Mobile IPv4 Challenge/Response Extensions (Revised)
RFC 4721
Document | Type |
RFC - Proposed Standard
(January 2007; Errata)
Obsoletes RFC 3012
Updates RFC 3344
|
|
---|---|---|---|
Authors | Charles Perkins , Jayshree Bharatia , Pat Calhoun | ||
Last updated | 2018-12-20 | ||
Replaces | draft-ietf-mobileip-rfc3012bis | ||
Stream | IETF | ||
Formats | plain text html pdf htmlized bibtex | ||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 4721 (Proposed Standard) | |
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | Margaret Cullen | ||
Send notices to | (None) |
Network Working Group C. Perkins Request for Comments: 4721 Nokia Research Center Obsoletes: 3012 P. Calhoun Updates: 3344 Cisco Systems, Inc. Category: Standards Track J. Bharatia Nortel Networks January 2007 Mobile IPv4 Challenge/Response Extensions (Revised) Status of This Memo This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The IETF Trust (2007). Abstract Mobile IP, as originally specified, defines an authentication extension (the Mobile-Foreign Authentication extension) by which a mobile node can authenticate itself to a foreign agent. Unfortunately, that extension does not provide the foreign agent any direct guarantee that the protocol is protected from replays and does not allow for the use of existing techniques (such as Challenge Handshake Authentication Protocol (CHAP)) for authenticating portable computer devices. In this specification, we define extensions for the Mobile IP Agent Advertisements and the Registration Request that allow a foreign agent to use a challenge/response mechanism to authenticate the mobile node. Furthermore, this document updates RFC 3344 by including a new authentication extension called the Mobile-Authentication, Authorization, and Accounting (AAA) Authentication extension. This new extension is provided so that a mobile node can supply credentials for authorization, using commonly available AAA infrastructure elements. This authorization-enabling extension MAY co-exist in the same Registration Request with authentication extensions defined for Mobile IP Registration by RFC 3344. This document obsoletes RFC 3012. Perkins, et al. Standards Track [Page 1] RFC 4721 Mobile IPv4 Challenge/Response Extensions January 2007 Table of Contents 1. Introduction ....................................................2 1.1. Terminology ................................................3 2. Mobile IP Agent Advertisement Challenge Extension ...............4 2.1. Handling of Solicited Agent Advertisements .................4 3. Operation .......................................................5 3.1. Mobile Node Processing of Registration Requests ............5 3.2. Foreign Agent Processing of Registration Requests ..........6 3.2.1. Foreign Agent Algorithm for Tracking Used Challenges .........................................8 3.3. Foreign Agent Processing of Registration Replies ...........9 3.4. Home Agent Processing of Challenge Extensions .............10 3.5. Mobile Node Processing of Registration Replies ............11 4. Mobile-Foreign Challenge Extension .............................11 5. Generalized Mobile IP Authentication Extension .................12 6. Mobile-AAA Authentication Subtype ..............................13 7. Reserved SPIs for Mobile IP ....................................14 8. SPIs for RADIUS AAA Servers ....................................14 9. Configurable Parameters ........................................15 10. Error Values ..................................................16 11. IANA Considerations ...........................................16 12. Security Considerations .......................................17 13. Acknowledgements ..............................................18 14. Normative References ..........................................18 Appendix A. Changes since RFC 3012 ................................20 Appendix B. Verification Infrastructure ...........................21 Appendix C. Message Flow for FA Challenge Messaging with Mobile-AAA Extension ..................................22 Appendix D. Message Flow for FA Challenge Messaging with MN-FA Authentication ..................................23 Appendix E. Example Pseudo-code for Tracking Used Challenges ......24 1. Introduction Mobile IP defines the Mobile-Foreign Authentication extension to allow a mobile node to authenticate itself to a foreign agent. Such authentication mechanisms are mostly external to the principal operation of Mobile IP, since the foreign agent can easily route packets to and from a mobile node whether or not the mobile node is reporting a legitimately owned home address to the foreign agent.Show full document text