[Mipshop] Re: New revision of draft-ietf-mipshop-fmipv6-rfc4068bis

To: "Jari Arkko" <jari.arkko at piuha.net>

Subject: [Mipshop] Re: New revision of draft-ietf-mipshop-fmipv6-rfc4068bis

From: "Rajeev Koodli" <rajeev.koodli at gmail.com>

Date: Mon, 28 Jan 2008 10:03:54 -0800

Cc: Mipshop <mipshop at ietf.org>, draft-ietf-mipshop-fmipv6-rfc4068bis at tools.ietf.org

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; bh=qASFggrCWTfVzMYgdD8UAh8koYUQErMwq4/GJDj4kX0=; b=vswVewTYkBbElzqVlPJG7c/eN1Ef+O5TPnvLh1L7xvxbG/eNLIcBj7lUJD7H+RQDW4MX0sklszqTXdNCC5RPMYC+WxVzBs6lmx+ZjtUg3Ek/DljQ++oA6HxYpNh2xpaDdYfOa9iH/qS5ZQYzSr1Vb5jntPitR2Y97pFHCindJIM=

Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; b=f7Sc1kdVO6MxCYoJE7f9WdrjxZVQ7dorZscNV8EqR4Azu+W7V49IkRXswE9n6HEqEw/iiLNKC4dPIQKlrbTC+ncz6VcCsZeMFbrVxbjUie9gEzQIuVwQlADZ4jspuPkB0jtjn5z2nefpACy6FHzsHGNIqGv5r0qzhF9uQaVynDU=

In-reply-to: <479DD136.9060605@piuha.net>

List-help: <mailto:mipshop-request@ietf.org?subject=help>

List-id: mipshop.ietf.org

List-post: <mailto:mipshop@ietf.org>

List-subscribe: <https://www1.ietf.org/mailman/listinfo/mipshop>, <mailto:mipshop-request@ietf.org?subject=subscribe>

List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/mipshop>, <mailto:mipshop-request@ietf.org?subject=unsubscribe>

References: <C361CD57.1D418%rajeev.koodli@nokia.com> <478CC59E.2010004@piuha.net> <4790ED38.6010601@piuha.net> <3d57679a0801251147wd1d587fycfa2392fb3498881@mail.gmail.com> <479DD136.9060605@piuha.net>

On Jan 28, 2008 4:57 AM, Jari Arkko <jari.arkko at piuha.net> wrote:

Ok. Please make sure that you also handle the case where the proxy ND
operation fails due to a collision NOT in the cache.

Ok. I will reword.

> So, the issue is whether the MN which can provide an authenticated FBU
> could abuse the use of LLA? (That's what I can gather by "spoofing the
> LLA" in HI message).

Right. What is the LLA information used for?

The combination of LLA and NCoA is used to identify the MN.

Since we trust the MN to the extent that the FBU is authenticated, we also expect the LLA to be genuine.

This is similar to the MN, which otherwise has an SA with the HA, misbehaving which we have talked earlier. I can include this also in the Security Considerations if you want.

> The protocol a) allows a deployment to maintain duplicate-free
> addresses (by means beyond the scope of the protocol) and provides HI
> and HAck for exchange, b) states that it SHOULD only be used where the
> probability of collision is extremely low. This is specified in
> Section 5.5 and same holds above. Please let me know if you would like
> me to reword anything.

I thought that due to changes mentioned earlier in this e-mail, you now
are doing
proxy ND on behalf of mobile nodes, so you DO appear to specify a
mechanism for
providing duplicate-free addresses.

Proxy ND operation specification has been there for a long time..Note that the NAR defends the address once it is known to be duplicate-free. We do not specify how the NAR arrives at that resolution: it could be that it maintains a pool or by any other means.

I think that is required. If in addition you want to specify that in
environments
where the probability of collision is very low people can turn of DAD (by
setting DupAddrDetectTransmits to 0 per RFC 4862), that's fine. But it is
not fine to say that this protocol only works if there are no collisions.

No. It is designed for the most prevalent scenarios where there are no collisions (either due to the availability of duplicate-free addresses or due to the extremely low probability of address collisions). The recovery operations, in the extremely unlikely event of collisions, are described in the appendix.

> So, we could revert back to always having the HAO right?

Yes.

Okay.

Thanks,

-Rajeev

Jari

_______________________________________________ Mipshop mailing list Mipshop at ietf.org https://www1.ietf.org/mailman/listinfo/mipshop

[Mipshop] Re: New revision of draft-ietf-mipshop-fmipv6-rfc4068bis

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.