Mobile IPv4 Challenge/Response Extensions (Revised)
RFC 4721
| Document | Type |
RFC - Proposed Standard
(January 2007; Errata)
Obsoletes RFC 3012
Updates RFC 3344
|
|
|---|---|---|---|
| Last updated | 2018-12-20 | ||
| Replaces | draft-ietf-mobileip-rfc3012bis | ||
| Stream | IETF | ||
| Formats | plain text html pdf htmlized bibtex | ||
| Stream | WG state | (None) | |
| Document shepherd | No shepherd assigned | ||
| IESG | IESG state | RFC 4721 (Proposed Standard) | |
| Consensus Boilerplate | Unknown | ||
| Telechat date | |||
| Responsible AD | Margaret Cullen | ||
| Send notices to | (None) | ||
Network Working Group C. Perkins
Request for Comments: 4721 Nokia Research Center
Obsoletes: 3012 P. Calhoun
Updates: 3344 Cisco Systems, Inc.
Category: Standards Track J. Bharatia
Nortel Networks
January 2007
Mobile IPv4 Challenge/Response Extensions (Revised)
Status of This Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The IETF Trust (2007).
Abstract
Mobile IP, as originally specified, defines an authentication
extension (the Mobile-Foreign Authentication extension) by which a
mobile node can authenticate itself to a foreign agent.
Unfortunately, that extension does not provide the foreign agent any
direct guarantee that the protocol is protected from replays and does
not allow for the use of existing techniques (such as Challenge
Handshake Authentication Protocol (CHAP)) for authenticating portable
computer devices.
In this specification, we define extensions for the Mobile IP Agent
Advertisements and the Registration Request that allow a foreign
agent to use a challenge/response mechanism to authenticate the
mobile node.
Furthermore, this document updates RFC 3344 by including a new
authentication extension called the Mobile-Authentication,
Authorization, and Accounting (AAA) Authentication extension. This
new extension is provided so that a mobile node can supply
credentials for authorization, using commonly available AAA
infrastructure elements. This authorization-enabling extension MAY
co-exist in the same Registration Request with authentication
extensions defined for Mobile IP Registration by RFC 3344. This
document obsoletes RFC 3012.
Perkins, et al. Standards Track [Page 1]
RFC 4721 Mobile IPv4 Challenge/Response Extensions January 2007
Table of Contents
1. Introduction ....................................................2
1.1. Terminology ................................................3
2. Mobile IP Agent Advertisement Challenge Extension ...............4
2.1. Handling of Solicited Agent Advertisements .................4
3. Operation .......................................................5
3.1. Mobile Node Processing of Registration Requests ............5
3.2. Foreign Agent Processing of Registration Requests ..........6
3.2.1. Foreign Agent Algorithm for Tracking Used
Challenges .........................................8
3.3. Foreign Agent Processing of Registration Replies ...........9
3.4. Home Agent Processing of Challenge Extensions .............10
3.5. Mobile Node Processing of Registration Replies ............11
4. Mobile-Foreign Challenge Extension .............................11
5. Generalized Mobile IP Authentication Extension .................12
6. Mobile-AAA Authentication Subtype ..............................13
7. Reserved SPIs for Mobile IP ....................................14
8. SPIs for RADIUS AAA Servers ....................................14
9. Configurable Parameters ........................................15
10. Error Values ..................................................16
11. IANA Considerations ...........................................16
12. Security Considerations .......................................17
13. Acknowledgements ..............................................18
14. Normative References ..........................................18
Appendix A. Changes since RFC 3012 ................................20
Appendix B. Verification Infrastructure ...........................21
Appendix C. Message Flow for FA Challenge Messaging with
Mobile-AAA Extension ..................................22
Appendix D. Message Flow for FA Challenge Messaging with
MN-FA Authentication ..................................23
Appendix E. Example Pseudo-code for Tracking Used Challenges ......24
1. Introduction
Mobile IP defines the Mobile-Foreign Authentication extension to
allow a mobile node to authenticate itself to a foreign agent. Such
authentication mechanisms are mostly external to the principal
operation of Mobile IP, since the foreign agent can easily route
packets to and from a mobile node whether or not the mobile node is
reporting a legitimately owned home address to the foreign agent.
Show full document text