In your previous mail you wrote: About section 2 on Correspondent Nodes; could you elaborate in the document why exactly solution is too drastic?
=> because this gives no choice between bidirectional tunnel and route optimization, so in some cases mobile IPv6 becomes far less attractive. The real impact depends on how mobile IPv6 is used, in fact one can argue that bidirectional tunnels are enough, but I don't believe that mobile-ip list members will agree... Note that BCE check is not the only way to ensure legitimity of HAO: if it's secured by AH, it's ok; if some SUCV/.. weak authentication method is used, it's probably also ok; the same might even apply to return routability. It's too early to crush CN solutions. => these CN solutions have the same cost than full routing optimization, so I consider them as BCE check variants. (I think the solution for HAO should most likely consist of two separate, "strong-enough" layers, one mandated at CN, one possible at firewalls, but that's not the topic of this draft). => one mandated at CN == no third choice. Note: it seems every site, even if it had only a few MN's, will have to have AAA infrastructure, so that it could interact, certify etc. home address use for remote AAA systems when MN goes roaming and there's a need to punch a hole in ingress filtering of remote sites. => I don't know if the "remote sites" are home sites (sites with home agents) or correspondent sites (sites with correspondent nodes). In the last case the only issue is the iDDoS because both care-of and home addresses are external. In the first case one can rely on home registrations (which have to be strongly secured) in order to understand what happens (and what HAO are valid), in fact this is just remote network access control (in AAA terms this can be done directly (IKE with certificate for instance) or (better because simpler) using the local/visited AAA system as a mediator, note the issue is for first home registrations because they have to create security contexts). (If this is the approach for security, it should be required in the main MIPv6 draft). => I disagree, the iDDoS security threat is not a major one because ingress filtering is not really mandatory. The purpose of my draft is not to fill the hole, it is to get back the previous (i.e. before HAO) situation. Or have I missed something? This seems unnecessary in many environments, e.g. university campus area WLAN or company's internal network. => this depends on where are the visited, home and correspondent domains. For an university campus area WLAN home agents are in campus area too so a bidirectional tunnel with a good local security seems enough (i.e. visited domain = home domain with home agents in the path between MNs and CNs). In a company internal network all three domains are the same so there is no security problems as soon as basic security (i.e. no physical intruders) is enforced. Regards [EMAIL PROTECTED] -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
