datatracker.ietf.org
Sign in
Version 5.6.3, 2014-09-19
Report a bug

Authentication Protocol for Mobile IPv6
RFC 4285

Network Working Group                                           A. Patel
Request for Comments: 4285                                      K. Leung
Category: Informational                                    Cisco Systems
                                                               M. Khalil
                                                               H. Akhtar
                                                         Nortel Networks
                                                            K. Chowdhury
                                                        Starent Networks
                                                            January 2006

                Authentication Protocol for Mobile IPv6

Status of this Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2006).

IESG Note

   This RFC is not a candidate for any level of Internet Standard.  RFC
   3775 and 3776 define Mobile IPv6 and its security mechanism.  This
   document presents an alternate security mechanism for Mobile IPv6
   used in 3GPP2 networks.

   The security properties of this mechanism have not been reviewed in
   the IETF.  Conducting this review proved difficult because the
   standards-track security mechanism for Mobile IPv6 is tightly
   integrated into the protocol; extensions to Mobile IPv6 and the core
   documents make assumptions about the properties of the security model
   without explicitly stating what assumptions are being made.  There is
   no documented service model.  Thus it is difficult to replace the
   security mechanism and see if the current protocol and future
   extensions meet appropriate security requirements both under the
   original and new security mechanisms.  If a service model for Mobile
   IPv6 security is ever formally defined and reviewed, a mechanism
   similar to this one could be produced and fully reviewed.

   Section 1.1 of this document provides an applicability statement for
   this RFC.  The IESG recommends against the usage of this
   specification outside of environments that meet the conditions of
   that applicability statement.  In addition the IESG recommends those

Patel, et al.                Informational                      [Page 1]
RFC 4285        Authentication Protocol for Mobile IPv6     January 2006

   considering deploying or implementing this specification conduct a
   sufficient security review to meet the conditions of the environments
   in which this RFC will be used.

Abstract

   IPsec is specified as the means of securing signaling messages
   between the Mobile Node and Home Agent for Mobile IPv6 (MIPv6).
   MIPv6 signaling messages that are secured include the Binding Updates
   and Acknowledgement messages used for managing the bindings between a
   Mobile Node and its Home Agent.  This document proposes an alternate
   method for securing MIPv6 signaling messages between Mobile Nodes and
   Home Agents.  The alternate method defined here consists of a
   MIPv6-specific mobility message authentication option that can be
   added to MIPv6 signaling messages.

Table of Contents

   1. Introduction ....................................................3
      1.1. Applicability Statement ....................................3
   2. Overview ........................................................4
   3. Terminology .....................................................5
      3.1. General Terms ..............................................5
   4. Operational Flow ................................................6
   5. Mobility Message Authentication Option ..........................7
      5.1. MN-HA Mobility Message Authentication Option ...............8
           5.1.1. Processing Considerations ...........................9
      5.2. MN-AAA Mobility Message Authentication Option ..............9
           5.2.1. Processing Considerations ..........................10
      5.3. Authentication Failure Detection at the Mobile Node .......11
   6. Mobility Message Replay Protection Option ......................11
   7. Security Considerations ........................................13
   8. IANA Considerations ............................................14
   9. Acknowledgements ...............................................15
   10. References ....................................................15
      10.1. Normative References .....................................15
      10.2. Informative References ...................................15
   Appendix A. Rationale for mobility message replay protection
               option ................................................16

Patel, et al.                Informational                      [Page 2]

[include full document text]