Re: security review of draft-ietf-mip6-ha-switch-03.txt

To: Jari Arkko <jari.arkko at piuha.net>, patrick cain <pcain at coopercain.com>
Subject: Re: security review of draft-ietf-mip6-ha-switch-03.txt
From: Brian Haley <brian.haley at hp.com>
Date: Tue, 18 Sep 2007 17:09:13 -0400
Cc: ietf at ietf.org, secdir at mit.edu, kempf at docomolabs-usa.com, Basavaraj.Patil at nsn.com, hdeng at hitachi.cn, iesg at ietf.org
In-reply-to: <46F00CCC.2020903@piuha.net>
List-help: <mailto:ietf-request@ietf.org?subject=help>
List-id: IETF-Discussion <ietf.ietf.org>
List-post: <mailto:ietf@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
Organization: Open Source and Linux Organization
References: <50B1CBA96870A34799A506B2313F26670B28F220@ntht201e.siemenscomms.co.uk><Pine.LNX.4.64.0702281042390.26408@penguin.csail.mit.edu><B2450D49-2FF2-49ED-A8B2-2C8B78A1E4FA@cisco.com><Pine.LNX.4.64.0703011207090.5028@penguin.csail.mit.edu><tslirdk3asy.fsf@cz.mit.edu><Pine.LNX.4.64.0705071228150.6212@penguin.csail.mit.edu> <Pine.LNX.4.64.0709130143550.24959@penguin.csail.mit.edu> <05a701c7fa19$0b056da0$6601a8c0@familyroom> <46F00CCC.2020903@piuha.net>
User-agent: Thunderbird 1.5.0.12 (X11/20070604)

Hi Jari, Patrick,

Jari Arkko wrote:

Thanks for your review, Patrick!
Comments inline:
I expect that the biggest risk of telling a mobile agent to use a new home agent is the threat of impersonation, i.e., moving home agents so as to insert a woman-in-the-middle. The document doesn't talk about this at all, only mentioning in the security considerations that a change agent command should be authenticated.
Yes. But the protocols used between mobile nodes and home agents
require authentication and authorization of both sides to act in their
roles. This applies even with the new home agent.
Perhaps a statement about this for the security considerations
section would be appropriate.

Sections 4.1 (sending) and 5.1 (receiving) do say that IPsec ESP is a MUST, is that not enough? Maybe there's some confusion over whether this is the same SA used for Binding Updates/Acks?

General Comments: - There are a bunch of places where something is defined/identified with no obvious explanation. For example, "section 7. Protocol Considerations", defines two timeout values. I wonder how they came up with the values?
Good question -- though I would expect any number to be
merely guidance that may get changed with implementation
and usage experience.

James Kempf originally came up with those values, but it was back in 2005, so I'm not sure of the reasoning. I think the goal was to just allow for 3 retries.

-Brian

_______________________________________________
Ietf mailing list
Ietf at ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

References:
- Re: security review of draft-ietf-mip6-ha-switch-03.txt
  - From: Jari Arkko

Prev by Date: Re: ULA-C (Was: Re: IPv6 will never fly: ARIN continues to kill it)
Next by Date: Re: ULA-C (Was: Re: IPv6 will never fly: ARIN continues to kill it)
Previous by thread: Re: security review of draft-ietf-mip6-ha-switch-03.txt
Next by thread: Re: ULA-C (Was: Re: IPv6 will never fly: ARIN continues to kill it)
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.

Re: security review of draft-ietf-mip6-ha-switch-03.txt

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.