[Mip6] Summary of Justification for Alternative Authentication Option
Gopal Dommety <gdommety@cisco.com> Thu, 23 September 2004 22:21 UTC
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA29454 for <mip6-web-archive@ietf.org>; Thu, 23 Sep 2004 18:21:16 -0400 (EDT)
Received: from megatron.ietf.org ([132.151.6.71]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1CAc4V-0003dd-Rd for mip6-web-archive@ietf.org; Thu, 23 Sep 2004 18:28:26 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CAbiQ-0008Dm-2q; Thu, 23 Sep 2004 18:05:26 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CAbYy-0003eu-Jh for mip6@megatron.ietf.org; Thu, 23 Sep 2004 17:55:40 -0400
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA26923 for <mip6@ietf.org>; Thu, 23 Sep 2004 17:55:37 -0400 (EDT)
Received: from sj-iport-2-in.cisco.com ([171.71.176.71] helo=sj-iport-2.cisco.com) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1CAbfq-0003Cb-CU for mip6@ietf.org; Thu, 23 Sep 2004 18:02:46 -0400
Received: from sj-core-2.cisco.com (171.71.177.254) by sj-iport-2.cisco.com with ESMTP; 23 Sep 2004 14:57:39 -0700
Received: from mira-sjc5-d.cisco.com (IDENT:mirapoint@mira-sjc5-d.cisco.com [171.71.163.28]) by sj-core-2.cisco.com (8.12.10/8.12.6) with ESMTP id i8NLt3wr008737 for <mip6@ietf.org>; Thu, 23 Sep 2004 14:55:05 -0700 (PDT)
Received: from gdommety-w2k04.cisco.com (dhcp-128-107-178-184.cisco.com [128.107.178.184]) by mira-sjc5-d.cisco.com (MOS 3.4.6-GR) with ESMTP id AEP89893; Thu, 23 Sep 2004 14:55:05 -0700 (PDT)
Message-Id: <4.3.2.7.2.20040923143829.029e1a48@mira-sjc5-d.cisco.com>
X-Sender: gdommety@mira-sjc5-d.cisco.com
X-Mailer: QUALCOMM Windows Eudora Version 4.3.2
Date: Thu, 23 Sep 2004 14:55:05 -0700
To: mip6@ietf.org
From: Gopal Dommety <gdommety@cisco.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 769a46790fb42fbb0b0cc700c82f7081
Subject: [Mip6] Summary of Justification for Alternative Authentication Option
X-BeenThere: mip6@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: mip6.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/mip6>, <mailto:mip6-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:mip6@ietf.org>
List-Help: <mailto:mip6-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/mip6>, <mailto:mip6-request@ietf.org?subject=subscribe>
Sender: mip6-bounces@ietf.org
Errors-To: mip6-bounces@ietf.org
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 538aad3a3c4f01d8b6a6477ca4248793
Hello All, I am attaching a summary of the discussion that took place on justification of an alternate authentication mechanism. Please let me know if I have left out any important issue in the summary. I could have also mis-read people opinions, so if there is a correction please let me know. I will send a follow-up email with the next steps. Thanks, -Gopal Summary ======= The WG has been engaged in a discussion over the last week on the topic of standardizing an authentication date suboption based mechanism for the purpose of registering an MN with its HA via the BU/BAck messages. To summarize the discussion in brief: 1. The I-D draft-patil-mip6-whyauthdataoption-00.txt was used as the baseline for the discussion 2. Opinion was expressed that the I-D was more inclined in justifying why the use of IKE was a problem for setting up the MN-HA IPsec SA and not really providing sufficient justifications for an alternative scheme to the use of IPsec for securing the signaling messages between the MN and HA 3. There were a few people who expressed strong views of keeping IPsec as the only means for MIP6 security between MN and HA (Francis and Hesham (?)) 4. There were others who claimed the need for an alternate option to MIP6 including one operator who plans to deploy the protocol in their network (Raj, James Kempf, Alpesh, Gopal, Kuntal, Vijay, Michael Roe) 5. There was also a note from an implementers perspective on the challenges of integrating MIP6 with IPsec (Michael Roe) 6. There was discussion about the problem of replay attacks and the need for key refreshment 7. IKEv2 is expected to provide a solution to the problem of setting up dynamic SAs in networks that rely on AAA infrastructures. While IKEv2 itself has been approved, the details of how IKEv2 is used with MIP6 are still being worked out in an I-D that is not ready yet. 8. There was an opinion that the bootstrap work being done in the WG would address the needs of the environment claimed in I-D draft-patil-mip6-whyauthdataoption-00.txt _______________________________________________ Mip6 mailing list Mip6@ietf.org https://www1.ietf.org/mailman/listinfo/mip6
- [Mip6] Summary of Justification for Alternative A… Gopal Dommety
- Re: [Mip6] Summary of Justification for Alternati… Vijay Devarapalli
- Re: [Mip6] Summary of Justification for Alternati… James Kempf
- Re: [Mip6] Summary of Justification for Alternati… Gopal Dommety
- Re: [Mip6] Summary of Justification for Alternati… Francis Dupont
- Re: [Mip6] Summary of Justification for Alternati… Gopal Dommety