Mobile IPv6 Location Privacy Solutions
RFC 5726

Note: This ballot was opened for revision 16 and is now closed.

(Jari Arkko) Yes

(Ron Bonica) No Objection

(Ross Callon) No Objection

(Ralph Droms) No Objection

(Lisa Dusseault) (was No Record, Discuss) No Objection

(Pasi Eronen) No Objection

Comment (2009-06-17 for -)
No email
send info
Couple of technical comments that are not relevant for the 
RFC 3932 check, but may be useful for the RFC Editor and/or
the authors:

- It looks like pseudo home addresses won't work as-is when IPsec is
used to protect Mobile IPv6 signalling (it looks like they assume
Mobile IPv6 part modifies the IPsec Security Policy Database
on-the-fly in some unspecified fashion).

- Pseudo home addresses also seems to introduce a rather big change to
Mobile IP: the home agent has to intercept and modify some
reverse-tunneled payload packets between the MN and CN (at least
HoTI). Currently, these are just normal payload traffic (since the
Home Agent is not listed in the "Destination Address" field, it just
forwards them without doing any processing). This seems like an ugly
layer violation: if the MN has a Mobile IPv6 signalling packet it
wants the HA to process somehow, it should put the HA in the
"Destination Address" field instead of relying the HA to perform
deep packet inspection and "intercept" them.

- Despite the claim in Section 11, most of this stuff probably doesn't
work DSMIPv6 because DSMIPv6 cannot use tunnel mode IPsec to protect 
binding updates to home agents (when using IPv4 CoA at least).

(Adrian Farrel) No Objection

(Russ Housley) No Objection

(Cullen Jennings) No Objection

(Tim Polk) (was Discuss, No Record, No Objection) No Objection

Comment (2009-07-02 for -)
No email
send info
(Moving to NoObj)

Section 5.1

If I understand correctly, the encrypted home address is generated by the mobile node
and accepted without re-computation by the home agent.  If this is correct, there is no way
to enforce use of a particular encryption algorithm (or even verify it was used...)  In this case,
the text describing AES as the "default" algorithm should be replaced with text recommending
the use of AES, and 8.1 in security considerations should get some text explaining why it
would be bad for the mobile node to select a weak algorithm.

If I am wrong, and the home agent (or any other participant) also computes the encrypted
home address we have a different problem.  To have crypto agility we need a mechanism
to communicate which symmetric algorithm is in use, and I didn't see any evidence of that
in the new messages/payloads.

Also in section 5.1, in the third message: should destination be "home agent" instead of
"home address"?

(Robert Sparks) No Objection