Re: [mobile-ip] Last Call: Mobility Support in IPv6 to Proposed Standard

[Jari Arkko <jari.arkko@kolumbus.fi>]

Hello Pekka and thanks for your in-depth review!

Just a few quick comments below. For the rest, your e-mail has
been filed as issues 232 through . (I'm hoping that folks can
use an Subject line when discussing the individual items
so its easier to track which issue we are discussing.)

* The special case NS hack is being discussed in another thread,
  and that is filed as an issue #218. I believe folks are
  coming up with a potentially less hackish solution for this.

* The 160/128 bit entropy issue: I don't think entropy has been
  a consideration in making the Kbm 20 bytes. Rather, where
  Kbm is used (HMAC_SHA1) you can give a 20 byte input. RFC
  2104 allows smaller lengths as well, but I'm not sure it
  increases the security; it might even lower it. But yes,
  the true entropy is what originally came into the system.
  I still think we should not explicitly make the values
  shorter. But did you want an explanation somewhere about
  the implications of the size of the original inputs?

* Appliances that don't have config knobs: I agree.

* Route BAs via home agent: I think we need them to go
  directly to the sender. Otherwise, after a movement,
  it is very hard to see an error response. Or?

* Retransmissions and mandatory BAs -- I think you are
  right, both A=1 and mandatory BA case needs to have
  retransmission rules and state.

* DHAAD security considerations. I think we have discussed
  this in the past.

* Movement detection DAD & old addresses. I think all addresses
  have to be DADed per existing RFCs, if we have indeed
  seen a movement.

Jari