Secure Connectivity and Mobility Using Mobile IPv4 and IKEv2 Mobility and Multihoming (MOBIKE)
draft-ietf-mip4-mobike-connectivity-03

[Ballot discuss]
The security considerations points to mip4-vpn-problem-solution for a discussion of issues
that arise when an MN detects it is on a trusted network and drops th VPN tunnel, but I could
not find that discussion.

The other document is now on AD review. Have asked the IESG to look at this document again, now that the dependency is available for review.

[Ballot discuss]
This is more of a question than a discuss.  If the authentication
option is used on registration is enough integrity protected that a
fake registration reply cannot be created?

Also, please add text pointing out that the node must actually check
the authentication on the reply from the registration attempt before
deciding that it is n a trusted network.  I imagine an implementation

[Ballot comment]
From the SecDir Review by Eric Rescorla:

  Eric found Section 3 fairly hard to read because the diagram is so
  dense and all the different cases are run together.  Eric suggests
  breaking out all the cases into separate diagrams with explanation
  for each.  At minimum, each case should be labelled clearly
  and covered in a separate section in the accompanying text.

  Section 3.4.1 says:
  >
  > 1a.  Initiate an IKE mobility exchange to update the VPN gateway with
  >    the current address.  If the new network is also untrusted, this
  >    will be enough for setting up the connectivity.  If the new
  >    network is trusted, and if the VPN gateway is reachable, this
  >    exchange will allow the mobile node to keep the VPN state alive
  >    while on the trusted side.  If the VPN gateway is not reachable
  >    from inside, then this exchange will fail.
  >
  When should we expect this to fail?

  Section 3.4.1 also says:
  >
  > 2. If the mobile node receives a Registration Reply to the request
  >    sent in step 2, then the current subnet is a trusted subnet, and
  >    the mobile node can communicate without VPN tunneling.  The mobile
  >    node MAY tear down the VPN tunnel.
  >
  This should say "step 1b", right?

[Ballot comment]
Eric found Section 3 fairly hard to read because the diagram is so
  dense and all the different cases are run together.  Eric suggests
  breaking out all the cases into separate diagrams with explanation
  for each.  At minimum, each case should be labelled clearly
  and covered in a separate section in the accompanying text.

  Section 3.4.1 says:
  >
  > 1a.  Initiate an IKE mobility exchange to update the VPN gateway with
  >    the current address.  If the new network is also untrusted, this
  >    will be enough for setting up the connectivity.  If the new
  >    network is trusted, and if the VPN gateway is reachable, this
  >    exchange will allow the mobile node to keep the VPN state alive
  >    while on the trusted side.  If the VPN gateway is not reachable
  >    from inside, then this exchange will fail.
  >
  When should we expect this to fail?

  Section 3.4.1 also says:
  >
  > 2. If the mobile node receives a Registration Reply to the request
  >    sent in step 2, then the current subnet is a trusted subnet, and
  >    the mobile node can communicate without VPN tunneling.  The mobile
  >    node MAY tear down the VPN tunnel.
  >
  This should say "step 1b", right?

[Ballot discuss]
This document has a normative dependency on the expired draft
  draft-ietf-mip4-vpn-problem-solution-02.  I did not review the
  expired document, but it appears that the security mechanisms
  in this document depend on the security mechanisms in the
  expired document.  Further, Henrik Levkowetz indicates that he is
  preparing the Document Shepherd write-up of the expired draft, in
  order to submit a publication request.  He expects the authors to
  submit a new version of the expired document soon.  I think we
  should hold off on the approval of this document until we can see
  both documents together.

[Ballot comment]
Based on Gen-Art review by Miguel Garcia:

Third header line should start
  Intended Status: Best Current Practice

Section 2: the first and the last paragraphs in this section are the same. One of them should be deleted.

PROTO Write-up

> (1.a) Who is the Document Shepherd for this document? Has the
> Document Shepherd personally reviewed this version of the
> document and, in particular, does he or she believe this
> version is ready for forwarding to the IESG for publication?

Pete McCann is the document shepherd. Yes, I have personally reviewed
the document and it is ready for publication.

> (1.b) Has the document had adequate review both from key WG
members
> and from key non-WG members? Does the Document Shepherd
have
> any concerns about the depth or breadth of the reviews that
> have been performed?

The document went through 2 working group last calls and substantive
comments were received each time. All comments have been addressed
in the latest version.

> (1.c) Does the Document Shepherd have concerns that the document
> needs more review from a particular or broader perspective,
> e.g., security, operational complexity, someone familiar
with
> AAA, internationalization or XML?

The document is authored by knowledgeable IPSec experts, but perhaps
it could benefit from a more official security area review. The topic
of the draft is directly related to security, but many of the security
concerns are similar to the earlier Mobile IP VPN traversal mechanism
described in draft-ietf-mip4-vpn-problem-solution-02.txt.

> (1.d) Does the Document Shepherd have any specific concerns or
> issues with this document that the Responsible Area Director
> and/or the IESG should be aware of? For example, perhaps he
> or she is uncomfortable with certain parts of the document,
or
> has concerns whether there really is a need for it. In any
> event, if the WG has discussed those issues and has
indicated
> that it still wishes to advance the document, detail those
> concerns here.

No concerns.

> (1.e) How solid is the WG consensus behind this document? Does it
> represent the strong concurrence of a few individuals, with
> others being silent, or does the WG as a whole understand
and
> agree with it?

The document received pretty broad review during the two working group
last calls.

> (1.f) Has anyone threatened an appeal or otherwise indicated
extreme
> discontent? If so, please summarise the areas of conflict
in
> separate email messages to the Responsible Area Director.
(It
> should be in a separate email because this questionnaire is
> entered into the ID Tracker.)

No, there are no pending disagreements about the document.

> (1.g) Has the Document Shepherd personally verified that the
> document satisfies all ID nits? (See
> http://www.ietf.org/ID-Checklist.html and
> http://tools.ietf.org/tools/idnits/). Boilerplate checks
are
> not enough; this check needs to be thorough. Has the
document
> met all formal review criteria it needs to, such as the MIB
> Doctor, media type and URI type reviews?

No serious nits were found, but the following should be noted:

The document uses RFC 3978 boilerplate instead of RFC 4748 boilerplate.

In section 2, the key words usage statement appears twice, once at the
beginning of the section and once at the end.

In section 3.2, 3rd line, there is a repeated "address" in the text:
The
mobile node always configures a care-of address address through DHCP
Also in section 3.2, the word "the" is repeated in the text:
all times at the home agent mapping the the home address to the

Section 3.4.1:
sent in step 2,
should be:
sent in step 1b,

> (1.h) Has the document split its references into normative and
> informative? Are there normative references to documents
that
> are not ready for advancement or are otherwise in an unclear
> state? If such normative references exist, what is the
> strategy for their completion? Are there normative
references
> that are downward references, as described in [RFC3967]? If
> so, list these downward references to support the Area
> Director in the Last Call procedure for them [RFC3967].

Yes, the references are split. There is a normative reference to
draft-ietf-mip4-vpn-problem-solution-02, which is still in progress
but expected to go to BCP. No downward normative references exist.

> (1.i) Has the Document Shepherd verified that the document IANA
> consideration section exists and is consistent with the body
> of the document? If the document specifies protocol
> extensions, are reservations requested in appropriate IANA
> registries? Are the IANA registries clearly identified? If
> the document creates a new registry, does it define the
> proposed initial contents of the registry and an allocation
> procedure for future registrations? Does it suggested a
> reasonable name for the new registry? See
> [I-D.narten-iana-considerations-rfc2434bis]. If the
document
> describes an Expert Review process has Shepherd conferred
with
> the Responsible Area Director so that the IESG can appoint
the
> needed Expert during the IESG Evaluation?

The document has no IANA actions required, and contains a section 6 IANA
Considerations which states this explicitly.

> (1.j) Has the Document Shepherd verified that sections of the
> document that are written in a formal language, such as XML
> code, BNF rules, MIB definitions, etc., validate correctly
in
> an automated checker?

There are no such formal language constructs used in the document.

> (1.k) The IESG approval announcement includes a Document
> Announcement Write-Up. Please provide such a Document
> Announcement Writeup? Recent examples can be found in the
> "Action" announcements for approved documents. The approval
> announcement contains the following sections:
>
> Technical Summary

This document describes the interaction of Mobile IPv4 and MOBIKE.
The focus is on providing access to an enterprise or operator private
network where the mobile node can connect either directly on trusted
links or through a VPN gateway from the untrusted Internet. The
document outlines various scenarios for the different arrangements of
VPN and Mobile IP tunnels, and recommends procedures for execution
upon detection of mobility events.

> Working Group Summary

This document is a product of the Mobile IPv4 working group. It
has gone through 2 working group last calls and is mature and
ready for publication.

> Document Quality

Document quality is good.

> Personnel
> Who is the Document Shepherd for this document? Who is
the
> Responsible Area Director?

Document shepherd: Pete McCann
Responsible AD: Jari Arkko