List Info

Thread: Let's talk text (was Re: EAP over IKEv2 as the defaultmechanism for HMIPv6)
Let's talk text (was Re: EAP over IKEv2 as the defaultmechanism for HMIPv6)
user name
 2006-11-28 17:54:31 
This makes sense IMHO, but wouldn't those drafts be
normative
references, i.e., wouldn't there be a problem to progress
HMIP as
proposed standard before the bootstrapping mechanisms are at
the same
standards level?

jak>> If these drafts contain specification that HMIP
technically requires 
to get security adequately addressed, and I believe they do,
references are 
necessary. Duplicating that material in the HMIP draft is
not an option, 
since then any changes in the original text down the line
would need to be 
propagated. Normative references that require resolution
happen all the 
time, the RFC Editor is capable of resolving them. In this
case, I don't 
believe there is much deployment urgency so I don't see a
problem with 
delay. The other drafts are near complete anyway.

And do you mean reuse of HMIP security-related bootstrapping
mechabisms
(Ipsec SA setup and auth/authz with MSA) only or also other
bootstrapping mechanisms such as HA(->MAP) address
discovery and
HoA(->RCoA) assignment? The latter should be applicable
as well and it
might be valuable to consider them as an option in addition
to the
mechanisms specified in 4140.

jak>> I've never been particularly fond of HMIP's
bootstrapping mechanism 
because it requires changes in the access routers. One of
the attractions of 
HMIP without that bootstrapping is that it could be used
with no changes in 
any other access network hardware. I'm not advocating that
the current 
bootstrap mechanism be removed, since others seem to like
it, but I think it 
makes sense to take a look at the bootstrapping mechanisms
for MIP6 and see 
whether they could also be adapted to HMIP. In particular, I
think the 
mechanism in
draft-ietf-mip6-bootstrapping-integrated-dhc-01.txt would
make 
a lot of sense for HMIP, since they are envisioned for
dynamic home agent 
deployments, which are very similar.

jak>> However, this is orthogonal to the current
discussion about security, 
and I don't see it as strictly necessary for the draft to be
ready for 
publication. I do believe the current security text needs
work before it is 
ready for publication, along the lines of the points
outlined in the 
original email.

            jak 


_______________________________________________
Mipshop mailing list
Mipshopietf.org
https:
//www1.ietf.org/mailman/listinfo/mipshop
[1]

about | contact  Other archives ( Real Estate discussion Medical topics )