Thanks. This looks good. Some comments:
"We have chosen to require an encapsulation format for return
routability and payload packet protection which can only be
realized if the destination of the IPsec packets sent from the
home agent can be changed as the mobile node moves. One of the
main reasons for choosing such a format is that it removes the
overhead of twenty four bytes when a home address option or
routing header is added to the tunneled packet. Such an overhead
would not be significant for the protection of the return
routability packets, but would create an additional overhead if
IPsec is used to protect the tunneling of payload packets to the
home agent. This overhead may be significant for real-time
traffic. Given that the use of the shorter packet formats for
any traffic requires the existence of suitable APIs, we have
chosen to use the shorter packet formats also for the protection
"use" -> "require support for"
of the return routability packets. (Note that packet formats
and header ordering discussed in Section 3 must be supported,
but implementations may also support other formats. Some
implementations may therefore also support the protection of
payload packets using the home address as the gateway address.)
In order to support the care-of address as the gateway address
on the mobile node side, the home agent must act as if the
gateway address of a security association to the mobile node
would have changed upon movements. Implementations are free to
choose any particular method to make this change, such as using
an API to the IPsec implementation to change the parameters of
the security association, removing the security association and
installing a new one, or modification of the packet after it has
gone through IPsec processing. The only requirement is that
after registering a new binding at the home agent, the next
IPsec packets sent on this security association will be
addressed to the new care-of address."
One question that arises is how the MN and HA can use anything other than
the "mandatory to implement" encapsulation. For example, if an MN sends a
tunneled HOTI packet with SA=CoA and an HAO and the HA doesn't support it,
what happens? Presumably the HA sends an error message (which one?) and then
the MN MUST use the mandatory-to-implement encapsulation, no?
"Note that the difficulties with main mode and preshared secrets
in IKE version 1 are well known for dynamic addresses. With
static addresses, there has not been a problem. With Mobile
IPv6, however, the use of the care-of addresses to run IKE
towards the home agent presents a problem even when the home
address stays stable."
Might add "See Section 7 for details."