rossi kamal | 1 Aug 17:58 2008
Picon

mobile ipv6 routing optimization security

Hi

I want to know about mobile ipv6 routing optimization security....
Can anyone give me guidelines?I have read related rfcs,drafts & some papers.
In fact willing to work on its recent problems and solutions....So it
would be better if there is someone who can give me some
indication,,,So i can proceed right way

Thanks

Rossi
CSEDU
Vijay Devarapalli | 4 Aug 18:59 2008

Volunteering for the Nomcom

Folks,

Nomcom plays a very important role in the IETF process by appointing
folks to the IESG, IAB and IAOC. Please volunteer for the Nomcom. See
the following URL for more information about the Nomcom and volunteering
for the Nomcom.

https://datatracker.ietf.org/ann/nomcom/1617/

Vijay

Re: AAA-based Handover Keys

Vijay, is there any chance that FMIPv6 will ever see some deployment? 

Ciao
Hannes

>-----Original Message-----
>From: mipshop-bounces <at> ietf.org 
>[mailto:mipshop-bounces <at> ietf.org] On Behalf Of ext Vijay Devarapalli
>Sent: 30 July, 2008 20:49
>To: mipshop <at> ietf.org
>Subject: [Mipshop] AAA-based Handover Keys
>
>Hello Folks,
>
>We didn't get a chance to discuss the next steps on AAA-based 
>handover keys. We ran out of time. Here are some observations.
> 
>For progressing FMIPv6 to Proposed Standard, we have 
>standardized one mechanism based on SeND. I don't expect this 
>mechanism to be implemented by anyone. This could change if 
>SeND does get deployed, but that might take some time.
>
>There are some solutions available for AAA-based handover keys.
>
>- There is one draft from Alper that talks about deriving the 
>MN-AR key assuming that there is some sort of shared key 
>between the mobile node and the access router.
>- The second one is from Vidya that defines a new protocol 
>with message exchange between the mobile node, the access 
>router and the handover keying server (presumably on the AAA) 
(Continue reading)

Koodli, Rajeev | 13 Aug 20:49 2008

Re: AAA-based Handover Keys


Hello Hannes,

See: http://www.3gpp2.org/Public_html/IETF/IETF_Dependencies.cfm

The Fast Handovers for PMIPv6 is being used for eHRPD - LTE Interworking
and Network Evolution (3GPP2 documents X.P0057 and X.P0054
respectively).

Regards,

-Rajeev

> -----Original Message-----
> From: mipshop-bounces <at> ietf.org [mailto:mipshop-bounces <at> ietf.org] On
Behalf
> Of Tschofenig, Hannes (NSN - FI/Espoo)
> Sent: Wednesday, August 13, 2008 12:44 AM
> To: ext Vijay Devarapalli; mipshop <at> ietf.org
> Subject: Re: [Mipshop] AAA-based Handover Keys
> 
> Vijay, is there any chance that FMIPv6 will ever see some deployment?
> 
> Ciao
> Hannes
> 
> >-----Original Message-----
> >From: mipshop-bounces <at> ietf.org
> >[mailto:mipshop-bounces <at> ietf.org] On Behalf Of ext Vijay Devarapalli
> >Sent: 30 July, 2008 20:49
(Continue reading)

Hannes Tschofenig | 13 Aug 20:57 2008
Picon
Picon

Re: AAA-based Handover Keys

Thanks for the pointer.

So, what security mechanisms are they going to use? AAA based, SeND 
based or ???.

Koodli, Rajeev wrote:
> Hello Hannes,
>
> See: http://www.3gpp2.org/Public_html/IETF/IETF_Dependencies.cfm
>
> The Fast Handovers for PMIPv6 is being used for eHRPD - LTE Interworking
> and Network Evolution (3GPP2 documents X.P0057 and X.P0054
> respectively).
>
> Regards,
>
> -Rajeev
>
>
>   
>> -----Original Message-----
>> From: mipshop-bounces <at> ietf.org [mailto:mipshop-bounces <at> ietf.org] On
>>     
> Behalf
>   
>> Of Tschofenig, Hannes (NSN - FI/Espoo)
>> Sent: Wednesday, August 13, 2008 12:44 AM
>> To: ext Vijay Devarapalli; mipshop <at> ietf.org
>> Subject: Re: [Mipshop] AAA-based Handover Keys
>>
(Continue reading)

Vijay Devarapalli | 13 Aug 22:40 2008

Re: AAA-based Handover Keys

> Vijay, is there any chance that FMIPv6 will ever see some deployment? 

Hard to say.

The proxy version of FMIPv6 might see some deployment. But there is no
L3 signaling between the MN and the access router. So the proxy version
does not have to worry about MN-AR security. 

Vijay

> 
> Ciao
> Hannes
> 
> >-----Original Message-----
> >From: mipshop-bounces <at> ietf.org 
> >[mailto:mipshop-bounces <at> ietf.org] On Behalf Of ext Vijay Devarapalli
> >Sent: 30 July, 2008 20:49
> >To: mipshop <at> ietf.org
> >Subject: [Mipshop] AAA-based Handover Keys
> >
> >Hello Folks,
> >
> >We didn't get a chance to discuss the next steps on AAA-based 
> >handover keys. We ran out of time. Here are some observations.
> > 
> >For progressing FMIPv6 to Proposed Standard, we have 
> >standardized one mechanism based on SeND. I don't expect this 
> >mechanism to be implemented by anyone. This could change if 
> >SeND does get deployed, but that might take some time.
(Continue reading)

Re: AAA-based Handover Keys

Wouldn't FMIPv6 deployment depend a bit on MIPv6 deployment and that
again on IPv6 deployment. 

If someone would want to deploy a version with no end host impact
wouldn't they rather jump to PMIP? 

Ciao
Hannes

>-----Original Message-----
>From: ext Vijay Devarapalli [mailto:vijay <at> wichorus.com] 
>Sent: 13 August, 2008 23:41
>To: Tschofenig, Hannes (NSN - FI/Espoo); mipshop <at> ietf.org
>Subject: RE: [Mipshop] AAA-based Handover Keys
>
>> Vijay, is there any chance that FMIPv6 will ever see some 
>deployment? 
>
>Hard to say.
>
>The proxy version of FMIPv6 might see some deployment. But there is no
>L3 signaling between the MN and the access router. So the 
>proxy version does not have to worry about MN-AR security. 
>
>Vijay
>
>> 
>> Ciao
>> Hannes
>> 
(Continue reading)

li.chunqiang | 14 Aug 14:22 2008

Re: AAA-based Handover Keys

Hi all,

After successful access  authentication, the authentication server 
transports the Master Session Key(MSK) to the authenticator.  The underlying 
L3  protocol can uses the MSK to derive additional keys.  Generally, the 
MSK is used for bootstrapping the security associations for the  access link 
between the mobile node and the network.The access authentication is to 
authorize the Mobile Node to obtain  the access link's network services; and 
FMIPv6 denotes that MN still continues to use the network services provided 
by the previous link,  therefore, applied the access authentication key to 
protect the FMIPv6 signaling is reasonable.

***************************************************************************************
This e-mail and its attachments contain confidential information from 
HUAWEI, which is intended only for the person or entity whose address is 
listed above. Any use of the information contained herein in any way 
(including, but not limited to, total or partial disclosure, reproduction, 
or dissemination) by persons other than the intended recipient(s) is 
prohibited. If you receive this e-mail in error, please notify the sender by 
phone or email immediately and delete it!
*****************************************************************************************

----- Original Message ----- 
From: "Vijay Devarapalli" <vijay <at> wichorus.com>
To: <mipshop <at> ietf.org>
Sent: Thursday, July 31, 2008 1:49 AM
Subject: [Mipshop] AAA-based Handover Keys

> Hello Folks,
>
(Continue reading)

Vijay Devarapalli | 14 Aug 16:38 2008

Re: AAA-based Handover Keys

On 8/14/08 12:11 AM, "Tschofenig, Hannes (NSN - FI/Espoo)"
<hannes.tschofenig <at> nsn.com> wrote:

> Wouldn't FMIPv6 deployment depend a bit on MIPv6 deployment and that
> again on IPv6 deployment.

FMIPv6 can be used to optimize any IPv6 handover, not just MIPv6. For
example one could imagine FMIPv6 providing a fast handover for a MOBIKE
solution. You could have FMIPv6 signaling binding the old access IP address
to the new access IP address, and tunneling between the old access router
and the new access router. IPv6 deployment on the access will of course have
to happen first.

> If someone would want to deploy a version with no end host impact
> wouldn't they rather jump to PMIP?

Sure.

Vijay

> 
> Ciao
> Hannes
>  
> 
>> -----Original Message-----
>> From: ext Vijay Devarapalli [mailto:vijay <at> wichorus.com]
>> Sent: 13 August, 2008 23:41
>> To: Tschofenig, Hannes (NSN - FI/Espoo); mipshop <at> ietf.org
>> Subject: RE: [Mipshop] AAA-based Handover Keys
(Continue reading)

Hannes Tschofenig | 14 Aug 16:42 2008
Picon
Picon

Re: AAA-based Handover Keys

Are you suggesting anything specifically?

li.chunqiang <at> huawei.com wrote:
> Hi all,
>
> After successful access  authentication, the authentication server 
> transports the Master Session Key(MSK) to the authenticator.  The 
> underlying L3  protocol can uses the MSK to derive additional keys.  
> Generally, the MSK is used for bootstrapping the security associations 
> for the  access link between the mobile node and the network.The 
> access authentication is to authorize the Mobile Node to obtain  the 
> access link's network services; and FMIPv6 denotes that MN still 
> continues to use the network services provided by the previous link,  
> therefore, applied the access authentication key to protect the FMIPv6 
> signaling is reasonable.
>
>
>
> *************************************************************************************** 
>
> This e-mail and its attachments contain confidential information from 
> HUAWEI, which is intended only for the person or entity whose address 
> is listed above. Any use of the information contained herein in any 
> way (including, but not limited to, total or partial disclosure, 
> reproduction, or dissemination) by persons other than the intended 
> recipient(s) is prohibited. If you receive this e-mail in error, 
> please notify the sender by phone or email immediately and delete it!
> ***************************************************************************************** 
>
>
(Continue reading)


Gmane