rfc4068bis - MAC Mobility Option for FBU/FBAck protection

Email lists > MIPv6 Signaling and Handoff Optimization

Thread: rfc4068bis - MAC Mobility Option for FBU/FBAck protection

Search this list only Search all lists
rfc4068bis - MAC Mobility Option for FBU/FBAck protection
	2006-06-16 21:08:58

There is an IESG note on the first page of that RFC. Vidya From: Behcet Sarikaya [mailto:behcetsarikayayahoo.com] Sent: Friday, June 16, 2006 1:55 PM To: Narayanan, Vidya Cc: mipshopietf.org Subject: Re: [Mipshop] rfc4068bis - MAC Mobility Option for FBU/FBAck protection Hi Vidya, ----- Original Message ---- From: "Narayanan, Vidya" <vidyanqualcomm.com> To: Vijay Devarapalli <vijay.devarapalliazairenet.com> Cc: mipshopietf.org Sent: Friday, June 16, 2006 1:39:58 PM Subject: RE: [Mipshop] rfc4068bis - MAC Mobility Option for FBU/FBAck protection RFC4285 is not a good choice, for some important reasons: 1. RFC4285 lacks any algorithm agility - so, when HMAC-SHA1 is broken, it needs to be revised. By including the Algorithm Type in the option, we take care of that issue. 2. We need a means of indicating the Handover Key Exchange protocol that was used to create the handover key. 3. There are currently some important issues with RFC4285 - to mention a couple of examples, it specifies the wrong key length for HMAC-SHA1 and has inconsistent definitions of SPI in the document. In order to use it for anything, that RFC needs a revision. 4. Based on the IESG note on RFC4285, it would be impossible to get a standards track document that has RFC4285 as a normative reference. Actually, I am not in favor of using that as the base, given the problems stated above anyway. ==> where is this note, I could not see it? ==> WiMAX is recommending the use of this RFC, if there is a note, WiMAX should also know about it, I think. ==> Regards, ==>--behcet Vidya > -----Original Message----- > From: Vijay Devarapalli [mailto:vijay.devarapalliazairenet.com] > Sent: Friday, June 16, 2006 11:27 AM > To: Narayanan, Vidya > Cc: mipshopietf.org > Subject: Re: [Mipshop] rfc4068bis - MAC Mobility Option for > FBU/FBAck protection > > why can't you use the Mobility Message Authentication option > from RFC 4285. > > ;       0       ;         1       ;         2       ;         3 >        0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 > 7 8 9 0 1 >        ;         ;   > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > ;         ;         ; \|  Option Type \| Option Length \|   > Subtype      \| > ;       > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > ;     \|       ;         Mobility SPI   ;         ;       > ;         \| >        > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > ;     \|       ;         Authentication Data .... >  ;     > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > > Narayanan, Vidya wrote: >; > > ;   0       ;         1       ;         2       ;         3 > > ;   0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 > 7 8 9 0 1 > > ;         ;         ;         ;   > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > > ;         ;         ;         ;   \|  HKE ; \|  AT ; \|     > Reserved  \| > > ;   > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > > ;   \|       ;         ;       SPI   ;         ;       > ;         \| > > ;   > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > >    \|   ;         ;         AUTH Data ;         .... > > ;   > > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > > > > > > MH Option Type = "MAC Mobility Option" > > > > MH Option Length = Length of the MH data field > > these two fields are not shown in the figure. > > > > > MH Data Fields: > > > > HKE (4 bits) = Handover Key Exchange Type ('1' - SEND-based; '2' - > > AAA-based;) > > > > AT (4 bits) = Algorithm Type - Defined values - '1' - HMAC-SHA-1 > > (default); '2' - HMAC-SHA-256 > > wouldnt the SPI (and the IP addresses) tell you which key and > which authentication algorithm to use? does it matter if the > key was derived using SEND or AAA network access? for > processing the option, you only need to know which key, right? >; maybe I am missing something. > > Vijay > _______________________________________________ Mipshop mailing list Mipshopietf.org https://www1.ietf.org/mailman/listinfo/mipshop

[1]

about | contact Other archives ( Real Estate discussion Medical topics )

Mailing lists