Document Action: 'Authentication Protocol for Mobile IPv6' to Informational RFC

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The IESG has approved the following document:

- 'Authentication Protocol for Mobile IPv6 '
   <draft-ietf-mip6-auth-protocol-07.txt> as an Informational RFC

This document is the product of the Mobility for IPv6 Working Group. 

The IESG contact persons are Margaret Wasserman and Mark Townsley.

A URL of this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-mip6-auth-protocol-07.txt

Technical Summary
 
   IPsec is specified as the sole means of securing all signaling
   messages between the Mobile Node and Home agent for Mobile IPv6
   (see RFC 3775).  Some deployments, and 3GPP2 in particular, desire
   a different model for securing signalling between the Mobile Node
   and Home Agent, one that more closely fits their existing Mobile
   IPv4 deployments.  This document proposes an alternate method for
   securing the signaling messages, one based on defining a
   MIPv6-specific authentication extension.
 
Working Group Summary
 
  This document certainly generated controversy within the WG. There
  were some who argued that this approach was not appropriate and that
  we should just stick with "use the IPsec-based approach as defined
  in RFC 3775". Others argued that we should listen to an important
  "customer" and that it was appropriate to put this document forward
  on standards track, since there were likely to be many
  implementations.  In the end, most people recognized the need to be
  pragmatic in dealing with the input from 3GPP2, given that
  3GPP2-based mobile IPv4 is the largest current deployment of
  MIPv4. In the end, the WG supported moving this work forward, but as
  an informational document rather than on the Standards Track.
 
Protocol Quality
 
 This document has been reviewed for the IESG by Thomas Narten.

IESG Note

This RFC is not a candidate for any level of Internet Standard.  RFC
3775 and 3776 define Mobile IPv6 and its security mechanism.  This
document presents an alternate security mechanism for Mobile IPv6 used
in 3GPP2 networks.

The security properties of this mechanism have not been reviewed in
the IETF.  Conducting this review proved difficult because the
standards-track security mechanism for Mobile IPv6 is tightly
integrated into the protocol; extensions to Mobile IPv6 and the core
documents make assumptions about the properties of the security model
without explicitly stating what assumptions are being made.  There is
no documented service model.  Thus it is difficult to replace the
security mechanism and see if the current protocol and future
extensions meet appropriate security requirements both under the
original and new security mechanisms.  If a service model for Mobile
IPv6 security is ever formally defined and reviewed, a mechanism
similar to this one could be produced and fully reviewed.

Section 1.1 of this document provides an applicability statement for
this RFC.  The IESG recommends against the usage of this specification
outside of environments that meet the conditions of that applicability
statement.  In addition the IESG recommends those considering
deploying or implementing this specification conduct a sufficient
security review to meet the conditions of the environments in which
this RFC will be used.


_______________________________________________

IETF-Announce@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf-announce

[Index of Archives]     [IETF]     [IETF Discussion]     [Linux Kernel]

  Powered by Linux