Hi Ben, Please see inline. Regards, Ahmad > -----Original Message----- > From: Ben Campbell [mailto:ben@xxxxxxxxxxxx] > Subject: Re: [PART-I] Gen-ART LC and Telechat Review of > draft-ietf-mext-binding-revocation-10 > On Sep 1, 2009, at 3:35 PM, Ahmad Muhanna wrote: > > [...] > > >> > >> So is it true that using bulk revocation without IPSec > could make it > >> possible for an attacker to masquerade as an authorized party, and > >> delete large numbers of bindings with a single BRI? > > [Ahmad] > > Well, we need to be a little careful here:) I think what > you meant to > > say here is without any security mechanism. > > In particular, without an authentication mechanism. > > > So, If no valid SA is being used to protect the binding revocation > > signaling and, I assume, the MIP6/PMIP6 signaling, then a > lot of bad > > things could happen. > > Right, and those bad things seem at least slightly worse with > BRI than without it, due to the bulk revocation mechanism--so > additional mention seems appropriate. [Ahmad] Will try to address this in the new revision. Hopefully, this week. > > > > > > > >> Or there > >> underlying architectural features that prevent or make this hard? > > [Ahmad] > > I am not quite sure what you mean by the underlying architectural > > features in this context. But I can say the following: If > no security > > mechanism (SA) is being used, neither BU/BA nor BRI/BRA are > allowed to > > be used for establishing nor revoking mobility sessions. > > > > Hmm--maybe this is all some confusion on my part. Somewhere I > got the impression the requirement to use IPSec for BU > messages was SHOULD strength. But in rereading RFC3775, I see > it at MUST strength. But I am then confused by the language > in this draft that says "If IPSec is used..." > > So, to close on this--do you consider the _use_ of IPSec for > BRI to be a SHOULD or MUST? If it's a MUST, then I withdraw > my comments about "what happens if you don't use IPSec?", and > apologize for the confusion. [Ahmad] As you mentioned, RFC3775 mandates the use of IPsec to protect BU/BA between the MN and the HA. However, RFC5213, Proxy Mobile IPv6, mandates the implementation of IPsec on the MAG and LMA. So, as you see it is not straight forward:) On the other hand, I understand what you are trying to say. Let me work with the authors on this and will share the security related text before publishing. I am sure we can come up with a text that reasonably address your concern while staying within the wg consensus. > > > >> think just discussing that in the SecCon would go a long > way towards > >> addressing my concerns.) > > [Ahmad] > > I am in the process of rewriting the security section and the whole > > draft to address all comments. Will revaluate before publishing > > whether we need anything specific here. > > Okay. > > Thanks! > > Ben. > _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf