Mobile IPv4 Challenge/Response Extensions (Revised)
RFC 4721

 
Document
Type RFC - Proposed Standard (January 2007; Errata)
Obsoletes RFC 3012
Updates RFC 3344
Last updated 2013-03-02
Replaces draft-ietf-mobileip-rfc3012bis
Stream IETF
Formats plain text pdf html
Stream
WG state (None)
Consensus Unknown
Document shepherd No shepherd assigned
IESG
IESG state RFC 4721 (Proposed Standard)
Telechat date
Responsible AD Margaret Wasserman
Send notices to mip4-chairs@ietf.org

Email authors IPR References Referenced by Nits Search lists

Network Working Group                                         C. Perkins
Request for Comments: 4721                         Nokia Research Center
Obsoletes: 3012                                               P. Calhoun
Updates: 3344                                        Cisco Systems, Inc.
Category: Standards Track                                    J. Bharatia
                                                         Nortel Networks
                                                            January 2007

          Mobile IPv4 Challenge/Response Extensions (Revised)

Status of This Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The IETF Trust (2007).

Abstract

   Mobile IP, as originally specified, defines an authentication
   extension (the Mobile-Foreign Authentication extension) by which a
   mobile node can authenticate itself to a foreign agent.
   Unfortunately, that extension does not provide the foreign agent any
   direct guarantee that the protocol is protected from replays and does
   not allow for the use of existing techniques (such as Challenge
   Handshake Authentication Protocol (CHAP)) for authenticating portable
   computer devices.

   In this specification, we define extensions for the Mobile IP Agent
   Advertisements and the Registration Request that allow a foreign
   agent to use a challenge/response mechanism to authenticate the
   mobile node.

   Furthermore, this document updates RFC 3344 by including a new
   authentication extension called the Mobile-Authentication,
   Authorization, and Accounting (AAA) Authentication extension.  This
   new extension is provided so that a mobile node can supply
   credentials for authorization, using commonly available AAA
   infrastructure elements.  This authorization-enabling extension MAY
   co-exist in the same Registration Request with authentication
   extensions defined for Mobile IP Registration by RFC 3344.  This
   document obsoletes RFC 3012.

Perkins, et al.             Standards Track                     [Page 1]
RFC 4721       Mobile IPv4 Challenge/Response Extensions    January 2007

Table of Contents

   1. Introduction ....................................................2
      1.1. Terminology ................................................3
   2. Mobile IP Agent Advertisement Challenge Extension ...............4
      2.1. Handling of Solicited Agent Advertisements .................4
   3. Operation .......................................................5
      3.1. Mobile Node Processing of Registration Requests ............5
      3.2. Foreign Agent Processing of Registration Requests ..........6
            3.2.1. Foreign Agent Algorithm for Tracking Used
                   Challenges .........................................8
      3.3. Foreign Agent Processing of Registration Replies ...........9
      3.4. Home Agent Processing of Challenge Extensions .............10
      3.5. Mobile Node Processing of Registration Replies ............11
   4. Mobile-Foreign Challenge Extension .............................11
   5. Generalized Mobile IP Authentication Extension .................12
   6. Mobile-AAA Authentication Subtype ..............................13
   7. Reserved SPIs for Mobile IP ....................................14
   8. SPIs for RADIUS AAA Servers ....................................14
   9. Configurable Parameters ........................................15
   10. Error Values ..................................................16
   11. IANA Considerations ...........................................16
   12. Security Considerations .......................................17
   13. Acknowledgements ..............................................18
   14. Normative References ..........................................18
   Appendix A. Changes since RFC 3012 ................................20
   Appendix B. Verification Infrastructure ...........................21
   Appendix C. Message Flow for FA Challenge Messaging with
               Mobile-AAA Extension ..................................22
   Appendix D. Message Flow for FA Challenge Messaging with
               MN-FA Authentication ..................................23
   Appendix E. Example Pseudo-code for Tracking Used Challenges ......24

1.  Introduction

   Mobile IP defines the Mobile-Foreign Authentication extension to
   allow a mobile node to authenticate itself to a foreign agent.  Such
   authentication mechanisms are mostly external to the principal
Show full document text