Hello Kathleen, You're right. .. sorry for late reply to Hilary's concern. Please see our reply below.
Regards Pierrick & Sri there is one security issue that is mentioned in RFC5213 that is exacerbated by the current draft. I.e., To address the threat related to a compromised mobile access gateway, the local mobility anchor, before accepting a Proxy Binding Update message for a given mobile node, may ensure that the mobile node is attached to the mobile access gateway that sent the Proxy Binding Update message. The RFC has no recommendation for a solution, but because there are now multiple tunnels, this assurance may be more difficult to obtain. >>> The use of multiple CoA’s on the MAG has no relation to the MAG compromise threat: there are multiple tunnels between a MAG and its corresponding LMA, but a single link from the mobile node and the MAG. So, from the mobile node perspective, there is no difference in comparison to the RFC5213. We thus have the same complexity to get assurance that a mobile node is attached to the “right” MAG is exactly the same. Is there any reason to worry about reuse of CoAs? Could packets from one tunnel get a CoA that was recently used by another tunnel, and could delayed packets get routed through the wrong tunnel? Just asking. >> >> well, LMA creates a tunnel to a given CoA and adds a HoA route only after >> >> a PBU/PBA exchange. In the rare scenario of a CoA getting moved between >> >> MAG’s, any packets in transit would have cleared as there is a PBU/PBA >> >> exchange needs to happen and that has sufficient time to eliminate the >> >> possibilities related to reordering. So, not really a worry. Sent from my cell phone, mind the typos. -------- Message d'origine -------- De : Kathleen Moriarty <[email protected]> Date : 01/08/2017 22:13 (GMT+01:00) À : The IESG <[email protected]> Cc : [email protected], Jouni Korhonen <[email protected]>, [email protected], [email protected], [email protected] Objet : Kathleen Moriarty's Discuss on draft-ietf-dmm-mag-multihoming-04: (with DISCUSS) Kathleen Moriarty has entered the following ballot position for draft-ietf-dmm-mag-multihoming-04: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-dmm-mag-multihoming/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- Thanks for your work on this draft. I had the same concern as the SecDir reviewer in reading the draft, the concern about leaking traffic as a result of multiple tunnels is not addressed in the security considerations section. Hilary's writeup is quite helpful https://www.ietf.org/mail-archive/web/secdir/current/msg07446.html _________________________________________________________________________________________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you.
_______________________________________________ dmm mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmm
