADDR_PREFERENCE option at the IPPROTO6 level: IPV6_REQUIRE_SRC_ON_NET - set IP stack address allocation behavior Yegin, et al. Expires January 27, 2019 [Page 13] Internet-Draft On Demand Mobility July 2018 If set, the IP stack will request a new IPv6 prefix of the desired type from the current serving network and configure a new source IP address. If reset, the IP stack will use a preconfigured one if it exists. If there is no preconfigured IP address of the desired type, a new prefix will be requested and used for creating the IP address. 7. Security Considerations The setting of certain IP address type on a given socket may be restricted to privileged applications. For example, a Fixed IP Address may be provided as a premium service and only certain applications may be allowed to use them. Setting and enforcement of such privileges are outside the scope of this document. <mglt> I believe the text could describe the threat such recommendation is addressing. The document describes how applications provides the OS their requirements in order to select the appropriated IP address. The resource are associated to different costs. While the cost is primarily on the operator side, it is likely that usage by the mobile node comes with some restrictions, limitation or direct cost. Typically, some type of IP address may be provided by the operator for a limited number of bytes upon which the IP address type will not be available to the mobile node or may be charged. A malicious application may use these limitations to generate extra billing of the mobile node or to prevent the usage of some applications by exhausting the expected type of IP address. In order to prevent such scenario, the mobile node SHOULD be able to authorize specific PI address types to privilege application. With these new types of IP addresses, the IP address leaks some connectivity requirements of the application. This also means that additional information is provided to the destination which could reveal to a passive monitoring attacker some information such as the type of application and the application itself even though the packet is protected by IPsec or TLS. To avoid profiling an application according to the type of IP addresses, it is expected that prefixes provided by the operator are associated to various type of addresses over time. As a result, the type of address could not be associated to the prefix, making application profiling based on the type of address harder. Application using multiple type of IP addresses to avoid being profiled is likely to create some patterns. So that remains a hard problem to solve by the application. The usage of a fixed IP address, enables tracking the mobile node, or its application over time. This is a similar problem as the one encountered with Public IP addresses. The usage of the Fixed IP addresses should be limited. To limit the effect of IP tracking, the application or the OS should ensure that IP addresses regularly change to limit IP tracking by a passive observer. The application should regularly set the On Demand flag. The application should be able to ensure that session lasting IP address are regularly changed by setting a lifetime for example handled by the application. In addition, the application should consider the use of graceful replacement IP addresses. Similarly, the OS may also associated IP addresses with a lifetime. Upon receiving a request for a given type of IP address, after some time, the OS should request a new address to the network even if it already has one IP address available with the requested type. This includes any type of IP address. Addresses of type graceful replacement or non persistent IP addresses should be regularly renewed by the OS. The lifetime of an IP address may be expressed in number of seconds or in umber of bytes sent through this IP address. </mglt> Session lasting IP address could be used to avoid tracking and should be preferred. However, there should be a way to specify between one session lasting or if the IP address can last multiple sessions. </mglt> 8. IANA Considerations This document has no IANA considerations. 9. Contributors This document was merged with [I-D.sijeon-dmm-use-cases-api-source]. We would like to acknowledge the contribution of the following people to that document as well: Sergio Figueiredo Altran Research, France Email: sergio.figueiredo@altran.com<mailto:sergio.figueiredo@altran.com> Younghan Kim Soongsil University, Korea Email: younghak@ssu.ac.kr<mailto:younghak@ssu.ac.kr> John Kaippallimalil Huawei, USA Email: john.kaippallimalil@huawei.com<mailto:john.kaippallimalil@huawei.com> 10. Acknowledgements We would like to thank Wu-chi Feng, Alexandru Petrescu, Jouni Korhonen, Sri Gundavelli, Dave Dolson and Lorenzo Colitti for their valuable comments and suggestions on this work. 11. References Yegin, et al. Expires January 27, 2019 [Page 14] Internet-Draft On Demand Mobility July 2018 11.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, <https://www.rfc-editor.org/info/rfc2119>. [RFC5014] Nordmark, E., Chakrabarti, S., and J. Laganier, "IPv6 Socket API for Source Address Selection", RFC 5014, DOI 10.17487/RFC5014, September 2007, <https://www.rfc-editor.org/info/rfc5014>. 11.2. Informative References [I-D.sijeon-dmm-use-cases-api-source] Jeon, S., Figueiredo, S., Kim, Y., and J. Kaippallimalil, "Use Cases and API Extension for Source IP Address Selection", draft-sijeon-dmm-use-cases-api-source-07 (work in progress), September 2017. [RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., Peterson, J., Sparks, R., Handley, M., and E. Schooler, "SIP: Session Initiation Protocol", RFC 3261, DOI 10.17487/RFC3261, June 2002, <https://www.rfc-editor.org/info/rfc3261>. [RFC5213] Gundavelli, S., Ed., Leung, K., Devarapalli, V., Chowdhury, K., and B. Patil, "Proxy Mobile IPv6", RFC 5213, DOI 10.17487/RFC5213, August 2008, <https://www.rfc-editor.org/info/rfc5213>. [RFC5563] Leung, K., Dommety, G., Yegani, P., and K. Chowdhury, "WiMAX Forum / 3GPP2 Proxy Mobile IPv4", RFC 5563, DOI 10.17487/RFC5563, February 2010, <https://www.rfc-editor.org/info/rfc5563>. [RFC5944] Perkins, C., Ed., "IP Mobility Support for IPv4, Revised", RFC 5944, DOI 10.17487/RFC5944, November 2010, <https://www.rfc-editor.org/info/rfc5944>. [RFC6275] Perkins, C., Ed., Johnson, D., and J. Arkko, "Mobility Support in IPv6", RFC 6275, DOI 10.17487/RFC6275, July 2011, <https://www.rfc-editor.org/info/rfc6275>. [RFC6824] Ford, A., Raiciu, C., Handley, M., and O. Bonaventure, "TCP Extensions for Multipath Operation with Multiple Addresses", RFC 6824, DOI 10.17487/RFC6824, January 2013, <https://www.rfc-editor.org/info/rfc6824>. Yegin, et al. Expires January 27, 2019 [Page 15] Internet-Draft On Demand Mobility July 2018 [RFC7333] Chan, H., Ed., Liu, D., Seite, P., Yokota, H., and J. Korhonen, "Requirements for Distributed Mobility Management", RFC 7333, DOI 10.17487/RFC7333, August 2014, <https://www.rfc-editor.org/info/rfc7333>. Authors' Addresses Alper Yegin Actility Istanbul Turkey Email: alper.yegin@actility.com<mailto:alper.yegin@actility.com> Danny Moses Intel Corporation Petah Tikva Israel Email: danny.moses@intel.com<mailto:danny.moses@intel.com> Kisuk Kweon Samsung Suwon South Korea Email: kisuk.kweon@samsung.com<mailto:kisuk.kweon@samsung.com> Jinsung Lee Samsung Suwon South Korea Email: js81.lee@samsung.com<mailto:js81.lee@samsung.com> Jungshin Park Samsung Suwon South Korea Email: shin02.park@samsung.com<mailto:shin02.park@samsung.com> Yegin, et al. Expires January 27, 2019 [Page 16] Internet-Draft On Demand Mobility July 2018 Seil Jeon Sungkyunkwan University Suwon South Korea Email: seiljeon@skku.edu<mailto:seiljeon@skku.edu> Yegin, et al. Expires January 27, 2019 [Page 17] _______________________________________________ dmm mailing list dmm@ietf.org<mailto:dmm@ietf.org> https://www.ietf.org/mailman/listinfo/dmm --------------------------------------------------------------------- A member of the Intel Corporation group of companies This e-mail and any attachments may contain confidential material for the sole use of the intended recipient(s). Any review or distribution by others is strictly prohibited. If you are not the intended recipient, please contact the sender and delete all copies.
- [secdir] Secdir last call review of draft-ietf-dm… Daniel Migault
- Re: [secdir] [DMM] Secdir last call review of dra… Moses, Danny
- Re: [secdir] [DMM] Secdir last call review of dra… Daniel Migault