[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Internal WG Review: MIPv6 Signaling and Handoff Optimization (mipshop)

[removing iesg-secretary; apologies for not doing so earlier - there is no action for them to take]

--On 11. september 2003 14:10 -0700 James Kempf <kempf@docomolabs-usa.com> wrote:

Harald,

I believe this is more correctly phrased as "If the mobile node no longer
has link connectivity with the old subnet, any packets...."

The obvious, but not always practical, solution to the problem (keeping
both links during handover) is impliclity alluded to later, under
"FMIPv6" (link preconfiguration), but is not mentioned explicitly
anywhere.


"Not always practical" is the operative phrase here. I often hear this
solution proposed, unfortunately, to my knowledge, there is only one
wireless link protocol that supports multiple handover legs for IP today
(Flarion's OFDM protocol) and it is not a particularly big contender
commercially. In particular, the "soft handover" approaches of wCDMA and
cdma2000 don't work for this purpose, the handover legs are effectively
invisible at the IP layer.

as long as you do intra-technology handover, and the handover is done in a way that's visible to the link layer as a handover, that's true.

if (for instance) you do GSM-to-Bluetooth handovers, there's no link between the link layers. And if we say "this is obvious" long enough, some link layer designer might get the point.........

And of course the obvious common question: Where are the security
requirements going to be developed....?
(HMIPv6 introduces an obvious point for man-in-the-middle attacks, which
may not even have to be on-link, for instance. So it's not security
neutral....)


HMIPv6 has some security currently, not sure if it addresses your
particular concern since it's been a while since I looked at the
document. The security considerations in the current FMIPv6 draft are
rather weak, there are some approaches that have been discussed in the
WG, most utilize IPsec in rather cumbersome ways or depend on as-yet
incomplete solutions like AAA key exchange. Erik Nordmark mentioned the
possibility of deferring specific security solutions for FMIPv6 until and
unless the work went from Experimental to Proposed Standard, don't know
whether that's a still viable proposition, but I think it may be
difficult to come up with anything clean in the short time period during
which this WG is expected to exist.

actually the requirements doc is where I'd expect to see security become a hot issue, exactly because of the long history of pushing security issues under the carpet in this environment.
For the protocols, if the intent is to let the experimental protocols out in the field with security that's inadequate for production use, I think the charter should say that (even though I know there will be heated debate about it in the public review....).

If that's not the intent, I think that should be obvious from the charter too.

One of the intents of the WG is to get the work published as Experimental,
since it has been underway for 3 years now, then sort out integrating the
various bits of handover related technology that are being done in various
parts of IETF within the IP Mobility Research group in IRTF, filling in
holes where necessary and coming up with a clean, integrated handover
solution having strong security. That would then be a possible candidate
for PS.

I understand that. My worry is truth in advertising in the charter text, so that we avoid having this debate when the protocols are on the IESG's plate for final review, not so much (at this stage) what the final solution is.

Harald