Authentication Protocol for Mobile IPv6
Draft of message to be sent after approval:
From: The IESG <email@example.com> To: IETF-Announce <firstname.lastname@example.org> Cc: Internet Architecture Board <email@example.com>, RFC Editor <firstname.lastname@example.org>, mip6 mailing list <email@example.com>, mip6 chair <firstname.lastname@example.org> Subject: Document Action: 'Authentication Protocol for Mobile IPv6' to Informational RFC The IESG has approved the following document: - 'Authentication Protocol for Mobile IPv6 ' <draft-ietf-mip6-auth-protocol-08.txt> as an Informational RFC This document is the product of the Mobility for IPv6 Working Group. The IESG contact persons are Margaret Wasserman and Mark Townsley. A URL of this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-mip6-auth-protocol-08.txt
Technical Summary IPsec is specified as the sole means of securing all signaling messages between the Mobile Node and Home agent for Mobile IPv6 (see RFC 3775). Some deployments, and 3GPP2 in particular, desire a different model for securing signalling between the Mobile Node and Home Agent, one that more closely fits their existing Mobile IPv4 deployments. This document proposes an alternate method for securing the signaling messages, one based on defining a MIPv6-specific authentication extension. Working Group Summary This document certainly generated controversy within the WG. There were some who argued that this approach was not appropriate and that we should just stick with "use the IPsec-based approach as defined in RFC 3775". Others argued that we should listen to an important "customer" and that it was appropriate to put this document forward on standards track, since there were likely to be many implementations. In the end, most people recognized the need to be pragmatic in dealing with the input from 3GPP2, given that 3GPP2-based mobile IPv4 is the largest current deployment of MIPv4. In the end, the WG supported moving this work forward, but as an informational document rather than on the Standards Track. Protocol Quality This document has been reviewed for the IESG by Thomas Narten. IESG Note This RFC is not a candidate for any level of Internet Standard. RFC 3775 and 3776 define Mobile IPv6 and its security mechanism. This document presents an alternate security mechanism for Mobile IPv6 used in 3GPP2 networks. The security properties of this mechanism have not been reviewed in the IETF. Conducting this review proved difficult because the standards-track security mechanism for Mobile IPv6 is tightly integrated into the protocol; extensions to Mobile IPv6 and the core documents make assumptions about the properties of the security model without explicitly stating what assumptions are being made. There is no documented service model. Thus it is difficult to replace the security mechanism and see if the current protocol and future extensions meet appropriate security requirements both under the original and new security mechanisms. If a service model for Mobile IPv6 security is ever formally defined and reviewed, a mechanism similar to this one could be produced and fully reviewed. Section 1.1 of this document provides an applicability statement for this RFC. The IESG recommends against the usage of this specification outside of environments that meet the conditions of that applicability statement. In addition the IESG recommends those considering deploying or implementing this specification conduct a sufficient security review to meet the conditions of the environments in which this RFC will be used.