|
Hello, Jean-Michel,
Thank you so much for your comments.
We will address your comments and feedback
with a new version of the draft.
Merry Christmas, guys~
BR,
Zhiwei
2016-12-23
Z.W. Yan
发件人: Jean-Michel Combes
发送时间: 2016-12-20 02:35:54
收件人: int-dir@xxxxxxxx
抄送: draft-ietf-dmm-hnprenum.all;
ietf; dmm
主题: [DMM] Review of
draft-ietf-dmm-hnprenum-03
Reviewer: Jean-Michel Combes
Review result: Ready with Issues
Hi,
First, this is the first time I am trying this new tool for reviewers,
so, sorry if I am making process mistakes.
Please find the official text below:
<JMC>
I am an assigned INT directorate reviewer for
draft-ietf-dmm-hnprenum-03. These comments were written primarily for
the benefit of the Internet Area Directors. Document editors and
shepherd(s) should treat these comments just like they would treat
comments from any other IETF contributors and resolve them along with
any other Last Call comments that have been received. For more details
on the INT Directorate, see http://www.ietf.org/iesg/directorate.html.
Please, find my review below:
*** Section 1, p2 ***
"However, a widespread use of PI addresses may cause Border Gateway
Protocol (BGP) scaling problems."
Any Ref?
*** Section 7, p6 ***
"The protection of UPN and UPA messages in this document follows
[RFC5213] and [RFC7077]. This extension causes no further security
problem."
Sorry but, I must admit I don't agree:
[RFC5213] says:
"The Mobile IPv6 specification [RFC3775] requires the home agent to
prevent a mobile node from creating security associations or creating
binding cache entries for another mobile node's home address. In the
protocol described in this document, the mobile node is not involved
in creating security associations for protecting the signaling
messages or sending binding updates. Therefore, the local mobility
anchor MUST restrict the creation and manipulation of proxy bindings
to specifically authorized mobile access gateways and prefixes. The
local mobility anchor MUST be locally configurable to authorize such
specific combinations. Additional mechanisms, such as a policy store
or Authentication, Authorization, and Accounting (AAA) may be
employed, but these are outside the scope of this specification."
Based on the fact that an operator could set up internal check-ups
about the allowed HNP(s) for the MN, there could be strong
restrictions (e.g., not allowed roaming between operators) about the
mechanism described inside this document.
So, IMHO, additional text is needed regarding this point.
Best regards,
JMC.
</JMC>
_______________________________________________
dmm mailing list
dmm@xxxxxxxx
https://www.ietf.org/mailman/listinfo/dmm |