Download
1 / 4
40 likes | 149 Views
This draft addresses the interaction between DSMIPv6 and IKEv2, providing solutions for SA establishment and secure payload transmission. It emphasizes the optional use of Mobike and addresses tunnel SA changes. Security considerations have been updated with feedback from WG comments.
E N D
DSMIPv6 Updatedraft-ietf-mip6-nemo-v4traversal-06hesham@elevatemobile.com
Status • Draft finished WG LC with comments. • Most comments were editorial. • Major issue about the interaction between DSMIPv6 and IKEv2. • No consensus within the WG, therefore the security review resulted in the selection of a solution. No objections were raised after the security review. • Selected approach: Use RFC 3498 for SA establishment and for sending secure payload. Use DSMIPv6 tunnel to send BU/BA as described in the draft. • Assumption: UDP tunneling is NEVER used when the MN is in an IPv6-enabled network. • The use of Mobike is optional. • Issue addressed in the security considerations section in the draft after going through WG consensus.
Comments on the Security considerations section • Comment from Karen: Update of local SA in the MN should only be done after the receipt of the BA. • Comment from Karen: Mention that the type of tunnel SA may change from RFC4301 type tunneling to RFC 3498 (depending on whether a NAT is in the path) • Comment from Pasi: Mention that this NAT traversal solution has the same vulnerabilities as RFC 3519 and not UNSAF vulnerabilities (current draft mentions UNSAF). • Comment from Pasi, George, Vijay: The MN SHOULD deregister its RO BCEs with CNs when it moves from an IPv6 network to an IPv4 network. • Several editorial comments from George.
Next steps • Send a new security considerations section to the list after updating it based on the comments. This should happen ASAP. • Progress the draft to IESG?
