[00:48:27] --- janski has joined
[07:37:19] --- rstory has joined
[07:39:26] --- tskj has joined
[07:42:54] --- ks has joined
[07:47:38] --- Koojana has joined
[07:51:17] --- BP has joined
[07:52:09] --- krisan has joined
[07:52:35] --- tm has joined
[07:54:16] --- krisan has left
[07:56:30] <BP> Slides of MIP6 meeting are at : http://people.nokia.net/~patil/MIP6-IETF61/
[07:59:28] --- nov has joined
[08:01:04] --- toro_toro has joined
[08:01:58] --- jb has joined
[08:02:16] --- frodek has joined
[08:07:52] --- Koojana has left
[08:07:57] --- Koojana has joined
[08:10:04] <Koojana> Has meeting started and is there any jabber scribe
[08:13:02] <rstory> yes, no.
[08:15:17] --- alper has joined
[08:20:41] --- cabo--tzi--org has joined
[08:23:08] <cabo--tzi--org> Discussion about draft-mip6-auth-protocol-00.txt
[08:23:24] --- Yoshifumi Atarashi has joined
[08:23:25] --- Yoshifumi Atarashi has left: Disconnected
[08:24:00] --- Yoshifumi Atarashi has joined
[08:24:01] --- Yoshifumi Atarashi has left: Disconnected
[08:24:12] --- Yoshifumi Atarashi has joined
[08:24:12] --- Yoshifumi Atarashi has left: Disconnected
[08:24:27] --- Yoshifumi Atarashi has joined
[08:24:27] --- Yoshifumi Atarashi has left: Disconnected
[08:24:34] <cabo--tzi--org> Tom Narten led in, James Kempf made the point that two standards make it hard for the mobile node to find out which one to do -- either may be "switched off" by the operator.
[08:24:48] --- Yoshifumi Atarashi has joined
[08:25:10] <cabo--tzi--org> Erik: Assumption: physically secured network, does not apply ESP,
[08:25:26] <cabo--tzi--org> maybe we'll have some standards track thing, but they should be better.
[08:25:49] <cabo--tzi--org> 3GPP2 standard could come out as Info/Exp, but we should not confuse people by two PS
[08:26:39] --- Yoshifumi Atarashi has left
[08:27:52] <cabo--tzi--org> ...deployment issue... If people need RO, they'll need IPsec
[08:28:12] <cabo--tzi--org> Jari Arkko: ...
[08:28:33] --- Suresh Krishnan has joined
[08:28:55] <cabo--tzi--org> Interoperability: functional vs. authentication; can't have two random nodes in the Internet; need pre-configuration/operator/subscription
[08:30:28] <cabo--tzi--org> Hesham: Today, if I change operators I discard SIM card... SIM card does not have IPsec...
[08:30:34] --- Yoshifumi Atarashi has joined
[08:30:35] --- Yoshifumi Atarashi has left: Disconnected
[08:30:39] <Koojana> is this draft-giaretta-mip6-authorization-eap-02.txt draft that are talking
[08:31:04] --- Yoshifumi Atarashi has joined
[08:31:44] <cabo--tzi--org> John Loughney: networks are converging; if we think that, if this is done wrong, it can cause a mess; do it standards track and do it right
[08:31:55] <cabo--tzi--org> Pete McCann: Correction: IPsec is not
[08:32:15] <cabo--tzi--org> currently part of our spec; it was hard to do IPsec with the credentials that are already in the network
[08:32:29] <cabo--tzi--org> (our = 3GPP2)
[08:32:58] <cabo--tzi--org> James: SIP community did not just accept things thrown over by 3GPP
[08:33:08] <cabo--tzi--org> We should not do the draft as standards track
[08:35:07] <cabo--tzi--org> ...
[08:35:25] <cabo--tzi--org> The only argument we heard is interoperability -- 25 yes and 9 no?
[08:35:39] <cabo--tzi--org> Tom Narten: Some members of the community are not sure. We don't vote.
[08:36:34] <cabo--tzi--org> ...
[08:38:03] <cabo--tzi--org> Greg Daley: I thought there was a simple solution, but I was wrong. We should work on this. Other WGs come up with something that is ready to deploy and then do a WG draft; this is the other way around. Let's work on it.
[08:39:03] <cabo--tzi--org> Tom: From 3GPP2's perspective, we don't have much time.
[08:39:16] <cabo--tzi--org> Adopting it to get it right has the danger of an open timeline.
[08:41:48] --- Yoshifumi Atarashi has left
[08:44:19] <cabo--tzi--org> ...
[08:44:26] <cabo--tzi--org> Tom calls the question: Should we say no?
[08:44:28] <cabo--tzi--org> (no hands)
[08:44:38] <cabo--tzi--org> Should we publish this as a PS
[08:45:04] <cabo--tzi--org> (9 hands, but chairs don't count)
[08:45:11] <cabo--tzi--org> Informational?
[08:45:18] <cabo--tzi--org> (~30)
[08:46:20] <cabo--tzi--org> Greg: If we have an explicit timeline; Experimental -> deployment testing -> Standards Track later
[08:46:37] <cabo--tzi--org> Tom: could start as informational
[08:47:48] <cabo--tzi--org> Hesham: I don't think Informational would be a problem; RFC number is fine.
[08:48:01] --- frodek has left
[08:48:25] <cabo--tzi--org> Pekka Savola: We can't make a contract. Publish this as Informational or Experimental to meet the time requirements; then look what approach would be appropriate in the longer term.
[08:48:48] <cabo--tzi--org> MIP6 Operation with IKEv2 and the revised IPsec Arch. 20 Mins I-D: draft-ietf-mip6-ikev2-ipsec-00.txt
[08:50:38] <cabo--tzi--org> http://people.nokia.net/~patil/MIP6-IETF61/mip6_ikev2.ppt
[08:52:11] <cabo--tzi--org> RFC 3775 has MAY for dynamic key negotiation through IKEv1 Leave it at MAY for IKEv2 too? Make it a SHOULD?
[08:52:28] <cabo--tzi--org> Richard...: pre-shared or public keys?
[08:52:52] <cabo--tzi--org> Vijay: manual = no IKE, dynamic = pre-shared, public, whatever
[08:53:34] <cabo--tzi--org> Jari: That depends on how you see your document, is this 3776bis or just how to use IKEv2
[08:53:53] <cabo--tzi--org> Vijay: not bis, just how to use IKEv2
[08:54:03] <cabo--tzi--org> Jari: Then stick with the existing requirement
[08:55:44] <cabo--tzi--org> Francis Dupont: ...concern... is a MAY enough?
[08:56:25] <cabo--tzi--org> Vijay: significant implementation difficulties; requiring this will make implementations easier
[08:56:40] <cabo--tzi--org> (we are at p5)
[08:58:28] <cabo--tzi--org> 2401bis moves away from interface-bound security policies...
[08:59:11] <cabo--tzi--org> ...Vijay: the problem comes from old IPsec having per-interface SPDs
[08:59:34] --- henrik has joined
[09:01:49] --- loughney has joined
[09:03:05] <BP> One of the newer features of the IKEv2-MIP6 spec is the use of EAP
[09:03:25] <BP> Should we require the HA to support this or is it optional?
[09:03:39] <cabo--tzi--org> Vijay: EAP takes four roundtrips instead of two (p11)
[09:03:42] <BP> Francis: This is obviously a may for the HA
[09:04:33] <BP> Vijay: We can make it optional for the HA. If anyone else has concerns please express..
[09:04:43] <BP> Pete: This is one of the most important mechanisms and will be deployed
[09:04:58] <BP> The language used is a matter of choice in the I-D
[09:05:43] <BP> Vijay: Feature 2 which allows IKEv2 to provide the MN an HoA
[09:06:08] <BP> James: This is a good feature
[09:06:23] <BP> Erik: This is one means of the bootstrapping solution
[09:06:45] <BP> Jari: This is a good solution in the I-D
[09:07:32] <BP> Francis Dupont presenting now...
[09:07:47] <BP> Slides for Francis' presentation not available.
[09:08:05] <cabo--tzi--org> Using IPsec to protect signaling between MN and CN 5 Mins I-D: draft-dupont-mipv6-cn-ipsec-01.txt
[09:10:35] <cabo--tzi--org> Francis: RR may not be good enough
[09:10:43] <cabo--tzi--org> Vijay: I support this
[09:11:28] <cabo--tzi--org> Francis: Will remove cookie-based CoA test
[09:11:40] <cabo--tzi--org> James: I keep thinking about mobike...
[09:12:19] <cabo--tzi--org> James: would this be transport- as well as tunnel-mode?
[09:12:26] <cabo--tzi--org> Francis: yes.
[09:12:53] <cabo--tzi--org> Suresh: very good idea, should be WG item
[09:13:19] <cabo--tzi--org> Raj: Objections to making this a WG document?
[09:13:24] <cabo--tzi--org> (no hands)
[09:13:29] <cabo--tzi--org> -> WG document
[09:13:50] <cabo--tzi--org> Care-of address test procedure using a state cookie 5 Mins I-D: Annex of draft-dupont-mipv6-cn-ipsec-01.txt
[09:14:52] <cabo--tzi--org> initiated by paranoid CNs
[09:15:29] <cabo--tzi--org> state cookie to avoid easy DoS
[09:17:15] <cabo--tzi--org> Vijay: It's not possible to list all mechanisms which might use this one
[09:17:45] <BP> Christian: Comment about how the coa test is done 9?)
[09:17:57] <BP> ML discussion in March of this year
[09:19:16] <BP> Erik: Not sure how this relates to the COA test in the base spec..
[09:19:37] <BP> Erik: Sees this as defining a protocol that can be applied to any security mechanism
[09:22:17] <BP> Erik: Raising security concerns... Needs to be discussed offline
[09:23:21] <BP> Jari: Echoing some similar concerns as Erik...
[09:24:12] <BP> Jari: Produced a document in Mobopts (with Christian Vogt) that should be looked at
[09:24:30] <BP> Raj: Cannot make this a WG item at this time. Lets discuss this further on the ML
[09:24:41] <cabo--tzi--org> Goals for AAA-HA interface 10 Mins I-D: draft-giaretta-mip6-aaa-ha-goals-00.txt
[09:25:02] <cabo--tzi--org> http://people.nokia.net/~patil/MIP6-IETF61/ietf61-giaretta-mip6-aaa-ha-goals-last-2.ppt
[09:30:25] <cabo--tzi--org> Pete McCann: don't tie network access to HA auth
[09:35:18] <cabo--tzi--org> ...
[09:35:45] <cabo--tzi--org> (at scenario 2): Greg: This looks interesting, might solve 3GPP2 problem
[09:36:30] <cabo--tzi--org> Hesham: This proposal is good for IPsec -- now there is no excuse
[09:36:39] <cabo--tzi--org> James: This can be a way to simplify setup of SA
[09:37:02] <cabo--tzi--org> I'd like to remind people, there is a very common situation: hotspots with zero link sec
[09:42:30] <BP> Raj summarized Alpers I-D since time is running out
[09:42:44] <BP> The AAA extensions or AVPs will be specified in the AAA WG
[09:43:11] <BP> The MIP6 WG needs to identify what is needed from AAA for MIP6 deployemnt/operation
[09:43:51] --- ms has joined
[09:45:06] <cabo--tzi--org> http://people.nokia.net/~patil/MIP6-IETF61/ietf61-giaretta-mip6-authorization-eap.ppt
[09:46:33] --- BP has left
[09:46:54] <cabo--tzi--org> Pasi: There is a lot of information that people might want to provision (Mailbox is at ZZZ, printer is at YYY) -- EAP is not the right thing for all of this
[09:47:55] <cabo--tzi--org> Jari: technical alternatives... this one may not require changes to APs, but it does require changes to EAP methods
[09:55:20] <cabo--tzi--org> http://people.nokia.net/~patil/MIP6-IETF61/ietf61-giaretta-mip6-amsk.ppt
[09:55:56] --- schoenw has joined
[09:57:22] --- ms has left: Disconnected.
[09:57:40] <cabo--tzi--org> Jari: I understand your rationale for not including HA, but does that not mean the same key gets used twice
[10:01:08] <cabo--tzi--org> http://people.nokia.net/~patil/MIP6-IETF61/ietf61_mip6_bootstrap-pana-02.ppt
[10:01:26] <cabo--tzi--org> (loose VGA cable, duh)
[10:13:13] <Koojana> no more presentations?
[10:13:30] <cabo--tzi--org> Sorry, got distracted.
[10:13:37] <cabo--tzi--org> Can anybody else chime in?
[10:21:54] <cabo--tzi--org> http://people.nokia.net/~patil/MIP6-IETF61/bootstrap_bcf.ppt
[10:23:16] --- rstory has left: Logged out
[10:24:07] <cabo--tzi--org> http://people.nokia.net/~patil/MIP6-IETF61/load_balance.ppt
[10:24:38] --- toro_toro has left
[10:24:48] --- toro_toro has joined
[10:25:03] <cabo--tzi--org> Chair: there are lots of bootstrapping solutions -- discuss this on the list.
[10:25:34] --- tskj has left: Logged out
[10:25:37] <cabo--tzi--org> Precomputable Binding Management Key Kbm for Mobile IPv6 5 Mins I-D: draft-ietf-mip6-precfgkbm-01.txt Charles Perkins
[10:26:09] <cabo--tzi--org> http://people.nokia.net/~patil/MIP6-IETF61/Precfg.ppt
[10:26:57] <cabo--tzi--org> 13. Improvement of Return Routability Protocol 10 Mins I-D: draft-qiu-mip6-rr-improvement-00.txt Jianying ZHOU
[10:27:11] <cabo--tzi--org> http://people.nokia.net/~patil/MIP6-IETF61/Improvement_of_Return_Routability_Protocol-1.ppt
[10:29:18] --- jb has left
[10:29:45] --- loughney has left
[10:31:08] <cabo--tzi--org> Christian: I sent a message on the ML about this
[10:31:20] <cabo--tzi--org> at this position an attacker can do this kind of attacks
[10:33:08] <Koojana> is this the last presentation?
[10:33:40] <cabo--tzi--org> Erik, if we do this, you cannot keep the same token over movements
[10:34:19] <cabo--tzi--org> Jari: require more effort from the attackers, but the ratio is not that great, just send another message, and then there is the limitation Erik mentioned
[10:34:33] <cabo--tzi--org> Suresh: Lots of duplication in this draft
[10:36:09] <cabo--tzi--org> Chair: end of session; one more presentation
[10:36:46] <cabo--tzi--org> next steps: ... design team to solve the bootstrapping problem
[10:37:01] <cabo--tzi--org> Thierry:
[10:37:23] <cabo--tzi--org> http://people.nokia.net/~patil/MIP6-IETF61/mip6-ietf61-multiface.pdf
[10:39:16] <cabo--tzi--org> many efforts on multi-interface
[10:39:35] <cabo--tzi--org> need clear problem statement first
[10:39:43] <cabo--tzi--org> asking the room
[10:40:16] <cabo--tzi--org> James: This is a very complex issue, multi6, ... not at this time the right thing to add to the charter
[10:40:47] <cabo--tzi--org> Hesham: multiple interfaces on a host?
[10:41:10] <cabo--tzi--org> Q: is it important question?
[10:41:15] <cabo--tzi--org> (20-30 hands)
[10:41:55] <cabo--tzi--org> Q: where should we do that, just for MIP or also for fixed nodes
[10:42:03] <cabo--tzi--org> James: do this in multi6
[10:42:26] <cabo--tzi--org> Thierry: Isn't this out of charter for multi
[10:42:48] <cabo--tzi--org> Pekka Savola: This is definitely out of charter for multi6, which will be closed down soon anyway
[10:43:04] <cabo--tzi--org> Jari: In addition to multi6 there are hip and mobike
[10:43:13] <cabo--tzi--org> Tom Narten: Focus on the probem statement
[10:43:27] <cabo--tzi--org> What is a generic multihoming issue that is not MIP specific?
[10:43:39] <cabo--tzi--org> What *is* MI Psepcific?
[10:43:54] <cabo--tzi--org> for the first, do it in multi6; for the second, mip* might be
[10:44:01] --- toro_toro has left
[10:44:20] <cabo--tzi--org> Gabriel: Does the framework already contemplate both IPv4 and IPv6 addresses? That might complicate it.
[10:44:31] <cabo--tzi--org> Thierry: We haven't thought about this.
[10:44:37] <cabo--tzi--org> (end of session)
[10:45:10] --- tm has left: Logged out
[10:45:33] --- ks has left: Logged out
[10:45:44] --- henrik has left
[10:48:03] --- cabo--tzi--org has left: Disconnected
[10:54:29] --- schoenw has left
[11:04:25] --- nov has left: Disconnected
[11:17:23] --- alper has left
[11:30:13] --- Koojana has left: Disconnected
[11:36:02] --- Suresh Krishnan has left: Disconnected
[12:00:41] --- Koojana has joined
[12:07:19] --- Koojana has left
[21:29:30] --- nov has joined