Mobile IPv4 Challenge/Response Extensions (Revised)
RFC 4721

Approval announcement
Draft of message to be sent after approval:

From: The IESG <>
To: IETF-Announce <>
Cc: Internet Architecture Board <>,
    RFC Editor <>, 
    mip4 mailing list <>, 
    mip4 chair <>
Subject: Protocol Action: 'Mobile IPv4 Challenge/Response 
         Extensions (revised)' to Proposed Standard 

The IESG has approved the following document:

- 'Mobile IPv4 Challenge/Response Extensions (revised) '
   <draft-ietf-mip4-rfc3012bis-06.txt> as a Proposed Standard

This document is the product of the Mobility for IPv4 Working Group. 

The IESG contact persons are Margaret Wasserman and Mark Townsley.

A URL of this Internet-Draft is:

Technical Summary
   Mobile IP, as originally specified, defines an authentication
   extension (the Mobile-Foreign Authentication extension) by which a
   mobile node can authenticate itself to a foreign agent.
   Unfortunately, that extension does not provide the foreign agent any
   direct guarantee that the protocol is protected from replays, and
   does not allow for the use of existing techniques (such as CHAP) for
   authenticating portable computer devices.

   In this specification, we define extensions for the Mobile IP Agent
   Advertisements and the Registration Request that allow a foreign
   agent to use a challenge/response mechanism to authenticate the
   mobile node.

   Furthermore, this document updates RFC3344 by including new
   authentication extension called the Mobile-AAA Authentication
   extension.  This new extension is provided so that a mobile node can
   supply credentials for authorization using commonly available AAA
   infrastructure elements.  This Authorization-enabling extension MAY
   co-exist in the same Registration Request with Authentication
   extensions defined for Mobile IP Registration by RFC3344.  This
   document obsoletes RFC3012.
Working Group Summary
   This document was produced by the MIP4 WG.  The WG has consensus 
   to publish this document as a Proposed Standard.
Protocol Quality
   This document was reviewed for the IESG by Margaret Wasserman.  

Note to RFC Editor
Please replace all instances of "byte" with "octet".

Please modify the title page header to indicate that this document updates RFC
3344, and it obsoletes RFC 3012.

Please make the following change in section 5:


   1 Mobile-AAA Authentication subtype (see Section 6)


   1 Mobile-AAA Authentication subtype (HMAC-MD5)(see Section 6)

Please add the following paragraph to the end of the Security Consideratoins

The Generalized Mobile IP Authentication Extension includes a subtype field
that is used to identify characteristics of the particular authentication
strategy.  This document only defines one subtype, the Mobile-AAA Authenticationsubtype that uses HMAC-MD5.  If it is necessary to move to a new message
authentication algorithm in the future, this could be accomplished by defining anew subtype that uses a different one.