Re: comments on draft-ietf-mip6-auth-protocol

Vijay.Devarapalli@xxxxxxxxx wrote:

> > > > > section 6.1 doesnt talk about what the SPI should be set to. 
> > > > >          
> > > > Well, the SPI is the SPI of the SA, you are right, we may 
> > > >        
> > need to add
> >    
> >
> > > > clarifying text.
> > > >        
> > > then I am confused with the role of SPI. in section 6.2 the SPI is
> > > being used to differentiate between the use of CHAP or HMAC_CHAP.
> > > it doesnt seem to be the SPI of the SA. is the role of SPI field
> > > different depending on who (AAAH or HA) does the authentication? 
> > >      
> > 6.0 describes the general meaning of spi. 6.1 (MN-HA auth 
> > option takes 
> > the meaning from there).
> > 6.2, for MN-AAA auth option specifies the meaning of CHAP and 
> > HMAC_CHAP. 
> >    
>
> so it is used for different purporses in 6.1 and 6.2.(?)
>
>  
>
> > Hope
> > that is clear?
> >    
>
> nope. :(

Ok, in that case, we can add text clarifying the meaning of the various 
fields in
each, section 6.1 and 6.2 to make the distinction clear.

-a

>  
>
> > > > > > 8.  Security Considerations
> > > > > >
> > > > > >   This document proposes new authentication options to 
> > > > > > authenticate the
> > > > > >   control message between MN, HA and/or HAAA (as an 
> > > > > >            
> > alternative to
> >    
> >
> > > > > >   IPsec).  The new options provide for authentication 
> > > > > >            
> > of Binding 
> >    
> >
> > > > > > Update
> > > > > >   and Binding Acknowledgement messages
> > > > > >            
> > > > >
> > > > >
> > > > > I think this section should say something about using the 
> > > > >          
> > same shared
> >    
> >
> > > > > key repeatedly. maybe it should recommend that a key 
> > > > >          
> > should be derived
> >    
> >
> > > > > from the shared key once in a while and the derived key 
> > > > >          
> > must be used 
> >    
> >
> > > > > for
> > > > > authenticating BU and BAck. (?) 
> > > > >          
> > > >
> > > > Yes, I have revamped this section after talking with some security 
> > > > experts.
> > > > Mostly adding text clarifying the usage to keep the implementation 
> > > > secure.
> > > > due for next rev.
> > > >        
> > > if you have the text ready, please post it. if we can review it now,
> > > we could avoid one more revision of the draft. 
> > >      
> > I don't have an updated version. Can post is after IETF.
> >    
>
> I meant just the text for the Security Considerations section. I 
> wasnt looking for a new version of the draft. :)
>
>