Mobile IP Version 6 Route Optimization Security Design Background
RFC 4225

Note: This ballot was opened for revision 03 and is now closed.

(Thomas Narten) Yes

Comment (2005-02-09 for -** No value found for 'p.get_dochistory.rev' **)
No email
send info
Overall, a very nice document. Well-written, good overview of the
security design.  It sure would be nice to see more documents like
this!!!

Comments/Nits:

>    To understand Mobile IPv6, it is important to understand the MIPv6
>    design view to the base IPv6 protocol and infrastructure.  The most

sentence could be better worded.

>    The basic solution requires tunneling through the home agent, thereby
>    leading to longer paths and degraded performance.  This tunneling is
>    sometimes called triangular routing since it was originally planned
>    that the packets from the mobile node to its peer could still
>    traverse directly, bypassing the home agent.

perhaps add: (Ingress filtering effectively forces return traffic from
the MN to also travel via the HA.)

>    As a security goal, Mobile IPv6 design aimed to be "as secure as the

s/, /, the/

>    formation.  That is, an attacker has much easier task to fool a

s/has/has the/
s/to fool/of fooling/

>    messages to be sent by the targets nodes.

s/targets/target/??

>    (Section 3.4).  Finally, we considering the applicability of

s/considering/consider/

>    Any protocol for authenticating binding update has to consider replay

s/update/updates/

also s/binding update/Binding Update/ throughout? I.e,. isn't this a
proper name?

>    discussed in <threats>.  The goal has been to produce a design whose

is <threats> supposed to be a reference to a specific document?

>    the corresponded nodes is deliberately restricted to a few minutes,

s/corresponded/correspondent/


>    Return Routability (RR) is the name of the basic mechanism deployed
>    by Mobile IPv6 route optimization security design.  Basically, it

"deployed" is not really the right work. selected? chosen?

also s/by/by the/

>    neighboring node.  To launch this attack, the mobile nodes

s/nodes/node/

Authors section doens't include full contact info for all info (e.g.,
email addresses).

(Margaret Cullen) No Objection

(Bill Fenner) No Objection

(Ted Hardie) No Objection

(Sam Hartman) No Objection

(Russ Housley) No Objection

(David Kessens) No Objection

(Allison Mankin) No Objection

(Harald Alvestrand) No Record

Comment (2005-02-17 for -** No value found for 'p.get_dochistory.rev' **)
No email
send info
Reviewed by Elwyn Davies, Gen-ART

He wonders if this is really two documents trying to share one body... complete review in document log.