Re: SEND-based protection and related confusions (was RE: AR compromise(Re: [Mipshop] Review ofdraft-haddad-mipship-hmipv6-security-04))

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SEND-based protection and related confusions (was RE: AR compromise(Re: [Mipshop] Review ofdraft-haddad-mipship-hmipv6-security-04))

To: Lakshminath Dondeti <ldondeti at qualcomm.com>
Subject: Re: SEND-based protection and related confusions (was RE: AR compromise(Re: [Mipshop] Review ofdraft-haddad-mipship-hmipv6-security-04))
From: Jari Arkko <jari.arkko at piuha.net>
Date: Mon, 21 Aug 2006 15:28:40 +0300
Cc: mipshop at ietf.org
In-reply-to: <7.0.1.0.2.20060815082602.03db68b8@qualcomm.com>
List-help: <mailto:mipshop-request@ietf.org?subject=help>
List-id: mipshop.ietf.org
List-post: <mailto:mipshop@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/mipshop>, <mailto:mipshop-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/mipshop>, <mailto:mipshop-request@ietf.org?subject=unsubscribe>
References: <C24CB51D5AA800449982D9BCB90325130A1B82@NAEX13.na.qualcomm.com> <019001c6b5c2$70013cd0$496015ac@dcml.docomolabsusa.com> <44E1D06C.9030807@kolumbus.fi> <7.0.1.0.2.20060815082602.03db68b8@qualcomm.com>
User-agent: Mozilla Thunderbird 1.0.8 (X11/20060725)

Lakshminath Dondeti wrote:

> I started with 4140's security considerations; that seems like a good
> starting point.

I read the 4140 security considerations. They are indeed a good
starting point. I particularly liked the description of what
authorization is needed for regional care-of-address
allocation.

There were a few things that I started to wonder
about though, such as:

- How important in reality the service authorization part is?
  You could also view this as an IP level service that is
  simply available in this network. (4140 classifies this
  as a MAY requirement, which I agree with.)

- However, it may be important for the mobile node to
  get an assurance that the MAP is authorized to act
  as a MAP. And perhaps authorized to act as a MAP
  in THIS network?

  That is, do we need security for the discovery of the
  MAP? Or, how does the mobile node authorize the
  MAP? Is it enough that it is one of the trusted MAPs
  in the roaming consortium?

- Is there a privacy requirement with respect to
  disclosing regional care-of-addresses to other
  nodes in the domain (e.g. in a BU sent to a MAP)?

--Jari

_______________________________________________
Mipshop mailing list
Mipshop at ietf.org
https://www1.ietf.org/mailman/listinfo/mipshop

References:
- SEND-based protection and related confusions (was RE: AR compromise (Re: [Mipshop] Review ofdraft-haddad-mipship-hmipv6-security-04))
  - From: Narayanan, Vidya
- Re: SEND-based protection and related confusions (was RE: AR compromise(Re: [Mipshop] Review ofdraft-haddad-mipship-hmipv6-security-04))
  - From: James Kempf
- Re: SEND-based protection and related confusions (was RE: AR compromise(Re: [Mipshop] Review ofdraft-haddad-mipship-hmipv6-security-04))
  - From: Jari Arkko
- Re: SEND-based protection and related confusions (was RE: AR compromise(Re: [Mipshop] Review ofdraft-haddad-mipship-hmipv6-security-04))
  - From: Lakshminath Dondeti

Prev by Date: RE: [Mipshop] Re: How probable is compromise of an AR? (was: Re: SEND-based protection and related confusions )
Next by Date: [Mipshop] Re: How probable is compromise of an AR? (was: Re: SEND-based protection and related confusions )
Previous by thread: [Mipshop] Re: How probable is compromise of an AR? (was: Re: SEND-based protection and related confusions )
Next by thread: Re: SEND-based protection and related confusions (was RE: AR compromise (Re: [Mipshop] Review ofdraft-haddad-mipship-hmipv6-security-04))
Index(es):
- Date
- Thread

Re: SEND-based protection and related confusions (was RE: AR compromise(Re: [Mipshop] Review ofdraft-haddad-mipship-hmipv6-security-04))

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.