Proposal for Issue 15

A new SPI (HMAC_CHAP_SPI) is defined which will indicate usage of HMAC-MD5 instead of MD5 in the authenticator. Due to interoperability issue, it is essential that the usage of this new extension remain optional. The following changes are proposed:

Existing text

(section 3.1)

If the SPI value is chosen as CHAP_SPI (see section 9), then the mobile node specifies CHAP-style authentication [11] using MD5 [10].

(section 8)

where the Type, Length, SPI, and possibly Subtype, are the fields of the authentication extension in use. For instance, all four of these fields would be in use when SPI == CHAP_SPI is used with the Generalized Authentication extension.

(Section 9)

Parameter Name Default Value Section(s) of Document
CHALLENGE_WINDOW 2 3.2
CHAP_SPI 2 8

New text:

(Section 3.1)

If the SPI value is chosen as CHAP_SPI or HMAC_MD5 (see section 9), then the mobile node specifies CHAP-style authentication [11] using MD5 [10] or HMAC_MD5, respectively.

(Section 8)

where the Type, Length, SPI, and possibly Subtype, are the fields of the authentication extension in use. For instance, all four of these fields would be in use when SPI = (CHAP_SPI or HMAC_CHAP_SPI) is used with the Generalized Authentication extension.

However, SPI number HMAC_CHAP_SPI indicates the use of HMAC_MD5 instead of MD5 in the above procedure.

(Section 9)

Parameter Name Default Value Section(s) of Document
CHALLENGE_WINDOW 2 3.2
CHAP_SPI 2 8
HMAC_CHAP_SPI 3 8