Transport Layer Security-based Mobile IPv6 Security Framework for Mobile Node to Home Agent Communication
draft-ietf-mext-mip6-tls-04
| The information below is for an old version of the document | |||
|---|---|---|---|
| Document | Type | Active Internet-Draft (mext WG) | |
| Last updated | 2012-03-12 | ||
| Replaces | draft-korhonen-mext-mip6-altsec | ||
| Stream | IETF | ||
| Intended RFC status | Experimental | ||
| Formats | plain text pdf html bibtex | ||
| Stream | WG state | WG Document | |
| Document shepherd | None | ||
| IESG | IESG state | IESG Evaluation::AD Followup | |
| Consensus Boilerplate | Unknown | ||
| Telechat date |
Needs a YES. |
||
| Responsible AD | Jari Arkko | ||
| IESG note | Basavaraj Patil (Basavaraj.Patil@nokia.com) is the document shepherd. | ||
| Send notices to | mext-chairs@tools.ietf.org, draft-ietf-mext-mip6-tls@tools.ietf.org, Basavaraj.Patil@nokia.com | ||
Mobility Extensions (MEXT) J. Korhonen, Ed.
Internet-Draft Nokia Siemens Networks
Intended status: Experimental B. Patil
Expires: September 13, 2012 Nokia
H. Tschofenig
Nokia Siemens Networks
D. Kroeselberg
Siemens
March 12, 2012
Transport Layer Security-based Mobile IPv6 Security Framework for Mobile
Node to Home Agent Communication
draft-ietf-mext-mip6-tls-04.txt
Abstract
Mobile IPv6 signaling between a mobile node and its home agent is
secured using IPsec. The security association between a mobile node
and the home agent is established using IKEv1 or IKEv2. The security
model specified for Mobile IPv6, which relies on IKE/IPsec, requires
interaction between the Mobile IPv6 protocol component and the IKE/
IPsec module of the IP stack. This document proposes an alternate
security framework for Mobile IPv6 and Dual-Stack Mobile IPv6, which
relies on Transport Layer Security for establishing keying material
and other bootstrapping parameters required to protect Mobile IPv6
signaling and data traffic between the mobile node and home agent.
Status of this Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 13, 2012.
Copyright Notice
Copyright (c) 2012 IETF Trust and the persons identified as the
Korhonen, et al. Expires September 13, 2012 [Page 1]
Internet-Draft TLS-based MIPv6 Security Framework March 2012
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4
2. Terminology and Abbreviations . . . . . . . . . . . . . . . . 5
3. Background . . . . . . . . . . . . . . . . . . . . . . . . . . 5
4. TLS-based Security Establishment . . . . . . . . . . . . . . . 6
4.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . . 6
4.2. Architecture . . . . . . . . . . . . . . . . . . . . . . . 7
4.3. Security Association Management . . . . . . . . . . . . . 8
4.4. Bootstrapping of Additional Mobile IPv6 Parameters . . . . 10
4.5. Protecting Traffic Between Mobile Node and Home Agent . . 11
5. Mobile Node to Home Agent Controller Communication . . . . . . 11
5.1. Request-response Message Framing over TLS-tunnel . . . . . 11
5.2. Request-response Message Content Encoding . . . . . . . . 12
5.3. Request-Response Message Exchange . . . . . . . . . . . . 12
5.4. Home Agent Controller Discovery . . . . . . . . . . . . . 13
5.5. Generic Request-Response Parameters . . . . . . . . . . . 13
5.5.1. Mobile Node Identifier . . . . . . . . . . . . . . . . 13
5.5.2. Authentication Method . . . . . . . . . . . . . . . . 14
5.5.3. Extensible Authentication Protocol Payload . . . . . . 14
5.5.4. Status Code . . . . . . . . . . . . . . . . . . . . . 14
5.5.5. Message Authenticator . . . . . . . . . . . . . . . . 14
5.5.6. Retry After . . . . . . . . . . . . . . . . . . . . . 15
5.5.7. End of Message Content . . . . . . . . . . . . . . . . 15
5.5.8. Random Values . . . . . . . . . . . . . . . . . . . . 15
5.6. Security Association Configuration Parameters . . . . . . 15
5.6.1. Security Parameter Index . . . . . . . . . . . . . . . 16
5.6.2. MN-HA Shared Keys . . . . . . . . . . . . . . . . . . 16
Show full document text