Re: [Mobopts] Reviews on draft-irtf-mobopts-ro-enhancements-01

Hi Fan,

thanks for your comments on draft-irtf-mobopts-ro-enhancements-01.txt. There are some more outstanding modification that we have yet to do, so your comments will be considered for the 02 version.

Below are some responses to your comments from my side.

 > 1. The paragraph at the end of page 19, �It should be
 > mentioned that �� is very similar with the next paragraph.
 > Remove one?

Ooops, thanks for catching this. Yes, one paragraph should be enough. ;-)

 > 2. Is it better to list section 7.6 �Future Research� as a  > separate section, e.g. section 8?

Actually, it could, yes. One of the objectives why this draft was written was to provide directions for future research. So the topic should be important enough to make it a dedicated section (unless people in the group feel otherwise).

 > 3. Security analysis does not distinguish between eavesdropper
 > and man_in_middle. There are situations where malicious node
 > can only eavesdrop rather than intercept the message, for
 > example, in the Internet exchange point, ISP router may not
 > select a malicious router as the next hop because of its policy
 > but the malicious router can still eavesdrop the data traffic.
 > MIP6 network is a little bit less secure than normal IPv6 network
 > because an eavesdropper can turn itself into a man in the middle.
 > This also brings out another topic: how to detect the attack
 > reliably and without interfering other optimization approaches.

There is certainly a difference between an eavesdropper and a man-in-the-middle. Yet, I'm not quite sure that I fully understand the rest of what you are saying, in particular because your attacker sits in the MN's network. Are you aware of the IPsec-protected tunnel between the MN and its HA through which the Home Keygen Token will be brought to the MN?

 > 4. Hash chain could be an alternative to home address test (or in
 > other words, authentication of identity). It should be listed in
 > section 6, Enhancements Toolbox.

Do you need help?
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related irtf.org Links mobopts Request more information about Pantek

See below.

 > 5. draft-zhao-mobopts-rr-ext-00 discusses about the security
 > and performance improvement. It should be added to the reference
 > section.

Your draft was somewhere in my stack anyway. It's on top of it, now. ;-)

Your draft also talks about hash chains, which is good. Jari and I also did something in that direction in
draft-arkko-mipv6-binding-lifetime-extension-00.txt.

Regards,
- Christian

-- 
Christian Vogt, Institute of Telematics, University of Karlsruhe
www.tm.uka.de/~chvogt/pubkey/



Fan Zhao wrote:


> Dear Christian and Dear Jari,





_______________________________________________
Mobopts mailing list
Mobopts@irtf.org
https://www1.ietf.org/mailman/listinfo/mobopts