Mobile IPv6 Security Framework Using Transport Layer Security for Communication between the Mobile Node and Home Agent
Draft of message to be sent after approval:
From: The IESG <firstname.lastname@example.org> To: IETF-Announce <email@example.com> Cc: RFC Editor <firstname.lastname@example.org>, mext mailing list <email@example.com>, mext chair <firstname.lastname@example.org> Subject: Document Action: 'Transport Layer Security-based Mobile IPv6 Security Framework for Mobile Node to Home Agent Communication' to Experimental RFC (draft-ietf-mext-mip6-tls-05.txt) The IESG has approved the following document: - 'Transport Layer Security-based Mobile IPv6 Security Framework for Mobile Node to Home Agent Communication' (draft-ietf-mext-mip6-tls-05.txt) as an Experimental RFC This document is the product of the Mobility EXTensions for IPv6 Working Group. The IESG contact persons are Jari Arkko and Ralph Droms. A URL of this Internet Draft is: http://datatracker.ietf.org/doc/draft-ietf-mext-mip6-tls/
Technical Summary Mobile IPv6 signaling between a mobile node and its home agent is secured using IPsec. The security association between a mobile node and the home agent is established using IKEv1 or IKEv2. The security model specified for Mobile IPv6, which relies on IKE/IPsec, requires interaction between the Mobile IPv6 protocol component and the IKE/ IPsec module of the IP stack. This document proposes an alternate security framework for Mobile IPv6 and Dual-Stack Mobile IPv6, which relies on Transport Layer Security for establishing keying material and other bootstrapping parameters required to protect Mobile IPv6 signaling and data traffic between the mobile node and home agent. Working Group Summary This document has been discussed in the WG over 2+ years and there is general consensus on adopting the proposed solution on an experimental basis. The I-D does not deprecate the IPsec based security mechanism which is the default. Instead it proposes an alternative scheme which enables ease of deployment. Document Quality There is at least one known implementation of the protocol. This implementation has been done on the Nokia N900 device as well as Ubuntu and Debian linux platforms. The implementation has been shown at previous IETF meetings. All reviewers who have helped improve the document have been acknowledged in the I-D. Personnel The responsible Area Director is Jari Arkko. There is no Document Shepherd.