[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [mobile-ip] Last Call: Mobility Support in IPv6 to ProposedStandard

To: Jari Arkko <jari.arkko@kolumbus.fi>
Subject: Re: [mobile-ip] Last Call: Mobility Support in IPv6 to ProposedStandard
From: Pekka Savola <pekkas@netcore.fi>
Date: Sat, 25 Jan 2003 07:35:26 +0200 (EET)
Cc: mobile-ip@sunroof.eng.sun.com, <iesg@ietf.org>
In-reply-to: <3E31E26B.20504@kolumbus.fi>

Hello,

I've continued the commentary of these issues under specific threads (Cc:  
only mobile-ip).

Below just a few really brief summaries..

On Sat, 25 Jan 2003, Jari Arkko wrote:
> Hello Pekka and thanks for your in-depth review!
> 
> Just a few quick comments below. For the rest, your e-mail has
> been filed as issues 232 through . (I'm hoping that folks can
> use an Subject line when discussing the individual items
> so its easier to track which issue we are discussing.)
> 
> * The special case NS hack is being discussed in another thread,
>    and that is filed as an issue #218. I believe folks are
>    coming up with a potentially less hackish solution for this.

Good.
 
> * The 160/128 bit entropy issue: I don't think entropy has been
>    a consideration in making the Kbm 20 bytes. Rather, where
>    Kbm is used (HMAC_SHA1) you can give a 20 byte input. RFC
>    2104 allows smaller lengths as well, but I'm not sure it
>    increases the security; it might even lower it. But yes,
>    the true entropy is what originally came into the system.
>    I still think we should not explicitly make the values
>    shorter. But did you want an explanation somewhere about
>    the implications of the size of the original inputs?

In short: yes. :-)
 
> * Appliances that don't have config knobs: I agree.
> 
> * Route BAs via home agent: I think we need them to go
>    directly to the sender. Otherwise, after a movement,
>    it is very hard to see an error response. Or?

HA should always have the up-to-date location.  This seems like an issue 
only if network latency of MN->HA is greater than MN->CN->HA.
 
> * Retransmissions and mandatory BAs -- I think you are
>    right, both A=1 and mandatory BA case needs to have
>    retransmission rules and state.

Ok.
 
> * DHAAD security considerations. I think we have discussed
>    this in the past.

I hope some of that would have ended up in sec cons then ;-).
 
> * Movement detection DAD & old addresses. I think all addresses
>    have to be DADed per existing RFCs, if we have indeed
>    seen a movement.

Perhaps not all -- globals are supposed to be globals and perhaps DAD for
them is a bit of a cornercase.

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

References:
- Re: [mobile-ip] Last Call: Mobility Support in IPv6 to Proposed Standard
  - From: Jari Arkko <jari.arkko@kolumbus.fi>

Prev by Date: Re: Draft Minutes for the January 23, 2003 Telechat
Next by Date: Re: Draft Minutes for the January 23, 2003 Telechat
Previous by thread: Re: [mobile-ip] Last Call: Mobility Support in IPv6 to Proposed Standard
Next by thread: Re: [mobile-ip] Last Call: Mobility Support in IPv6 to ProposedStandard
Index(es):
- Date
- Thread