[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Internal WG Review: MIPv6 Signaling and Handoff Optimization (mipshop)

> > Additionally, there are new security issues that arise because of
> > the highly dynamic nature of the security relationships between, say,
> > a mobile node and its mobility anchor points, or--to an even greater
> > extreme--between a mobile node and its access routers in a fast handover
> > scenario. These new problems are not yet entirely understood and
> > may not be conclusively solved in the experimental and informational
> > protocol specifications produced by the working group. Nevertheless,
> > the working group will document the shortcomings in the corresponding
> > protocol specifications.  This will provide valuable feedback to other
> > groups or subsequent efforts.
>
> I believe the issues (wiretap, man in the middle, denial of service) are
> not new at all, and fairly well understood. We just don't know how to
solve
> them.
>

Agree.

> Suggested reformulation:
>
> "There are security issues that arise because of the highly dynamic nature
> of the security relationships between, say, a mobile node and its mobility
> anchor points, or - to an even greater extent - between a mobile node and
> its access routers in a fast handover scenario.
> The working group is not required to provide solutions to all these issues
> before publishing its experimental protocol specifications.
> The working group will document the security requirements and the
> shortcomings of the solutions in the corresponding protocol
specifications.
> This will provide valuable feedback to other groups or subsequent
efforts."
>
>

I don't believe that the security issues are any greater or less between a
mobile node and an anchor point or a mobile node and a router. If you
believe the argument that the routing fabric is the only thing you can
really trust (which is the basis of return routability), then, actually, the
router would be safer. The mobility anchor point is a middle box, and a
routing middle box at that. The security issues there are the standard ones
with middleboxes, as outlined in RFC 3238, in addition to those that arise
from mobility not dealt with in that RFC. I would remove the "to an even
greater extent". The only issue with FMIP is that nobody has done a
systematic examination of threats. The threats to the mobility anchor point
are similar enough to the home agent that they've been able to leverage the
analysis done for the base draft; however, there are a few additional issues
that arise around essentially dynamically assigning a local home agent that
have not been sufficiently analysed IMHO.

            jak