Hello,
I was asked to review draft-ietf-netlmm-threats-02.txt. here
are some comments.
I feel the document is incomplete and missing a few things.
- location privacy. there was a lot of noise made about
location
privacy when the NETLMM work started out. what are the
threats?
what needs to be addressed in the NETLMM protocol work?
- identifying the mobile node at the MAG. for NETLMM to work
it
is critical that the MAG is able to identify the MN based on
some identity. there has to be authentication at L2 or L3.
is
confidentiality required? the MAG also need to figure out
the
IP address that corresponds to the mobile node's identity.
- source address check. for every packet the MAG
encapsulates
and sends to the LMA, it needs to check if the mobile node
is
using the address it is authorized to use. in particular the
MAG (and the LMA) should prevent a mobile node from using
another mobile node's address.
- MN-AR link. is anything assumed about the MN-AR link?
whether
it is a point-to-point link or a broadcast link?
- the draft does not talk about requiring replay protection
for
MAG-LMA interface or the fact that authentication between
LMA
and MAG is required for all signaling messages
- how does the LMA check if the MAG is authorized to update
routing for a particular mobile node? here I am not talking
about MAG authenticating itself to the LMA. if it is out of
scope, just mention and then say it is out of scope.
Vijay
_______________________________________________
netlmm mailing list
netlmm ngnet.it
https://vesuvio.ipv6.cselt.it/mailman/listinfo/netlmm
|