Mobile IP Version 6 Route Optimization Security Design Background
draft-ietf-mip6-ro-sec-03

Review by Elwyn Davies, Gen-ART

Summary: Taken in isolation this is a good, if somewhat discursive document.
I think it has a number of language nits which are rather numerous to list
here (I will mail the authors privately with suggestions).  That being said,
I had expected somewhat more of a 'design diary': in practice the great
majority of the document is either about the security threats for MIP(v6) or
the actual (RR) solution chosen rather than about other possibilities which
were ruled out. 
There are useful notes on design criteria for avoidance of reflection and
amplification attacks, but I felt that much of this document was duplicating
RFC3775 (description of RR and security considerations) with some expansion
of discussion.  Now if the threat analysis is actually duplicating RFC3775,
it could probably be omitted:  On the other hand this draft is actually
referenced in RFC3775 as providing additional detail for certain things.  If
this is really a more definitive document for the threat analysis there
would be something to be said for either retitling the document to reflect
this or possibly splitting it into true threat analysis and a much smaller
document on the design background. 

Review (nits):
Figures: I would prefer figures to have explicit captions rather than just
'Figure n'
Sections 1.1 and 4.2: contain lists which would be more readable if the
items
had bullets to show the boundaries of the items.
Title of Section 2: 'Dimensions of Danger' is a resonant phrase but it
didn't
quite explain to me what was being considered.. maybe 'Avenues of Attack'?
Last sentence of S1.3: the phrase 'to establish an explicit goal in the
provided level of protection' is indecipherable to me.
Section 3.4: The term 'cookie' is introduced with no explanation here.
Section 4: the first sentence contains a reference which has not been
resolved to a section: .

I have a large number of suggestions of an editorial nature which I am
sending directly to the authors and Thomas as a marked up copy.

[Ballot comment]
Overall, a very nice document. Well-written, good overview of the
security design.  It sure would be nice to see more documents like
this!!!

Comments/Nits:

>    To understand Mobile IPv6, it is important to understand the MIPv6
>    design view to the base IPv6 protocol and infrastructure.  The most

sentence could be better worded.

>    The basic solution requires tunneling through the home agent, thereby
>    leading to longer paths and degraded performance.  This tunneling is
>    sometimes called triangular routing since it was originally planned
>    that the packets from the mobile node to its peer could still
>    traverse directly, bypassing the home agent.

perhaps add: (Ingress filtering effectively forces return traffic from
the MN to also travel via the HA.)

>    As a security goal, Mobile IPv6 design aimed to be "as secure as the

s/, /, the/

>    formation.  That is, an attacker has much easier task to fool a

s/has/has the/
s/to fool/of fooling/

>    messages to be sent by the targets nodes.

s/targets/target/??

>    (Section 3.4).  Finally, we considering the applicability of

s/considering/consider/

>    Any protocol for authenticating binding update has to consider replay

s/update/updates/

also s/binding update/Binding Update/ throughout? I.e,. isn't this a
proper name?

>    discussed in .  The goal has been to produce a design whose

is  supposed to be a reference to a specific document?

>    the corresponded nodes is deliberately restricted to a few minutes,

s/corresponded/correspondent/


>    Return Routability (RR) is the name of the basic mechanism deployed
>    by Mobile IPv6 route optimization security design.  Basically, it

"deployed" is not really the right work. selected? chosen?

also s/by/by the/

>    neighboring node.  To launch this attack, the mobile nodes

s/nodes/node/

Authors section doens't include full contact info for all info (e.g.,
email addresses).

State Change Notice email list have been change to basavaraj.patil@nokia.com, gdommety@cisco.com, gab@sun.com, pekka.nikander@nomadiclab.com, erik.nordmark@sun.com, jari.arkko@piuha.net, tuomaura@microsoft.com from basavaraj.patil@nokia.com, gdommety@cisco.com