RE: Justificationsfor standardizingdraft-ietf-mip6-auth-pr otocol-00.txt

>-----Original Message-----
>From: Soliman, Hesham [mailto:H.Soliman@xxxxxxxxxxx] 
>Sent: Tuesday, September 14, 2004 2:42 PM
>To: Chowdhury, Kuntal [RICH1:2H18:EXCH]
>Cc: mip6@xxxxxxxx; Basavaraj.Patil@xxxxxxxxx; Alpesh
>Subject: RE: [Mip6] Justificationsfor 
>standardizingdraft-ietf-mip6-auth-protocol-00.txt
>
>
>
> > > I'll disregard the case 
> > >where a MITM does that over the air, given the airlink 
> > >security. The only other possible way is someone that is 
> > >physically on the path, i.e. in the core. 
> > 
> > When you say "airlink security" what do you mean? Is it 
> > cdma2000 link layer
> > encryption? yes/no?
>
>=> Yes.
>

So, do you want us to mandate that a cdma2000 operator who is willing to
deploy MIP6 w/ static SA-IPsec must implement and deploy cdma2000 radio link
layer encryption first? As far as I know, cdma2000 radio link layer
encryption is not in wide scale use, if at all.

> > 
> > According to your argument, 3GPP2 networks seemed to be 
> > secured end-to-end
> > (MN-HA). 
>
>=> Not sure how you arrived at that conclusion, but that's 
>not what I was saying. I was saying that MITM on the local
>link is not really an issue. The only other option is MITM
>that is physically present on the path.
>

No assumptions please. MiTM attacks exist and commercial deployments must
have adequate replay protection on a vital box like HA.

>Hesham
>
>
>===========================================================
>This email may contain confidential and privileged material 
>for the sole use  of the intended recipient.  Any review or 
>distribution by others is strictly  prohibited.  If you are 
>not the intended recipient please contact the sender  and 
>delete all copies. 
>===========================================================
>
>
>