[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [mobile-ip] Last Call: Mobility Support in IPv6 to Proposed Standard
Hello Pekka and thanks for your in-depth review!
Just a few quick comments below. For the rest, your e-mail has
been filed as issues 232 through . (I'm hoping that folks can
use an Subject line when discussing the individual items
so its easier to track which issue we are discussing.)
* The special case NS hack is being discussed in another thread,
and that is filed as an issue #218. I believe folks are
coming up with a potentially less hackish solution for this.
* The 160/128 bit entropy issue: I don't think entropy has been
a consideration in making the Kbm 20 bytes. Rather, where
Kbm is used (HMAC_SHA1) you can give a 20 byte input. RFC
2104 allows smaller lengths as well, but I'm not sure it
increases the security; it might even lower it. But yes,
the true entropy is what originally came into the system.
I still think we should not explicitly make the values
shorter. But did you want an explanation somewhere about
the implications of the size of the original inputs?
* Appliances that don't have config knobs: I agree.
* Route BAs via home agent: I think we need them to go
directly to the sender. Otherwise, after a movement,
it is very hard to see an error response. Or?
* Retransmissions and mandatory BAs -- I think you are
right, both A=1 and mandatory BA case needs to have
retransmission rules and state.
* DHAAD security considerations. I think we have discussed
this in the past.
* Movement detection DAD & old addresses. I think all addresses
have to be DADed per existing RFCs, if we have indeed
seen a movement.
Jari