Re: IPsec and Mobile IPv6

[Francis Dupont <Francis.Dupont@enst-bretagne.fr>]

 In your previous mail you wrote:

   I've revisited your classification:

       1A) [Already in IPsec specs]
           C1, C2, G, H, I, J, L1, L2, M, Q, R

       1B) [Already in Mobile IPv6 specs]
           A, E1, E2, E3, O

       2) [Fixes for Mobile IPv6]
          N, P

       3) [Fixes for IPsec in a Mobile IPv6 context]
          none

       4) [IPsec improvements for Mobile IPv6]
          B, F, K

       5) [Architectural long-term recommendations]
          Appendix B

       6) [Other stuffs]
          D, Appendix D

   Is there anything in the MIPv6 documents that you'd like to clarify
   in class 1?
   
=> I believe we should make the mobile VPN a subset of Mobile IPv6.
Mostly we have to relax the usage of tunnels between a CN and a MN,
in current specifications we have for the CN:
 - if the packet is not genuine (i.e., is forwarded):
   * nothing if the CN is not the HA
   * tunneling if the CN is the HA
 - lookup in the binding cache per CN address
   * nothing is no entry found, fallback to the previous case on the HA
   * routing header if a valid entry is found.
On a mobile VPN CNs have no BC and the SG takes the role of the HA but
it puts all packets in the tunnel, so I propose to relax the Mobile IPv6
rules in two ways:
 - tunneling may replace the routing header (this is useful for the
   mobile to mobile case too)
 - the only mandatory usage of a routing header is for signaling
   (i.e., for genuine packets with a mobile header).
For the MN, the obvious thing is to authorize tunneling in place of
the HAO for non-signaling traffic.

Regards

Francis.Dupont@enst-bretagne.fr