Skip to main content

Secure Connectivity and Mobility Using Mobile IPv4 and IKEv2 Mobility and Multihoming (MOBIKE)
draft-ietf-mip4-mobike-connectivity-03

Revision differences

Document history

Date Rev. By Action
2012-08-22
03 (System) post-migration administrative database adjustment to the No Objection position for Tim Polk
2012-08-22
03 (System) post-migration administrative database adjustment to the No Objection position for Sam Hartman
2012-08-22
03 (System) post-migration administrative database adjustment to the No Objection position for Russ Housley
2008-02-27
03 Amy Vezza State Changes to RFC Ed Queue from Approved-announcement sent by Amy Vezza
2008-02-25
03 (System) IANA Action state changed to No IC from In Progress
2008-02-25
03 (System) IANA Action state changed to In Progress
2008-02-25
03 Amy Vezza IESG state changed to Approved-announcement sent
2008-02-25
03 Amy Vezza IESG has approved the document
2008-02-25
03 Amy Vezza Closed "Approve" ballot
2008-02-22
03 (System) Removed from agenda for telechat - 2008-02-21
2008-02-21
03 Cindy Morgan State Changes to Approved-announcement to be sent from IESG Evaluation::External Party by Cindy Morgan
2008-02-20
03 Lisa Dusseault [Ballot Position Update] New position, No Objection, has been recorded by Lisa Dusseault
2008-02-06
03 Amy Vezza [Ballot Position Update] Position for Sam Hartman has been changed to No Objection from Discuss by Amy Vezza
2008-02-05
03 Jari Arkko Put back to the agenda to resolve discusses
2008-02-05
03 Jari Arkko Placed on agenda for telechat - 2008-02-21 by Jari Arkko
2008-01-30
03 Tim Polk [Ballot Position Update] Position for Tim Polk has been changed to No Objection from Undefined by Tim Polk
2008-01-30
03 Tim Polk [Ballot Position Update] Position for Tim Polk has been changed to Undefined from Discuss by Tim Polk
2008-01-15
03 Jari Arkko State Changes to IESG Evaluation::External Party from AD Evaluation::External Party by Jari Arkko
2008-01-15
03 Jari Arkko mistake in the state change.
2008-01-15
03 Jari Arkko State Changes to AD Evaluation::External Party from IESG Evaluation::External Party by Jari Arkko
2008-01-15
03 Jari Arkko Waiting for a re-review from Sam and Tim.
2007-11-30
03 Jari Arkko State Changes to IESG Evaluation::External Party from IESG Evaluation::AD Followup by Jari Arkko
2007-11-30
03 Jari Arkko Waiting for the reference to progress.
2007-11-29
03 Amy Vezza State Changes to IESG Evaluation::AD Followup from IESG Evaluation by Amy Vezza
2007-11-29
03 David Ward [Ballot Position Update] New position, No Objection, has been recorded by David Ward
2007-11-29
03 Tim Polk
[Ballot discuss]
The security considerations points to mip4-vpn-problem-solution for a discussion of issues
that arise when an MN detects it is on a trusted network …
[Ballot discuss]
The security considerations points to mip4-vpn-problem-solution for a discussion of issues
that arise when an MN detects it is on a trusted network and drops th VPN tunnel, but I could
not find that discussion.
2007-11-29
03 Tim Polk [Ballot Position Update] New position, Discuss, has been recorded by Tim Polk
2007-11-29
03 Chris Newman [Ballot comment]
Carrying forward Ted's no objection position.  I did not re-review the
document.
2007-11-29
03 Chris Newman [Ballot Position Update] New position, No Objection, has been recorded by Chris Newman
2007-11-28
03 Sam Hartman [Ballot discuss]
The concerns on vpn-problem-solution network detection also apply to
this document; any solution should apply to both.
2007-11-28
03 Sam Hartman [Ballot Position Update] Position for Sam Hartman has been changed to Discuss from No Objection by Sam Hartman
2007-11-28
03 Ron Bonica [Ballot Position Update] New position, No Objection, has been recorded by Ron Bonica
2007-11-28
03 Cullen Jennings [Ballot Position Update] New position, No Objection, has been recorded by Cullen Jennings
2007-11-27
03 Russ Housley [Ballot Position Update] Position for Russ Housley has been changed to No Objection from Discuss by Russ Housley
2007-11-13
03 Jari Arkko
The other document is now on AD review. Have asked the IESG to look at this document again, now that the dependency is available for …
The other document is now on AD review. Have asked the IESG to look at this document again, now that the dependency is available for review.
2007-11-13
03 Jari Arkko State Changes to IESG Evaluation from IESG Evaluation::External Party by Jari Arkko
2007-11-13
03 Jari Arkko Placed on agenda for telechat - 2007-11-29 by Jari Arkko
2007-11-13
03 Jari Arkko [Note]: 'Document Shepherd is <pete.mccann@motorola.com>' added by Jari Arkko
2007-03-13
03 Sam Hartman [Ballot Position Update] Position for Sam Hartman has been changed to No Objection from Discuss by Sam Hartman
2007-03-06
03 Jari Arkko State Changes to IESG Evaluation::External Party from IESG Evaluation::AD Followup by Jari Arkko
2007-03-06
03 Jari Arkko [Note]: 'Document Shepherd is <pete.mccann@motorola.com>
WAITING UNTIL mip4-vpn-problem-solution IS ALSO ON THE IESG PLATE' added by Jari Arkko
2007-03-05
03 (System) Sub state has been changed to AD Follow up from New Id Needed
2007-03-05
03 (System) New version available: draft-ietf-mip4-mobike-connectivity-03.txt
2007-02-12
03 Samuel Weiler Request for Last Call review by SECDIR Completed. Reviewer: Eric Rescorla.
2007-02-08
03 (System) [Ballot Position Update] New position, No Objection, has been recorded for Mark Townsley by IESG Secretary
2007-02-08
03 (System) [Ballot Position Update] New position, No Objection, has been recorded for Bill Fenner by IESG Secretary
2007-02-08
03 Jari Arkko State Changes to IESG Evaluation::Revised ID Needed from IESG Evaluation by Jari Arkko
2007-02-08
03 Jari Arkko Needs to come back when vpn-solution is on the IESG agenda too. In the meantime authors should address the other issues raised in Ekr's review.
2007-02-08
03 Ross Callon [Ballot Position Update] New position, No Objection, has been recorded by Ross Callon
2007-02-08
03 Amy Vezza State Changes to IESG Evaluation from Waiting for AD Go-Ahead by Amy Vezza
2007-02-08
03 Sam Hartman
[Ballot discuss]
This is more of a question than a discuss.  If the authentication
option is used on registration is enough integrity protected that a …
[Ballot discuss]
This is more of a question than a discuss.  If the authentication
option is used on registration is enough integrity protected that a
fake registration reply cannot be created?

Also, please add text pointing out that the node must actually check
the authentication on the reply from the registration attempt before
deciding that it is n a trusted network.  I imagine an implementation
2007-02-08
03 Jon Peterson [Ballot Position Update] New position, No Objection, has been recorded by Jon Peterson
2007-02-08
03 Sam Hartman [Ballot Position Update] New position, Discuss, has been recorded by Sam Hartman
2007-02-08
03 David Kessens [Ballot Position Update] New position, No Objection, has been recorded by David Kessens
2007-02-07
03 Ted Hardie [Ballot Position Update] New position, No Objection, has been recorded by Ted Hardie
2007-02-06
03 (System) State has been changed to Waiting for AD Go-Ahead from In Last Call by system
2007-02-06
03 Dan Romascanu [Ballot Position Update] New position, No Objection, has been recorded by Dan Romascanu
2007-02-06
03 Russ Housley
[Ballot comment]
From the SecDir Review by Eric Rescorla:

  Eric found Section 3 fairly hard to read because the diagram is so
  dense …
[Ballot comment]
From the SecDir Review by Eric Rescorla:

  Eric found Section 3 fairly hard to read because the diagram is so
  dense and all the different cases are run together.  Eric suggests
  breaking out all the cases into separate diagrams with explanation
  for each.  At minimum, each case should be labelled clearly
  and covered in a separate section in the accompanying text.

  Section 3.4.1 says:
  >
  > 1a.  Initiate an IKE mobility exchange to update the VPN gateway with
  >    the current address.  If the new network is also untrusted, this
  >    will be enough for setting up the connectivity.  If the new
  >    network is trusted, and if the VPN gateway is reachable, this
  >    exchange will allow the mobile node to keep the VPN state alive
  >    while on the trusted side.  If the VPN gateway is not reachable
  >    from inside, then this exchange will fail.
  >
  When should we expect this to fail?

  Section 3.4.1 also says:
  >
  > 2. If the mobile node receives a Registration Reply to the request
  >    sent in step 2, then the current subnet is a trusted subnet, and
  >    the mobile node can communicate without VPN tunneling.  The mobile
  >    node MAY tear down the VPN tunnel.
  >
  This should say "step 1b", right?
2007-02-06
03 Russ Housley
[Ballot comment]
Eric found Section 3 fairly hard to read because the diagram is so
  dense and all the different cases are run together.  …
[Ballot comment]
Eric found Section 3 fairly hard to read because the diagram is so
  dense and all the different cases are run together.  Eric suggests
  breaking out all the cases into separate diagrams with explanation
  for each.  At minimum, each case should be labelled clearly
  and covered in a separate section in the accompanying text.

  Section 3.4.1 says:
  >
  > 1a.  Initiate an IKE mobility exchange to update the VPN gateway with
  >    the current address.  If the new network is also untrusted, this
  >    will be enough for setting up the connectivity.  If the new
  >    network is trusted, and if the VPN gateway is reachable, this
  >    exchange will allow the mobile node to keep the VPN state alive
  >    while on the trusted side.  If the VPN gateway is not reachable
  >    from inside, then this exchange will fail.
  >
  When should we expect this to fail?

  Section 3.4.1 also says:
  >
  > 2. If the mobile node receives a Registration Reply to the request
  >    sent in step 2, then the current subnet is a trusted subnet, and
  >    the mobile node can communicate without VPN tunneling.  The mobile
  >    node MAY tear down the VPN tunnel.
  >
  This should say "step 1b", right?
2007-02-06
03 Russ Housley
[Ballot discuss]
This document has a normative dependency on the expired draft
  draft-ietf-mip4-vpn-problem-solution-02.  I did not review the
  expired document, but it appears …
[Ballot discuss]
This document has a normative dependency on the expired draft
  draft-ietf-mip4-vpn-problem-solution-02.  I did not review the
  expired document, but it appears that the security mechanisms
  in this document depend on the security mechanisms in the
  expired document.  Further, Henrik Levkowetz indicates that he is
  preparing the Document Shepherd write-up of the expired draft, in
  order to submit a publication request.  He expects the authors to
  submit a new version of the expired document soon.  I think we
  should hold off on the approval of this document until we can see
  both documents together.
2007-02-06
03 Russ Housley [Ballot Position Update] New position, Discuss, has been recorded by Russ Housley
2007-02-05
03 Lars Eggert [Ballot Position Update] New position, No Objection, has been recorded by Lars Eggert
2007-02-05
03 Magnus Westerlund [Ballot Position Update] New position, No Objection, has been recorded by Magnus Westerlund
2007-02-02
03 Brian Carpenter [Ballot Position Update] New position, No Objection, has been recorded by Brian Carpenter
2007-02-02
03 Brian Carpenter
[Ballot comment]
Based on Gen-Art review by Miguel Garcia:

Third header line should start
  Intended Status: Best Current Practice

Section 2: the first and …
[Ballot comment]
Based on Gen-Art review by Miguel Garcia:

Third header line should start
  Intended Status: Best Current Practice

Section 2: the first and the last paragraphs in this section are the same. One of them should be deleted.
2007-02-01
03 Jari Arkko Placed on agenda for telechat - 2007-02-08 by Jari Arkko
2007-02-01
03 Jari Arkko [Ballot Position Update] New position, Yes, has been recorded for Jari Arkko
2007-02-01
03 Jari Arkko Ballot has been issued by Jari Arkko
2007-02-01
03 Jari Arkko Created "Approve" ballot
2007-02-01
03 Samuel Weiler Request for Last Call review by SECDIR is assigned to Eric Rescorla
2007-02-01
03 Samuel Weiler Request for Last Call review by SECDIR is assigned to Eric Rescorla
2007-01-31
03 Yoshiko Fong IANA Last Call Comment:

As stated in the IANA Considerations section, IANA understands
that there are no IANA Actions required upon approval of this
document.
2007-01-23
03 Amy Vezza Last call sent
2007-01-23
03 Amy Vezza State Changes to In Last Call from Last Call Requested by Amy Vezza
2007-01-23
03 Jari Arkko AD review revealed no issues.
2007-01-23
03 Jari Arkko State Changes to Last Call Requested from AD Evaluation by Jari Arkko
2007-01-23
03 Jari Arkko Last Call was requested by Jari Arkko
2007-01-23
03 (System) Ballot writeup text was added
2007-01-23
03 (System) Last call text was added
2007-01-23
03 (System) Ballot approval text was added
2007-01-23
03 Jari Arkko State Changes to AD Evaluation from Publication Requested by Jari Arkko
2007-01-22
03 Jari Arkko Intended Status has been changed to BCP from Proposed Standard
2007-01-22
03 Dinara Suleymanova
PROTO Write-up

> (1.a) Who is the Document Shepherd for this document? Has the
> Document Shepherd personally reviewed this version of the
> document …
PROTO Write-up

> (1.a) Who is the Document Shepherd for this document? Has the
> Document Shepherd personally reviewed this version of the
> document and, in particular, does he or she believe this
> version is ready for forwarding to the IESG for publication?

Pete McCann is the document shepherd. Yes, I have personally reviewed
the document and it is ready for publication.

> (1.b) Has the document had adequate review both from key WG
members
> and from key non-WG members? Does the Document Shepherd
have
> any concerns about the depth or breadth of the reviews that
> have been performed?

The document went through 2 working group last calls and substantive
comments were received each time. All comments have been addressed
in the latest version.

> (1.c) Does the Document Shepherd have concerns that the document
> needs more review from a particular or broader perspective,
> e.g., security, operational complexity, someone familiar
with
> AAA, internationalization or XML?

The document is authored by knowledgeable IPSec experts, but perhaps
it could benefit from a more official security area review. The topic
of the draft is directly related to security, but many of the security
concerns are similar to the earlier Mobile IP VPN traversal mechanism
described in draft-ietf-mip4-vpn-problem-solution-02.txt.

> (1.d) Does the Document Shepherd have any specific concerns or
> issues with this document that the Responsible Area Director
> and/or the IESG should be aware of? For example, perhaps he
> or she is uncomfortable with certain parts of the document,
or
> has concerns whether there really is a need for it. In any
> event, if the WG has discussed those issues and has
indicated
> that it still wishes to advance the document, detail those
> concerns here.

No concerns.

> (1.e) How solid is the WG consensus behind this document? Does it
> represent the strong concurrence of a few individuals, with
> others being silent, or does the WG as a whole understand
and
> agree with it?

The document received pretty broad review during the two working group
last calls.

> (1.f) Has anyone threatened an appeal or otherwise indicated
extreme
> discontent? If so, please summarise the areas of conflict
in
> separate email messages to the Responsible Area Director.
(It
> should be in a separate email because this questionnaire is
> entered into the ID Tracker.)

No, there are no pending disagreements about the document.

> (1.g) Has the Document Shepherd personally verified that the
> document satisfies all ID nits? (See
> http://www.ietf.org/ID-Checklist.html and
> http://tools.ietf.org/tools/idnits/). Boilerplate checks
are
> not enough; this check needs to be thorough. Has the
document
> met all formal review criteria it needs to, such as the MIB
> Doctor, media type and URI type reviews?

No serious nits were found, but the following should be noted:

The document uses RFC 3978 boilerplate instead of RFC 4748 boilerplate.

In section 2, the key words usage statement appears twice, once at the
beginning of the section and once at the end.

In section 3.2, 3rd line, there is a repeated "address" in the text:
The
mobile node always configures a care-of address address through DHCP
Also in section 3.2, the word "the" is repeated in the text:
all times at the home agent mapping the the home address to the

Section 3.4.1:
sent in step 2,
should be:
sent in step 1b,

> (1.h) Has the document split its references into normative and
> informative? Are there normative references to documents
that
> are not ready for advancement or are otherwise in an unclear
> state? If such normative references exist, what is the
> strategy for their completion? Are there normative
references
> that are downward references, as described in [RFC3967]? If
> so, list these downward references to support the Area
> Director in the Last Call procedure for them [RFC3967].

Yes, the references are split. There is a normative reference to
draft-ietf-mip4-vpn-problem-solution-02, which is still in progress
but expected to go to BCP. No downward normative references exist.

> (1.i) Has the Document Shepherd verified that the document IANA
> consideration section exists and is consistent with the body
> of the document? If the document specifies protocol
> extensions, are reservations requested in appropriate IANA
> registries? Are the IANA registries clearly identified? If
> the document creates a new registry, does it define the
> proposed initial contents of the registry and an allocation
> procedure for future registrations? Does it suggested a
> reasonable name for the new registry? See
> [I-D.narten-iana-considerations-rfc2434bis]. If the
document
> describes an Expert Review process has Shepherd conferred
with
> the Responsible Area Director so that the IESG can appoint
the
> needed Expert during the IESG Evaluation?

The document has no IANA actions required, and contains a section 6 IANA
Considerations which states this explicitly.

> (1.j) Has the Document Shepherd verified that sections of the
> document that are written in a formal language, such as XML
> code, BNF rules, MIB definitions, etc., validate correctly
in
> an automated checker?

There are no such formal language constructs used in the document.

> (1.k) The IESG approval announcement includes a Document
> Announcement Write-Up. Please provide such a Document
> Announcement Writeup? Recent examples can be found in the
> "Action" announcements for approved documents. The approval
> announcement contains the following sections:
>
> Technical Summary

This document describes the interaction of Mobile IPv4 and MOBIKE.
The focus is on providing access to an enterprise or operator private
network where the mobile node can connect either directly on trusted
links or through a VPN gateway from the untrusted Internet. The
document outlines various scenarios for the different arrangements of
VPN and Mobile IP tunnels, and recommends procedures for execution
upon detection of mobility events.

> Working Group Summary

This document is a product of the Mobile IPv4 working group. It
has gone through 2 working group last calls and is mature and
ready for publication.

> Document Quality

Document quality is good.

> Personnel
> Who is the Document Shepherd for this document? Who is
the
> Responsible Area Director?

Document shepherd: Pete McCann
Responsible AD: Jari Arkko
2007-01-22
03 Dinara Suleymanova [Note]: 'Document Shepherd is <pete.mccann@motorola.com>' added by Dinara Suleymanova
2007-01-22
03 Jari Arkko Draft Added by Jari Arkko in state Publication Requested
2007-01-22
03 Jari Arkko [Note]: 'Document Shepherd is ' added by Jari Arkko
2007-01-04
02 (System) New version available: draft-ietf-mip4-mobike-connectivity-02.txt
2006-06-14
01 (System) New version available: draft-ietf-mip4-mobike-connectivity-01.txt
2006-01-24
00 (System) New version available: draft-ietf-mip4-mobike-connectivity-00.txt