[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IPsec and Mobile IPv6
Hi Francis,
> The second version of my draft about IPsec and Mobile IPv6 is
> available (name : draft-dupont-ipsec-mipv6-01.txt).
Your draft looks like a very useful analysis of various cases
regarding mobility and IPsec. But I still lack some practical
background information so that this work could be taken in account
in the relevant protocol descriptions. In particular, could you
classify your recommendations as
1) Those that restate something which already is in the
current protocol specifications (but perhaps not stated
clearly enough).
2) Those which fix something that would break MIPv6
security. Draft draft-ietf-mobileip-ipv6-18.txt uses IPsec
for a part of its security, namely for the HA - MN signaling.
A more detailed description including SPD entries can be
found from http://www.piuha.net/~jarkko/publications/mipv6/ipsec_usage.txt
3) Those which fix something that would break IPsec
when used for protecting regular payload traffic
in the presense of MIPv6.
4) Those that make IPsec work smoother, more efficiently, or
with less configuration when used together with mobility
or for the protection of mobility signaling.
5) Architectural long-term recommendations.
6) Something completely different.
In particular class 2 is interesting for completing the MIPv6 work,
as is class 3. From my initial understanding, your recommendations
can be classified as follows:
1) A, C1, C2, E1, E2, E3, G, H, I, K, M, O, Q
2) P [makes use of IKE for HA-MN security hard -- this is
very interesting, thanks!]
3) nothing?
4) B, F [and I think we were disagreeing on the mip list whether
these two are good goals], L1, L2, R
5) nothing?
6) D [of course!], J
unclear: N
Is this correct? How do we go about fixing P, is your recommendation
the only way to handle that? Is there anything in the MIPv6 documents
that you'd like to clarify in class 1?
Jari