Authentication Protocol for Mobile IPv6
RFC 4285
Document | Type | RFC - Informational (January 2006; Errata) | |
---|---|---|---|
Authors | Alpesh Patel , Kent Leung , Haseeb Akhtar , Mohamed Khalil , Kuntal Chowdhury | ||
Last updated | 2015-10-14 | ||
Stream | Internent Engineering Task Force (IETF) | ||
Formats | plain text html pdf htmlized (tools) htmlized bibtex | ||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 4285 (Informational) | |
Action Holders |
(None)
|
||
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | Margaret Cullen | ||
Send notices to | mkhalil@nortelnetworks.com |
Network Working Group A. Patel Request for Comments: 4285 K. Leung Category: Informational Cisco Systems M. Khalil H. Akhtar Nortel Networks K. Chowdhury Starent Networks January 2006 Authentication Protocol for Mobile IPv6 Status of this Memo This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2006). IESG Note This RFC is not a candidate for any level of Internet Standard. RFC 3775 and 3776 define Mobile IPv6 and its security mechanism. This document presents an alternate security mechanism for Mobile IPv6 used in 3GPP2 networks. The security properties of this mechanism have not been reviewed in the IETF. Conducting this review proved difficult because the standards-track security mechanism for Mobile IPv6 is tightly integrated into the protocol; extensions to Mobile IPv6 and the core documents make assumptions about the properties of the security model without explicitly stating what assumptions are being made. There is no documented service model. Thus it is difficult to replace the security mechanism and see if the current protocol and future extensions meet appropriate security requirements both under the original and new security mechanisms. If a service model for Mobile IPv6 security is ever formally defined and reviewed, a mechanism similar to this one could be produced and fully reviewed. Section 1.1 of this document provides an applicability statement for this RFC. The IESG recommends against the usage of this specification outside of environments that meet the conditions of that applicability statement. In addition the IESG recommends those Patel, et al. Informational [Page 1] RFC 4285 Authentication Protocol for Mobile IPv6 January 2006 considering deploying or implementing this specification conduct a sufficient security review to meet the conditions of the environments in which this RFC will be used. Abstract IPsec is specified as the means of securing signaling messages between the Mobile Node and Home Agent for Mobile IPv6 (MIPv6). MIPv6 signaling messages that are secured include the Binding Updates and Acknowledgement messages used for managing the bindings between a Mobile Node and its Home Agent. This document proposes an alternate method for securing MIPv6 signaling messages between Mobile Nodes and Home Agents. The alternate method defined here consists of a MIPv6-specific mobility message authentication option that can be added to MIPv6 signaling messages. Table of Contents 1. Introduction ....................................................3 1.1. Applicability Statement ....................................3 2. Overview ........................................................4 3. Terminology .....................................................5 3.1. General Terms ..............................................5 4. Operational Flow ................................................6 5. Mobility Message Authentication Option ..........................7 5.1. MN-HA Mobility Message Authentication Option ...............8 5.1.1. Processing Considerations ...........................9 5.2. MN-AAA Mobility Message Authentication Option ..............9 5.2.1. Processing Considerations ..........................10 5.3. Authentication Failure Detection at the Mobile Node .......11 6. Mobility Message Replay Protection Option ......................11 7. Security Considerations ........................................13 8. IANA Considerations ............................................14 9. Acknowledgements ...............................................15 10. References ....................................................15 10.1. Normative References .....................................15 10.2. Informative References ...................................15 Appendix A. Rationale for mobility message replay protection option ................................................16 Patel, et al. Informational [Page 2] RFC 4285 Authentication Protocol for Mobile IPv6 January 2006 1. Introduction The base Mobile IPv6 specification [RFC3775] specifies the signalingShow full document text