[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [MEXT] using MR-HA tunnel vs. combining BU // Re: WGLC for draft-ietf-mext-nemo-pd-01.txt

To: Romain KUNTZ <kuntz at lsiit.u-strasbg.fr>
Subject: Re: [MEXT] using MR-HA tunnel vs. combining BU // Re: WGLC for draft-ietf-mext-nemo-pd-01.txt
From: Alexandru Petrescu <alexandru.petrescu at gmail.com>
Date: Mon, 15 Dec 2008 13:07:59 +0100
Cc: Julien Laganier <julien.laganier.ietf at googlemail.com>, mext <mext at ietf.org>
Delivered-to: ietfarch-mext-web-archive at core3.amsl.com
Delivered-to: mext at core3.amsl.com
In-reply-to: <D1D824BC-8AC3-4B9C-BDEA-65C67A6AB290 at lsiit.u-strasbg.fr>
List-archive: <http://www.ietf.org/pipermail/mext>
List-help: <mailto:mext-request@ietf.org?subject=help>
List-id: Mobile IPv6 EXTensions WG <mext.ietf.org>
List-post: <mailto:mext@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/mext>, <mailto:mext-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/mext>, <mailto:mext-request@ietf.org?subject=unsubscribe>
References: <491039B9.6090400 at it.uc3m.es> <200812111050.19715.julien.laganier.IETF at googlemail.com> <B940A02A-47C9-453F-9F6F-548DF4D84D5B at gmail.com> <200812121152.04045.julien.laganier.IETF at googlemail.com> <D1D824BC-8AC3-4B9C-BDEA-65C67A6AB290 at lsiit.u-strasbg.fr>
Sender: mext-bounces at ietf.org
User-agent: Thunderbird 2.0.0.18 (Windows/20081105)

Romain KUNTZ wrote:

Hi,

On 2008/12/12, at 11:52, Julien Laganier wrote:

On Thursday 11 December 2008, Ryuji Wakikawa wrote:

Actually, it's not only 3 round trip and is not optimizationproblem.. This is a big issue of DHCP-PD.
Let me explain the issue clearly.

According to the NEMO-DHCP-PD spec, before receiving a prefix, a
mobile router must create a tunnel with its HA.


There would be no issue at all with the MR being configured as both
a DHCP client and relay, and the HA as a DHCP server: the DHCP
messages would be unicasted bewteen MR and HA without tunneling.



Do you then suggest to do the prefix delegation procedure before the
 NEMO registration? I think this raises multiple issues.

First the DHCP relay would use the CoA as source address of the
message, but the DHCPv6 server may need to know the MR's HoA if it is
configured with static assignment of the MNP.


I see indeed a potential worry.  But in a DHCP deployment the DHCP
Server is not configured with the address of the Relay (nor of the
Client) - it simply replies to the address received as src field in the
Request - that could be the CoA.

Should be tried first I believe.

Furthermore, once the MR registers its allocated MNP to the HA, the
HA cannot verify that the MNP that is in the BU was the one that the
DHCP server allocated to that MR. To do so, the DHCP server would
need to give the HoA/MNP pair to the HA, so that it can perform a
check at registration.


Why would the HA need to verify the received MNP in the BU is the same
as the MNP sent in the DHCP Reply?

Is there anything wrong with a security model?

By using the MR-HA tunnel, the relay message is sent using the HoA.Also, the use of an IPsec tunnel will secure the message exchangebetween the MR and the HA.


I'm not sure about the security model (or threat analysis) here.  We
don't know the security analysis of the very first steps - the
bootstrapping.  If we use rfc5026 'split' bootstrapping with DNS then we
may have a flawed security chain prior to this DHCP PD exchange.

There may also be possible to say that if bootstrapping is used withIKEv2 and the HoA is assigned with it, then the MNP could too.


Alex

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.

For more information please visit http://www.messagelabs.com/email______________________________________________________________________

_______________________________________________
MEXT mailing list
MEXT at ietf.org
https://www.ietf.org/mailman/listinfo/mext

References:
- [MEXT] WGLC for draft-ietf-mext-nemo-pd-01.txt
  - From: marcelo bagnulo braun
- Re: [MEXT] using MR-HA tunnel vs. combining BU // Re: WGLC for draft-ietf-mext-nemo-pd-01.txt
  - From: Julien Laganier
- Re: [MEXT] using MR-HA tunnel vs. combining BU // Re: WGLC for draft-ietf-mext-nemo-pd-01.txt
  - From: Ryuji Wakikawa
- Re: [MEXT] using MR-HA tunnel vs. combining BU // Re: WGLC for draft-ietf-mext-nemo-pd-01.txt
  - From: Julien Laganier
- Re: [MEXT] using MR-HA tunnel vs. combining BU // Re: WGLC for draft-ietf-mext-nemo-pd-01.txt
  - From: Romain KUNTZ

Prev by Date: Re: [MEXT] using MR-HA tunnel vs. combining BU // Re: WGLC for draft-ietf-mext-nemo-pd-01.txt
Next by Date: Re: [MEXT] Removing bindings for IPv4 only - please comment
Previous by thread: Re: [MEXT] using MR-HA tunnel vs. combining BU // Re: WGLC for draft-ietf-mext-nemo-pd-01.txt
Next by thread: Re: [MEXT] using MR-HA tunnel vs. combining BU // Re: WGLC for draft-ietf-mext-nemo-pd-01.txt
Index(es):
- Date
- Thread