Distributing a Symmetric Fast Mobile IPv6 (FMIPv6) Handover Key Using SEcure Neighbor Discovery (SEND)
RFC 5269

Approval announcement
Draft of message to be sent after approval:

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: Internet Architecture Board <iab@iab.org>,
    RFC Editor <rfc-editor@rfc-editor.org>, 
    mipshop mailing list <mipshop@ietf.org>, 
    mipshop chair <mipshop-chairs@tools.ietf.org>
Subject: Protocol Action: 'Distributing a Symmetric Fast Mobile 
         IPv6 (FMIPv6) Handover Key Using SEcure Neighbor Discovery 
         (SEND)' to Proposed Standard 

The IESG has approved the following document:

- 'Distributing a Symmetric Fast Mobile IPv6 (FMIPv6) Handover Key Using 
   SEcure Neighbor Discovery (SEND) '
   <draft-ietf-mipshop-handover-key-04.txt> as a Proposed Standard

This document is the product of the Mobility for IP: Performance, 
Signaling and Handoff Optimization Working Group. 

The IESG contact persons are Jari Arkko and Mark Townsley.

A URL of this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-mipshop-handover-key-04.txt

Technical Summary
 
  Fast Mobile IPv6 requires that a Fast Binding Update is secured
  using a security association shared between an Access Router and a
  Mobile Node in order to avoid certain attacks. In this document, a
  method for provisioning a shared key from the Access Router to the
  Mobile Node is defined to protect this signaling. The key exchange
  messages are required to have SEND security; that is, the source
  address is a CGA and the messages are signed using the CGA private
  key of the sending node.

Working Group Summary

  This is a product of the MIPSHOP WG.

Document Quality

  There are no known implementations of the proposed protocol. The
  quality of the document is good.

  Jari Arkko has reviewed this specification for the IESG. The
  specification has also been reviewed by MDIR.

Note to RFC Editor
 
  Please make the following change:

  OLD:
     The AR MUST use the CGA constructed from its
     certified key as the source address for the PrRtAdv and include a
     SEND  CGA  Option  and  a  SEND  Signature  Option  with  the  SEND
     signature of the message.
  NEW:
     The AR MUST have a certificate suitable for a SEND-capable router,
     support SEND certificate discovery, and include a SEND  CGA
     Option  and  a  SEND  Signature  Option  in the PrRtAdv messages
     it sends. Similarly, the mobile nodes MUST be configured with
     one or more SEND trust anchors so that they can verify these
     messages.

  Also, please expand CGA (Cryptographically Generated
  Address) and MAC acronyms on the first occurence.

  The second author's affiliation and e-mail address should
  be changed to Rajeev.Koodli@nsn.com (Nokia Siemens Networks)