RADIUS attribute space situation and WGs wanting to add attributes

[Jari Arkko <jari.arkko@piuha.net>]

The second question of the day for the AAA doctors.

We are currently rechartering MIP6 WG. A part of
their effort involves so called boostrapping support
which enables easy enrollment of mobile nodes to
the "mobility service". In practise this happens
by using the same credentials for both network
access purposes and for the MIPv6 - IKEv2 - EAP
authentication at the home agent.

The charter, currently in "IETF review" stage
includes work on backend AAA for this. Diameter
work for this is already in progress in Dime
WG, but the charter includes corresponding
RADIUS work for the MIP6 WG.

I have two questions about this:

- What is the state of RADIUS attribute space?
  Perhaps you can answer with one of the following
  conclusions:

     (1) Used up, no near-term possibility to rectify
         the situation. Please don't charter any new
         RADIUS work.
     (2) Used up but a solution will appear. Feel free
         to recharter, but don't put a milestone until
         MM, YYYY.
     (3) Go ahead, no problem.

- The prospect of providing two sets of attributes instead
  of one is troubling, particularly if one set of attributes
  could potentially suffice if those are allocated from
  RADIUS space.

  Thoughts?

I would appreciate resolving these issues
before the next IESG telechat September
28 so that we can approve the charter.

--Jari

-----------charter------------

Mobility for IPv6 (mip6)

Last Modified: 2006-09-07

Chair(s):
Basavaraj Patil <basavaraj.patil@nokia.com>
Gopal Dommety <gdommety@cisco.com>

Internet Area Director(s):
Jari Arkko <jari.arkko@piuha.net>
Mark Townsley <townsley@cisco.com>

Internet Area Advisor:
Jari Arkko <jari.arkko@piuha.net>

Mailing Lists:
General Discussion: mip6@ietf.org
To Subscribe: https://www.ietf.org/mailman/listinfo/mip6
Archive: http://www.ietf.org/mail-archive/web/mip6/index.html

Description of Working Group:

Mobile IPv6 (MIP6) specifies routing support which permits an IPv6
host to continue using its home address as it moves around the
Internet, enabling continuity of sessions. Mobile IPv6 supports
transparency above the IP layer, including maintenance of active
transport level sessions. The base specifications for Mobile IPv6
consist of:

     o RFC 3775
     o RFC 3776

The primary goal of the MIP6 working group will be to enhance base
IPv6 mobility by continuing work on developments that are required for
wide-scale deployments. Additionally the working group will ensure
that any issues identified by implementation and interoperability
experience are addressed, and that the base specifications are
maintained. The group will also produce informational documentation,
such as design rationale documents or description of specific issues
within the protocol.

Deployment considerations call for work to reduce per-mobile node
configuration and enrollment effort, solutions to enable dual-stack
operation, mechanisms to support high-availabity home agents, and ways
to employ Mobile IPv6 in the presence of firewalls.

Work items related to base specification maintenance include:

 - Create and maintain an issue list that is generated on the basis of
   implementation and interoperability experience. Address specific
   issues with specific updates or revisions of the base
   specification.  This work relates only to corrections and
   clarifications. The working group shall not revisit design
   decisions or change the protocol.

 - Update RFC 3776 to specify the usage of IKEv2 for the establishment
   of the IPsec SA between the MN and HA. This work also provides a
   way for a mobile node to change its home address or employ multiple
   home addresses as needed.

 - Update the IANA considerations of RFC 3775 to allow extensions for
   experimental purposes as well passing of optional vendor-specific
   information.

Work items related to large scale deployment include:

 - Bootstrapping Mobile IPv6: A bootstrapping mechanism is intended to
   be used when the device is turned on the very first time and
   activates Mobile IPv6, or periodically such as when powering
   on. The WG should investigate and define the scope before solving
   the problem.

   Work on the problem statement and the solutions needed for various
   deployment scenarios. Work with other WGs such as DHC for defining
   the options needed for bootstrapping.

 - Capture the AAA requirements needed for bootstrapping and
   deployment, and work with the Radext and DiME WGs on the solutions.

 - A Solution for MIP6 session continuity for dual stack hosts which
   attach to IPv4 access networks. Additionally provide a mechanism
   for carrying IPv4 packets via the Home agent for MIP6 capable
   dual-stack hosts. This work will be done in collaboration with the
   NEMO WG.

 - A protocol based solution for enhancing the reliability of home
   agents and a method to force a host to switch home agents.

 - A mechanism to force an MN to switch the HA that is currently
   serving it. This is required in deployments where the HA may need
   to be taken offline for maintenance.

 - Work on solutions to deal with firewalls and the problems that
   firewalls cause as identified in RFC 4487.

Work items related to informational documentation include:

 - Produce a problem statement relating to location privacy and the
   use of Mobile IPv6. Work with the IRTF MOBOPTS RG on developing the
   solution.

 - Produce a design rationale that documents the historical
   thinking behind the introduction of an alternative security
   mechanism, the Authentication Protocol (RFC 4285).

It should be noted that some of the features that are directly related
to Mobile IPv6 are being worked on in the MONAMI6, MIPSHOP, and NEMO
working groups. The specific extensions from these groups are out of
scope for the MIP6 working group. In particular, all optimizations are
out of scope. However, MIP6 may assist these groups when they use
features listed above and have requirements on them.

Milestones:

Sep 2006    Submit I-D 'Motivation for Authentication I-D' to IESG
        for publication as Informational.

Sep 2006    Submit I-D 'Bootstrapping solution for Integrated Scenario'
        to IESG for publication as a Proposed Standard.

Oct 2006    Submit I-D 'Mobility management for Dual stack mobile nodes:
        A Problem Statement' to IESG for publication as Informational.

Oct 2006    Submit I-D 'Goals for AAA HA Interface' to IESG for
        publication as Informational.

Oct 2006    Submit I-D 'Address Location Privacy and Mobile IPv6 Problem
        Statement' to IESG for publication as Informational.

Nov 2006    Submit I-D 'Bootstrapping solution for split Scenario' to IESG
        for publication as a Proposed Standard.

Nov 2006    Submit I-D 'DHCP Options for Home Information Discovery in
        MIPv6' for publication as a proposed standard.

Dec 2006    Submit I-D 'Home agent reliability' to IESG for publication
        as a Proposed Standard.

Dec 2006    Submit I-D 'Mobile IPv6 Dual-Stack Operation' to IESG for
        publication as a Proposed Standard.

Dec 2006    Submit I-D 'Mobility Header Home Agent Switch Message' to
        IESG for publication as a Proposed Standard.

Jan 2007    Submit I-D 'Mobile IPv6 Experimental Allocations' to IESG for
        publication as a Proposed Standard.

Feb 2007    Submit the I-D 'RADIUS Mobile IPv6 Support' to IESG for
        publication as a proposed standard.

Apr 2007    Submit I-D 'Mobile IPv6 Operation with Firewalls' to IESG
        for publication as Informational.

May 2007    Submit I-D(s) related to specific updates and corrections
        of RFC 3775 to IESG for publication as Proposed Standard.