I think we've got closure on all Part I issues, pending the actual
text :-)
Thanks!
Ben.
On Sep 2, 2009, at 1:12 AM, Ahmad Muhanna wrote:
Hi Ben,
Please see inline.
Regards,
Ahmad
-----Original Message-----
From: Ben Campbell [mailto:ben@xxxxxxxxxxxx]
Subject: Re: [PART-I] Gen-ART LC and Telechat Review of
draft-ietf-mext-binding-revocation-10
On Sep 1, 2009, at 3:35 PM, Ahmad Muhanna wrote:
[...]
So is it true that using bulk revocation without IPSec
could make it
possible for an attacker to masquerade as an authorized party, and
delete large numbers of bindings with a single BRI?
[Ahmad]
Well, we need to be a little careful here:) I think what
you meant to
say here is without any security mechanism.
In particular, without an authentication mechanism.
So, If no valid SA is being used to protect the binding revocation
signaling and, I assume, the MIP6/PMIP6 signaling, then a
lot of bad
things could happen.
Right, and those bad things seem at least slightly worse with
BRI than without it, due to the bulk revocation mechanism--so
additional mention seems appropriate.
[Ahmad]
Will try to address this in the new revision. Hopefully, this week.
Or there
underlying architectural features that prevent or make this hard?
[Ahmad]
I am not quite sure what you mean by the underlying architectural
features in this context. But I can say the following: If
no security
mechanism (SA) is being used, neither BU/BA nor BRI/BRA are
allowed to
be used for establishing nor revoking mobility sessions.
Hmm--maybe this is all some confusion on my part. Somewhere I
got the impression the requirement to use IPSec for BU
messages was SHOULD strength. But in rereading RFC3775, I see
it at MUST strength. But I am then confused by the language
in this draft that says "If IPSec is used..."
So, to close on this--do you consider the _use_ of IPSec for
BRI to be a SHOULD or MUST? If it's a MUST, then I withdraw
my comments about "what happens if you don't use IPSec?", and
apologize for the confusion.
[Ahmad]
As you mentioned, RFC3775 mandates the use of IPsec to protect BU/BA
between the MN and the HA. However, RFC5213, Proxy Mobile IPv6,
mandates
the implementation of IPsec on the MAG and LMA. So, as you see it is
not
straight forward:) On the other hand, I understand what you are trying
to say. Let me work with the authors on this and will share the
security
related text before publishing. I am sure we can come up with a text
that reasonably address your concern while staying within the wg
consensus.
think just discussing that in the SecCon would go a long
way towards
addressing my concerns.)
[Ahmad]
I am in the process of rewriting the security section and the whole
draft to address all comments. Will revaluate before publishing
whether we need anything specific here.
Okay.
Thanks!
Ben.
_______________________________________________
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf