Technical Summary
Fast Mobile IPv6 requires that a Fast Binding Update is secured
using a security association shared between an Access Router and a
Mobile Node in order to avoid certain attacks. In this document, a
method for provisioning a shared key from the Access Router to the
Mobile Node is defined to protect this signaling. The key exchange
messages are required to have SEND security; that is, the source
address is a CGA and the messages are signed using the CGA private
key of the sending node.
Working Group Summary
This is a product of the MIPSHOP WG.
Document Quality
There are no known implementations of the proposed protocol. The
quality of the document is good.
Jari Arkko has reviewed this specification for the IESG. The
specification has also been reviewed by MDIR.
Note to RFC Editor
Please make the following change:
OLD:
The AR MUST use the CGA constructed from its
certified key as the source address for the PrRtAdv and include a
SEND CGA Option and a SEND Signature Option with the SEND
signature of the message.
NEW:
The AR MUST have a certificate suitable for a SEND-capable router,
support SEND certificate discovery, and include a SEND CGA
Option and a SEND Signature Option in the PrRtAdv messages
it sends. Similarly, the mobile nodes MUST be configured with
one or more SEND trust anchors so that they can verify these
messages.
Also, please expand CGA (Cryptographically Generated
Address) and MAC acronyms on the first occurence.
The second author's affiliation and e-mail address should
be changed to Rajeev.Koodli@nsn.com (Nokia Siemens Networks)