Mobile IPv4 Challenge/Response Extensions (Revised)
Draft of message to be sent after approval:
From: The IESG <email@example.com> To: IETF-Announce <firstname.lastname@example.org> Cc: Internet Architecture Board <email@example.com>, RFC Editor <firstname.lastname@example.org>, mip4 mailing list <email@example.com>, mip4 chair <firstname.lastname@example.org> Subject: Protocol Action: 'Mobile IPv4 Challenge/Response Extensions (revised)' to Proposed Standard The IESG has approved the following document: - 'Mobile IPv4 Challenge/Response Extensions (revised) ' <draft-ietf-mip4-rfc3012bis-06.txt> as a Proposed Standard This document is the product of the Mobility for IPv4 Working Group. The IESG contact persons are Margaret Wasserman and Mark Townsley. A URL of this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-mip4-rfc3012bis-06.txt
Technical Summary Mobile IP, as originally specified, defines an authentication extension (the Mobile-Foreign Authentication extension) by which a mobile node can authenticate itself to a foreign agent. Unfortunately, that extension does not provide the foreign agent any direct guarantee that the protocol is protected from replays, and does not allow for the use of existing techniques (such as CHAP) for authenticating portable computer devices. In this specification, we define extensions for the Mobile IP Agent Advertisements and the Registration Request that allow a foreign agent to use a challenge/response mechanism to authenticate the mobile node. Furthermore, this document updates RFC3344 by including new authentication extension called the Mobile-AAA Authentication extension. This new extension is provided so that a mobile node can supply credentials for authorization using commonly available AAA infrastructure elements. This Authorization-enabling extension MAY co-exist in the same Registration Request with Authentication extensions defined for Mobile IP Registration by RFC3344. This document obsoletes RFC3012. Working Group Summary This document was produced by the MIP4 WG. The WG has consensus to publish this document as a Proposed Standard. Protocol Quality This document was reviewed for the IESG by Margaret Wasserman. Note to RFC Editor Please replace all instances of "byte" with "octet". Please modify the title page header to indicate that this document updates RFC 3344, and it obsoletes RFC 3012. Please make the following change in section 5: OLD: 1 Mobile-AAA Authentication subtype (see Section 6) NEW: 1 Mobile-AAA Authentication subtype (HMAC-MD5)(see Section 6) Please add the following paragraph to the end of the Security Consideratoins section: The Generalized Mobile IP Authentication Extension includes a subtype field that is used to identify characteristics of the particular authentication strategy. This document only defines one subtype, the Mobile-AAA Authenticationsubtype that uses HMAC-MD5. If it is necessary to move to a new message authentication algorithm in the future, this could be accomplished by defining anew subtype that uses a different one.