Secure Connectivity and Mobility Using Mobile IPv4 and IKEv2 Mobility and Multihoming (MOBIKE)
Note: This ballot was opened for revision 03 and is now closed.
(Jari Arkko) Yes
(Ron Bonica) No Objection
(Ross Callon) No Objection
(Brian Carpenter) No Objection
Comment (2007-02-02 for -)
Based on Gen-Art review by Miguel Garcia: Third header line should start Intended Status: Best Current Practice Section 2: the first and the last paragraphs in this section are the same. One of them should be deleted.
(Lisa Dusseault) No Objection
(Lars Eggert) No Objection
(Bill Fenner) No Objection
(Ted Hardie) No Objection
(Sam Hartman) (was Discuss, No Objection, Discuss) No Objection
(Russ Housley) (was Discuss) No Objection
From the SecDir Review by Eric Rescorla: Eric found Section 3 fairly hard to read because the diagram is so dense and all the different cases are run together. Eric suggests breaking out all the cases into separate diagrams with explanation for each. At minimum, each case should be labelled clearly and covered in a separate section in the accompanying text. Section 3.4.1 says: > > 1a. Initiate an IKE mobility exchange to update the VPN gateway with > the current address. If the new network is also untrusted, this > will be enough for setting up the connectivity. If the new > network is trusted, and if the VPN gateway is reachable, this > exchange will allow the mobile node to keep the VPN state alive > while on the trusted side. If the VPN gateway is not reachable > from inside, then this exchange will fail. > When should we expect this to fail? Section 3.4.1 also says: > > 2. If the mobile node receives a Registration Reply to the request > sent in step 2, then the current subnet is a trusted subnet, and > the mobile node can communicate without VPN tunneling. The mobile > node MAY tear down the VPN tunnel. > This should say "step 1b", right?
(Cullen Jennings) No Objection
(David Kessens) No Objection
(Chris Newman) No Objection
Carrying forward Ted's no objection position. I did not re-review the document.