hi,
Jari Arkko wrote: > > > "basic functionality of a CN" has not been defined explicitly, IMO. > > Yes. Thanks for pointing this out. We should clarify the issue in the draft. > The intention was to say that Home Address Option processing is > mandatory on all nodes, while Route Optimization functionality is not > (mipv6 draft -15 says: "Mobile IPv6 defines four new IPv6 destination > options, including one that MUST be supported in packets received by > any node, whether mobile or stationary."). > > > The requirement that Home Address Option MUST be processed is nothing new; > > it's a requirement for every IPv6 node as currently being specified. > > Right, and this was what we've stated in earlier versions of the draft. A > note was, however, added to the latest version of our draft to indicate > that the Mobile IP WG is presently discussing what to do with the Home > Address Option and whether there are security issues in that as well > (as there were other security issues in the Binding Update Option). The above sentence needs to be put in a certain perspective. I think it is wrong it say the Mobile IP WG is wholeheartedly discussing this issue. It is more like that this issue has been forced upon the Mobile IP WG (like certain other security issues it was never meant to solve). And most people (who worked on Mobile IPv6 implementations for years) dont take part in these discussions either. We implementors (I can speak for a few people) were quite happy with Home address option, BU option and IPSec (we made it work with Mobile IPv6), until things started going wrong from December 2000 IETF onwards. regards Vijay > But frankly - as someone who wants to deploy zillions of these > devices soon - we are somewhat unsure how to proceed regarding > this issue. Since I know you Pekka were involved in the Home Address > Option discussion, perhaps you could comment on where do you think > the WG goes? Will it disallow the option unless accompanied by a > Binding Cache Entry established securely earlier? Will it throw away > the option and start to use tunneling? Or decide that there is no > security issue? Or perhaps we can't yet say for sure? > > Jari > > -------------------------------------------------------------------- > IETF IPng Working Group Mailing List > IPng Home Page: http://playground.sun.com/ipng > FTP archive: ftp://playground.sun.com/pub/ipng > Direct all administrative requests to [EMAIL PROTECTED] > -------------------------------------------------------------------- -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
