[Docs] [txt|pdf] [Tracker] [WG] [Email] [Diff1] [Diff2] [Nits]

Versions: (draft-ietf-mobileip-rfc3012bis) 00 01 02 03 04 05 RFC 4721

Mobile IP Working Group                               Charles E. Perkins
INTERNET DRAFT                                     Nokia Research Center
17 October  2003                                          Pat R. Calhoun
                                                    Black Storm Networks
                                                       Jayshree Bharatia
                                                         Nortel Networks

          Mobile IPv4 Challenge/Response Extensions (revised)
                   draft-ietf-mip4-rfc3012bis-00.txt


Status of This Memo

   This document is a submission by the mobile-ip Working Group of the
   Internet Engineering Task Force (IETF).  Comments should be submitted
   to the mobile-ip@sunroof.eng.sun.com mailing list.

   Distribution of this memo is unlimited.

   This document is an Internet-Draft and is in full conformance with
   all provisions of Section 10 of RFC2026.  Internet-Drafts are working
   documents of the Internet Engineering Task Force (IETF), its areas,
   and its working groups.  Note that other groups may also distribute
   working documents as Internet-Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at
   any time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at:
        http://www.ietf.org/ietf/1id-abstracts.txt
   The list of Internet-Draft Shadow Directories can be accessed at:
        http://www.ietf.org/shadow.html.


Abstract

   Mobile IP, as originally specified, defines an authentication
   extension (the Mobile-Foreign Authentication extension) by
   which a mobile node can authenticate itself to a foreign agent.
   Unfortunately, that extension does not provide the foreign agent any
   direct guarantee that the protocol is protected from replays, and
   does not allow for the use of existing techniques (such as CHAP [10])
   for authenticating portable computer devices.

   In this specification, we define extensions for the Mobile IP Agent
   Advertisements and the Registration Request that allow a foreign







Perkins, Calhoun, Bharatia        Expires 17 April  2004        [Page i]

Internet Draft      Mobile IPv4 Challenge/Response      17 October  2003


   agent to use a challenge/response mechanism to authenticate the
   mobile node.

   Furthermore, this document updates RFC 3344 [7] by including new
   authentication extension called the Mobile-AAA Authentication
   extension.  This new extension is provided so that a mobile node
   can supply credentials for authorization using commonly available
   AAA infrastructure elements.  This Authorization-enabling extension
   MAY co-exist in the same Registration Request with Authentication
   extensions defined for Mobile IP Registration by [7].  This document
   obsoletes RFC 3012.









































Perkins, Calhoun, Bharatia       Expires 17 April  2004        [Page ii]

Internet Draft      Mobile IPv4 Challenge/Response      17 October  2003




                                Contents


Status of This Memo                                                    i

Abstract                                                               i

 1. Introduction                                                       1
     1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . .    1

 2. Mobile IP Agent Advertisement Challenge Extension                  3
     2.1. Handling of Solicited Agent Advertisements  . . . . . . .    3

 3. Operation                                                          4
     3.1. Mobile Node Processing for Registration Requests  . . . .    4
     3.2. Foreign Agent Processing for Registration Requests  . . .    5
     3.3. Foreign Agent Processing for Registration Replies . . . .    7
     3.4. Home Agent Processing for the Challenge Extensions  . . .    8
     3.5. Mobile Node Processing for Registration Replies . . . . .    9

 4. Mobile-Foreign Challenge Extension                                11

 5. Generalized Mobile IP Authentication Extension                    11

 6. Mobile-AAA Authentication subtype                                 12

 7. Reserved SPIs for Mobile IP                                       13

 8. SPIs for RADIUS AAA Servers                                       13

 9. Configurable Parameters                                           15

10. Error Values                                                      15

11. IANA Considerations                                               15

12. Security Considerations                                           16

13. Acknowledgments                                                   16

 A. Change History                                                    18

 B. Verification Infrastructure                                       19

 C. Message Flow for FA Challenge Messaging with Mobile-AAA Extension 21

 D. Message Flow for FA Challenge Messaging with MN-FA Authentication 22



Perkins, Calhoun, Bharatia       Expires 17 April  2004       [Page iii]

Internet Draft      Mobile IPv4 Challenge/Response      17 October  2003


 E. Foreign Agent Algorithm for Tracking Used Challenges              23

Addresses                                                             25


1. Introduction

   Mobile IP defines the Mobile-Foreign Authentication extension to
   allow a mobile node to authenticate itself to a foreign agent.  Such
   authentication mechanisms are mostly external to the principal
   operation of Mobile IP, since the foreign agent can easily route
   packets to and from a mobile node whether or not the mobile node is
   reporting a legitimately owned home address to the foreign agent.
   Unfortunately, that extension does not provide the foreign agent any
   direct guarantee that the protocol is protected from replays, and
   does not allow for the use of CHAP [10] for authenticating portable
   computer devices.  In this specification, we define extensions for
   the Mobile IP Agent Advertisements and the Registration Request
   that allow a foreign agent to a use challenge/response mechanism
   to authenticate the mobile node.  Furthermore, an additional
   authentication extension, the Mobile-AAA authentication extension,
   is provided so that a mobile node can supply credentials for
   authorization using commonly available AAA infrastructure elements.
   The foreign agent may be able to interact with an AAA infrastructure
   (using protocols outside the scope of this document) to obtain a
   secure indication that the mobile node is authorized to use the local
   network resources.


1.1. Terminology

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in RFC 2119 [1].

   This document uses the term Security Parameters Index (SPI) as
   defined in the base Mobile IP protocol specification [7].  All SPI
   values defined in this document refer to values for the SPI as
   defined in that specification.

   The following additional terminology is used in addition to that
   defined in [7]:

      previously used challenge
               The challenge is previously used challenge if the mobile
               node sent the same challenge to the foreign agent in
               a previous Registration Request, and that previous
               Registration Request passed all validity checks performed
               by the foreign agent.  The Foreign Agent may not be able



Perkins, Calhoun, Bharatia        Expires 17 April  2004        [Page 1]

Internet Draft      Mobile IPv4 Challenge/Response      17 October  2003


               to keep records for all previously used challenges, but
               see section 3.2 for minimal requirements.

      security association
               A "mobility security association", as defined in [7].

      unknown challenge
               Any challenge from a particular mobile node that the
               foreign agent has no record of having put either into one
               of its recent Agent Advertisements or into a registration
               reply message to that mobile node.

      unused challenge
               A challenge that has not been already accepted by the
               Foreign Agent from the mobile node in the Registration
               Request -- i.e., a challenge that is neither unknown nor
               previously used.



































Perkins, Calhoun, Bharatia        Expires 17 April  2004        [Page 2]

Internet Draft      Mobile IPv4 Challenge/Response      17 October  2003


2. Mobile IP Agent Advertisement Challenge Extension

   This section defines a new extension to the Router Discovery
   Protocol [4] for use by foreign agents that need to issue a challenge
   for authenticating mobile nodes.


       0                   1                   2                   3
       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |     Type      |    Length     |          Challenge ...
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


                   Figure 1: The Challenge Extension


      Type        24

      Length      The length of the Challenge value in bytes; SHOULD be
                  at least 4

      Challenge   A random value that SHOULD be at least 32 bits.

   The Challenge extension, illustrated in figure 1, is inserted in the
   Agent Advertisements by the foreign agent, in order to communicate
   a previously unused challenge value that can be used by the mobile
   node to compute an authentication for its next registration request
   message.  The challenge is selected by the foreign agent to provide
   local assurance that the mobile node is not replaying any earlier
   registration request.  Eastlake, et al. [5] provides more information
   on generating pseudo-random numbers suitable for use as values for
   the challenge.

   Note that the storage of different Challenges received in Agent
   Advertisements from multiple foreign agents is implementation
   specific and hence, out of scope for this specification.


2.1. Handling of Solicited Agent Advertisements

   When a foreign agent generates an Agent Advertisement in response
   to a Router Solicitation [4], some additional considerations come
   into play.  According to the Mobile IP base specification [7], the
   resulting Agent Advertisement may be either multicast or unicast.

   If the solicited Agent Advertisement is multicast, it MUST NOT
   generate a new Challenge value and update its window of remembered




Perkins, Calhoun, Bharatia        Expires 17 April  2004        [Page 3]

Internet Draft      Mobile IPv4 Challenge/Response      17 October  2003


   advertised Challenges.  It must instead re-use the most recent of the
   CHALLENGE_WINDOW Advertisement Challenge values.

   If the agent advertisement is unicast back to the soliciting mobile
   node, it MUST be handled as follows:  If the challenge most recently
   unicast to the soliciting mobile node has not been previously used
   (as defined in Section 1.1), it SHOULD be repeated in the newly
   issued unicast agent advertisement, otherwise a new challenge MUST be
   generated and remembered as the most recent challenge issued to the
   mobile node.  (For further discussion of this, see Section 12.)


3. Operation

   This section describes modifications to the Mobile IP registration
   process [7] which may occur after the foreign agent issues a Mobile
   IP Agent Advertisement containing the Challenge on its local link.
   See appendix C for a diagram showing the canonical message flow for
   messages related to the processing of the foreign agent challenge
   values.


3.1. Mobile Node Processing for Registration Requests

   Retransmission behavior for Registration Requests is identical to
   that specified in Mobile IP specification [7].  A retransmitted
   Registration Request MAY use the same Challenge value as given in the
   original Registration Request.

   Whenever the Agent Advertisement contains the Challenge extension, if
   the mobile node does not have a security association with the foreign
   agent, then it MUST include the Challenge value in a Mobile-Foreign
   Challenge extension to the Registration Request message.  If, on
   the other hand, the mobile node does have a security association
   with the foreign agent, it SHOULD include the Challenge value in its
   Registration Request message.

   If the mobile node has a security association with the Foreign
   Agent, it MUST include a Mobile-Foreign Authentication extension
   in its Registration Request message, according to the base Mobile
   IP specification [7].  When the Registration Request contains the
   Mobile-Foreign Challenge extension specified in section 4, the
   Mobile-Foreign Authentication MUST follow the Challenge extension
   in the Registration Request.  The mobile node MAY also include the
   Mobile-AAA Authentication extension.  If both, the Mobile-Foreign
   Authentication and the Mobile-AAA Authentication extensions are
   present, the Mobile-Foreign Challenge extension MUST precede the
   Mobile-AAA Authentication extension and the Mobile-AAA Authentication
   extension MUST precede the Mobile-Foreign Authentication extension.



Perkins, Calhoun, Bharatia        Expires 17 April  2004        [Page 4]

Internet Draft      Mobile IPv4 Challenge/Response      17 October  2003


   If the mobile node does not have a security association with
   the foreign agent, the mobile node MUST include the Mobile-AAA
   Authentication extension as defined in section 6 when it includes the
   Mobile-Foreign Challenge extension.  In addition, the mobile node
   SHOULD include the NAI extension [2], to enable the foreign agent
   to make use of available verification infrastructure which requires
   this.  The SPI field of the Mobile-AAA Authentication extension
   specifies the particular secret and algorithm (shared between
   the mobile node and the verification infrastructure) that must be
   used to perform the authentication.  If the SPI value is chosen as
   CHAP_SPI or HMAC_CHAP_SPI (see section 9), then the mobile node
   specifies CHAP-style authentication [10] using MD5 [9] or HMAC_MD5,
   respectively.

   In either case, the Mobile-Foreign Challenge extension followed by
   one of the above specified authentication extensions MUST follow the
   Mobile-Home Authentication extension, if present.

   A mobile node MAY include the Mobile-AAA Authentication extension in
   the Registration Request when the mobile node registers directly with
   its Home Agent (using a co-located care-of address).  In this case,
   if the mobile node uses an SPI value of CHAP_SPI or HMAC_CHAP_SPI
   (section 8) in the MN-AAA Authentication extension, the mobile node
   MUST include the Mobile-Foreign Challenge extension prior to the
   Mobile-AAA Authentication extension.  The mechanism used by the
   mobile node to obtain the Challenge value in this case is outside the
   scope of this document.


3.2. Foreign Agent Processing for Registration Requests

   Upon receipt of the Registration Request, if the foreign agent has
   issued a Challenge as part of its Agent Advertisements, and it
   does not have a security association with the mobile node, then
   the Foreign Agent SHOULD check that the Mobile-Foreign Challenge
   extension exists, and that it contains a challenge value previously
   unused by the Mobile Node.  This ensures that the mobile node is not
   attempting to replay a previous advertisement and authentication.  In
   this case, if the Registration Request does not include a challenge
   extension, the Foreign Agent MUST send a Registration Reply to the
   mobile node with the Code value MISSING_CHALLENGE.

   A foreign agent that sends Agent Advertisements containing a
   Challenge value MAY send a Registration Reply message with a
   MISSING_CHALLENGE error if the mobile node sends a Registration
   Request with a Mobile-Foreign Authentication extension without
   including a Challenge.  In other words, such a foreign agent MAY
   refuse to process a Registration Request from the mobile node unless
   the request contains an unused Challenge.



Perkins, Calhoun, Bharatia        Expires 17 April  2004        [Page 5]

Internet Draft      Mobile IPv4 Challenge/Response      17 October  2003


   If a mobile node retransmits a Registration Request with the same
   Challenge extension, and the foreign agent still has a pending
   Registration Request record in effect for the mobile node, then
   the foreign agent forwards the Registration Request to the Home
   Agent again.  The foreign agent SHOULD check that the mobile node is
   actually performing a retransmission, by verifying that the relevant
   fields of the retransmitted request (including, if present, the
   mobile node NAI Extension [2]) are the same as represented in the
   visitor list entry for the pending Registration Request (section
   3.7.1 of [7]).  This verification MUST NOT include the "remaining
   Lifetime of the pending registration", or the Identification field
   since those values are likely to change even for requests that are
   merely retransmissions and not new Registration Requests.  In all
   other circumstances, if the foreign agent receives a Registration
   Request with a Challenge extension containing a Challenge value
   previously used by that mobile node, the Foreign Agent SHOULD send
   a Registration Reply to the mobile node containing the Code value
   STALE_CHALLENGE.

   The foreign agent MUST NOT accept any Challenge in the Registration
   Request unless it was offered in the last Registration Reply
   or unicast Agent Advertisement sent to the mobile node, or else
   advertised as one of the last CHALLENGE_WINDOW (see section 9)
   Challenge values inserted into the immediately preceding Agent
   advertisements.  If the Challenge is not one of the recently
   advertised values, the foreign Agent SHOULD send a Registration Reply
   with Code value UNKNOWN_CHALLENGE (see section 10).  The foreign
   agent MUST maintain the last challenge used by each Mobile Node that
   has registered using any one of the last CHALLENGE_WINDOW challenge
   values.  This last challenge value can be stored as part of the
   mobile node's registration records.  Also, see appendix E for a
   possible algorithm that can be used to satisfy this requirement.

   Furthermore, the foreign agent MUST check that there is either a
   Mobile-Foreign, or a Mobile-AAA Authentication extension after
   the Challenge extension.  Any registration message containing
   the Challenge extension without either of these authentication
   extensions MUST be silently discarded.  If the registration
   message contains a Mobile-Foreign Authentication extension with an
   incorrect authenticator that fails verification, the foreign agent
   MAY send a Registration Reply to the mobile node with Code value
   BAD_AUTHENTICATION (see Section 10).

   If the Mobile-AAA Authentication extension (see Section 6) is present
   in the message, or if an NAI extension is included indicating that
   the mobile node belongs to a different administrative domain, the
   foreign agent may take actions outside the scope of this protocol
   specification to carry out the authentication of the mobile node.
   If the registration message contains a Mobile-AAA Authentication



Perkins, Calhoun, Bharatia        Expires 17 April  2004        [Page 6]

Internet Draft      Mobile IPv4 Challenge/Response      17 October  2003


   extension with an incorrect authenticator that fails verification,
   the foreign agent MAY send a Registration Reply to the mobile node
   with Code value FA_BAD_AAA_AUTH. If the Mobile-AAA Authentication
   Extension is present in the Registration Request, the foreign agent
   MUST NOT remove the Mobile-AAA Authentication Extension and the
   Mobile-Foreign Challenge Extension from the Registration Request.
   Appendix C provides an example of an action that could be taken by a
   foreign agent.

   In the event that the Challenge extension is authenticated through
   the Mobile-Foreign Authentication extension and the Mobile-AAA
   Authentication extension is not present, the foreign agent MAY
   remove the Challenge Extension from the Registration Request without
   disturbing the authentication value computed by the mobile node for
   use by the AAA or the home agent.  If the Mobile-AAA Authentication
   extension is present and a security association exists between the
   foreign agent and the home agent, the Mobile-Foreign Challenge
   extension and the Mobile-AAA Authentication extension MUST precede
   the Foreign-Home Authentication extension.

   If the foreign agent does not remove the Challenge extension, then
   the foreign agent SHOULD store the Challenge value as part of the
   pending registration request list [7].  Also, if the Registration
   Reply coming from the home agent does not include the Challenge
   Extension, the foreign agent SHOULD NOT reject the Registration
   Request message.  If the Challenge Extension is present in the
   Registration Reply, it MUST be the same Challenge value that was
   included in the Registration Request.  If the Challenge value differs
   in the Registration Reply received from the home agent, the foreign
   agent MUST reject the Registration Request and change the status
   in the Registration Reply to the Code value MISSING_CHALLENGE (see
   section 10).

   If the foreign agent does remove the Challenge extension and
   applicable authentication from the Registration Request message,
   then it SHOULD insert the Identification field from the Registration
   Request message along with its record-keeping information about the
   particular mobile node in order to protect against replays.


3.3. Foreign Agent Processing for Registration Replies

   The foreign agent SHOULD include a new Mobile-Foreign Challenge
   Extension in any Registration Reply, successful or not.  If the
   foreign agent includes this extension in a successful Registration
   Reply, the extension SHOULD precede a Mobile-Foreign authentication
   extension if present.  Suppose the Registration Reply includes a
   Challenge extension from the home agent, and the foreign agent
   wishes to include another Challenge extension with the Registration



Perkins, Calhoun, Bharatia        Expires 17 April  2004        [Page 7]

Internet Draft      Mobile IPv4 Challenge/Response      17 October  2003


   Reply for use by the mobile node.  In that case, the foreign agent
   MUST delete the Challenge extension from the home agent from the
   Registration Reply, along with any Foreign-Home authentication
   extension, before appending the new Challenge extension to the
   Registration Reply.

   One example of a situation where the foreign agent MAY omit the
   inclusion of a Mobile-Foreign Challenge Extension in the Registration
   Reply would be when a new challenge has been multicast recently.

   If a foreign agent has conditions in which it omits the inclusion
   of a Mobile-Foreign Challenge Extension in the Registration Reply,
   it still MUST respond with an agent advertisement containing a
   previously unused challenge in response to a subsequent agent
   solicitation from the same mobile node.  Otherwise (when the said
   conditions are not met) the foreign agent MUST include a previously
   unused challenge in any Registration Reply, successful or not.

   A mobile node MUST be prepared to use a challenge from a unicast
   or multicast Agent Advertisement in lieu of one returned in a
   Registration Reply, and MUST solicit for one if it has not already
   received one in a Registration Reply.

   If the foreign agent receives a Registration Reply with the Code
   value HA_BAD_AAA_AUTH, it MUST be relayed to the mobile node.


3.4. Home Agent Processing for the Challenge Extensions

   If the home agent receives a Registration Request with the
   Mobile-Foreign Challenge extension, and recognizes the extension, the
   home agent MUST include the Challenge extension in the Registration
   Reply.  The Challenge Extension MUST be placed after the Mobile-Home
   authentication extension, and the extension SHOULD be authenticated
   by a Foreign-Home Authentication extension.

   The home agent MAY receive a Registration Request with the Mobile-AAA
   Authentication extension.  If the Mobile-AAA Authentication extension
   is used by the home agent as an authorization-enabling extension
   and the verification fails due to incorrect authenticator, the
   home agent MAY reject the Registration Reply with the error code
   HA_BAD_AAA_AUTH.

   Since the extension type for the Challenge extension is within the
   range 128-255, the home agent MUST process such a Registration
   Request even if it does not recognize the Challenge extension [7].
   In this case, the home agent will send a Registration Reply to the
   foreign agent that does not include the Challenge extension.




Perkins, Calhoun, Bharatia        Expires 17 April  2004        [Page 8]

Internet Draft      Mobile IPv4 Challenge/Response      17 October  2003


3.5. Mobile Node Processing for Registration Replies

   A mobile node might receive the following error codes in the
   Registration Reply from the foreign agent as a response to the
   Registration Request.  The error codes are defined in section  10.

   UNKNOWN_CHALLENGE: This error code is received by the mobile node in
   the case where the mobile node has moved to a new foreign agent that
   cannot validate the challenge provided in the Registration Request.
   In such instances, the mobile node MUST use a new Challenge value in
   any new registration, obtained either from an Agent Advertisement, or
   from a Challenge extension to the Registration Reply containing the
   error.

   MISSING_CHALLENGE: A mobile node that does not include a Challenge
   when the Mobile-Foreign Authentication extension is present may
   receive a MISSING_CHALLENGE error.  In this case, the mobile node
   SHOULD send a Challenge extension containing an unused challenge in
   the next Registration Request.

   BAD_AUTHENTICATION: This error is sent by the foreign agent if
   the Registration Request contains a Mobile-Foreign Authentication
   extension with an incorrect authenticator that fails verification.
   A mobile node that receives a BAD_AUTHENTICATION Code value
   SHOULD include the Mobile-AAA Authentication Extension in the next
   Registration Request.  This will make it possible for the Foreign
   Agent to use its AAA infrastructure in order to authenticate the
   Mobile Node.  In this case, the mobile node MUST use a new Challenge
   value in any new registration, obtained either from an Agent
   Advertisement, or from a Challenge extension to the Registration
   Reply containing the error.

   FA_BAD_AAA_AUTH: This error is sent by the Foreign Agent if the
   Registration Request contains a Mobile-AAA Authentication extension
   with an incorrect authenticator that fails verification.  A mobile
   node that receives a FA_BAD_AAA_AUTH MUST use a new Challenge value
   in any new registration, obtained either from an Agent Advertisement,
   or from a Challenge extension to the Registration Reply containing
   the error.

   HA_BAD_AAA_AUTH: This error is sent by the Home Agent if the
   Registration Request contains a Mobile-AAA Authentication extension
   with an incorrect authenticator that fails verification.  A mobile
   node that receives a HA_BAD_AAA_AUTH MUST use a new Challenge value
   in any new registration, obtained either from an Agent Advertisement,
   or from a Challenge extension to the Registration Reply containing
   the error.





Perkins, Calhoun, Bharatia        Expires 17 April  2004        [Page 9]

Internet Draft      Mobile IPv4 Challenge/Response      17 October  2003


   STALE_CHALLENGE: If the foreign agent receives a Registration
   Request with a Challenge extension containing a Challenge value
   previously used by that mobile node, the mobile node MAY receive
   a Registration Reply to the mobile node containing the Code value
   STALE_CHALLENGE. In such instances, the mobile node MUST use a
   new Challenge value in next Registration Request, obtained either
   from an Agent Advertisement, or from a Challenge extension to the
   Registration Reply containing the error.












































Perkins, Calhoun, Bharatia       Expires 17 April  2004        [Page 10]

Internet Draft      Mobile IPv4 Challenge/Response      17 October  2003


4. Mobile-Foreign Challenge Extension

   This section specifies a new Mobile IP Registration extension that is
   used to satisfy a Challenge in an Agent Advertisement.  The Challenge
   extension to the Registration Request message is used to indicate the
   challenge that the mobile node is attempting to satisfy.


       0                   1                   2                   3
       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |     Type      |    Length     |         Challenge...
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


            Figure 2: The Mobile-Foreign Challenge Extension


      Type        132 (skippable) (see [7])

      Length      Length of the Challenge value

      Challenge   The Challenge field is copied from the Challenge field
                  found in the Agent Advertisement Challenge extension
                  (see section 2).

   Suppose the mobile node has successfully registered using one of the
   Challenge Values within the CHALLENGE_WINDOW values advertised by the
   foreign agent.  In that case, in any new Registration Request the
   mobile node MUST NOT use any Challenge Value which was advertised by
   the foreign agent before the Challenge Value in the mobile node's
   last Registration Request.


5. Generalized Mobile IP Authentication Extension

   Several new authentication extensions have been designed for
   various control messages proposed for extensions to Mobile IP. A new
   authentication extension is required for a mobile node to present its
   credentials to any other entity other than the ones already defined;
   the only entities defined in the base Mobile IP specification [7]
   are the home agent and the foreign agent.  It is the purpose of the
   generalized authentication extension defined here to collect together
   data for all such new authentication applications into a single
   extension type with subtypes.







Perkins, Calhoun, Bharatia       Expires 17 April  2004        [Page 11]

Internet Draft      Mobile IPv4 Challenge/Response      17 October  2003


       0                   1                   2                   3
       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |     Type      |    Subtype    |            Length             |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |                              SPI                              |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |                         Authenticator ...
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


      Figure 3: The Generalized Mobile IP Authentication Extension


      Type            36 (not skippable) (see [7])

      Subtype         a number assigned to identify the kind of
                      endpoints or other characteristics of the
                      particular authentication strategy

      Length          4 plus the number of bytes in the Authenticator;
                      MUST be at least 20.

      SPI             Security Parameters Index

      Authenticator   The variable length Authenticator field

   In this document, only one subtype is defined:

      1               Mobile-AAA Authentication subtype (see section 6)


6. Mobile-AAA Authentication subtype

   The Generalized Authentication extension with subtype 1 will be
   referred to as a Mobile-AAA Authentication extension.  The mobile
   node MAY include a Mobile-AAA Authentication extension in any
   Registration Request.  This extension MAY co-exist in the same
   Registration Request with Authentication extensions defined for
   Mobile IP Registration by [7].  If the mobile node does not include a
   Mobile-Foreign Authentication [7] extension, then it MUST include the
   Mobile-AAA Authentication extension whenever the Challenge extension
   is present.  If both are present, the Mobile-AAA Authentication
   extension MUST precede the Mobile-Foreign Authentication extension.

   If the Mobile-AAA Authentication extension is present, then the
   Registration Message sent by the mobile node MUST contain the
   Mobile-Home Authentication extension [7] if it shares a security
   association with the home agent.  If both are present, the



Perkins, Calhoun, Bharatia       Expires 17 April  2004        [Page 12]

Internet Draft      Mobile IPv4 Challenge/Response      17 October  2003


   Mobile-Home Authentication Extension MUST appear prior to the
   Mobile-AAA Authentication extension.  The corresponding response
   MUST include the Mobile-Home Authentication Extension, and MUST NOT
   include the Mobile-AAA Authentication Extension.

   The default algorithm for computation of the authenticator is
   HMAC-MD5 [6] computed on the following data, in the order shown:

      Preceding Mobile IP data || Type, Subtype, Length, SPI

   where the Type, Length, Subtype, and SPI are as shown in section 5.
   The resulting function call, as described in [6], would be:

      hmac_md5(data, datalen, Key, KeyLength, authenticator);

   Each mobile node MUST support the ability to produce the
   authenticator by using HMAC-MD5 as shown.  Just as with Mobile IP,
   it must be possible to configure the use of any arbitrary 32-bit SPI
   outside of the SPIs in the reserved range 0-255 for selection of this
   default algorithm.


7. Reserved SPIs for Mobile IP

   Mobile IP defines several authentication extensions for use in
   Registration Requests and Replies.  Each authentication extension
   carries a Security Parameters Index (SPI) which should be used to
   index a table of security associations.  Values in the range 0 - 255
   are reserved for special use.  A list of reserved SPI numbers is to
   be maintained by IANA at the following URL:

      http://www.iana.org/numbers.html


8. SPIs for RADIUS AAA Servers

   Some AAA servers only admit a single security association, and thus
   do not use the SPI numbers for Mobile IP authentication extensions
   for use when determining the security association that would be
   necessary for verifying the authentication information included with
   the Authentication extension.

   SPI numbers CHAP_SPI and HMAC_CHAP_SPI (see section 9) are reserved
   for indicating the following procedure for computing authentication
   data (called the "authenticator"), which is used by many RADIUS
   servers [8] today.

   To compute the authenticator, apply MD5 [9] computed on the following
   data, in the order shown:



Perkins, Calhoun, Bharatia       Expires 17 April  2004        [Page 13]

Internet Draft      Mobile IPv4 Challenge/Response      17 October  2003


      High-order byte from Challenge || Key ||
      MD5(Preceding Mobile IP data ||
      Type, Subtype (if present), Length, SPI) ||
      Least-order 237 bytes from Challenge

   where the Type, Length, SPI, and possibly Subtype, are the fields
   of the authentication extension in use.  For instance, all four of
   these fields would be in use when SPI == (CHAP_SPI or HMAC_CHAP_SPI)
   is used with the Generalized Authentication extension.  The use
   of SPI number HMAC_CHAP_SPI indicates the use of HMAC_MD5 instead
   of MD5 in the above procedure.  Since the RADIUS protocol cannot
   carry attributes of length greater than 253, the preceding Mobile IP
   data, type, subtype (if present), length and SPI are hashed using
   MD5.  Finally, the least significant 237 bytes of the challenge
   are concatenated.  If the challenge has fewer than 238 bytes, this
   algorithm includes the high-order byte in the computation twice, but
   ensures that the challenge is used exactly as is.  Additional padding
   is never used to increase the length of the challenge; the input data
   is allowed to be shorter than 237 bytes long.

































Perkins, Calhoun, Bharatia       Expires 17 April  2004        [Page 14]

Internet Draft      Mobile IPv4 Challenge/Response      17 October  2003


9. Configurable Parameters

   Every Mobile IP agent supporting the extensions defined in this
   document SHOULD be able to configure each parameter in the following
   table.  Each table entry contains the name of the parameter, the
   default value, and the section of the document in which the parameter
   first appears.

      Parameter Name     Default Value   Section(s) of Document
      --------------     -------------   ----------------------
      CHALLENGE_WINDOW   2               3.2
      CHAP_SPI           2               8
      HMAC_CHAP_SPI      3               8



   Note that CHALLENGE_WINDOW SHOULD be at least 2.  This makes it far
   less likely that mobile nodes will register using a Challenge value
   that is outside the set of values allowable by the foreign agent.


10. Error Values

   Each entry in the following table contains the name of the Code [7]
   to be returned in a Registration Reply, the value for the Code,
   and the section in which the error is first mentioned in this
   specification.
      Error Name        Value   Section of Document
      ---------------------------   -------------------
      UNKNOWN_CHALLENGE 104     3.2
      BAD_AUTHENTICATION67      3.2 - also see [7]
      MISSING_CHALLENGE 105     3.1,3.2
      STALE_CHALLENGE   106     3.2
      FA_BAD_AAA_AUTH   TBD     3.2
      HA_BAD_AAA_AUTH   TBD     3.4




11. IANA Considerations

   All protocol values in this specification are to be the same as
   defined in RFC 3012 [3].  Additionaly, new Code values are defined by
   this document for FA_BAD_AAA_AUTH
   and HA_BAD_AAA_AUTH.







Perkins, Calhoun, Bharatia       Expires 17 April  2004        [Page 15]

Internet Draft      Mobile IPv4 Challenge/Response      17 October  2003


12. Security Considerations

   In the event that a malicious mobile node attempts to replay the
   authenticator for an old Mobile-Foreign Challenge, the Foreign
   Agent would detect it since the agent always checks whether it has
   recently advertised the Challenge (see section 3.2).  Allowing mobile
   nodes with different IP addresses or NAIs to use the same Challenge
   value does not represent a security vulnerability, because the
   authentication data provided by the mobile node will be computed over
   data that is different (at least by the bytes of the mobile nodes' IP
   addresses).

   If the foreign agent chooses a Challenge value (see section 2) with
   fewer than 4 bytes, the foreign agent SHOULD include the value of
   the Identification field in the records it maintains for the mobile
   node.  The foreign agent can then determine whether the Registration
   messages using the short Challenge value are in fact unique, and thus
   assuredly not replayed from any earlier registration.

   Section 8 (SPI For RADIUS AAA Servers) defines a method of computing
   the Generalized Mobile IP Authentication Extension's authenticator
   field using MD5 in a manner that is consistent with RADIUS [8].  The
   use of MD5 in the method described in Section 8 is less secure than
   HMAC-MD5 [6], and should be avoided whenever possible.

   Note that an active attacker may try to prevent successful
   registrations by sending a large number of Agent Solicitations or
   bogus Registration Requests, each of which could cause the FA to
   respond with a fresh challenge, invalidating the challenge that the
   MN is currently trying to use.  To prevent such attacks, the FA
   MUST NOT invalidate previously unused challenges when responding to
   unauthenticated Registration Requests or Agent Solicitations.  In
   addition, the FA MUST NOT allocate new storage when responding to
   such messages, because this would also create the possibility of
   denial of service.


13. Acknowledgments

   The authors would like to thank Tom Hiller, Mark Munson, the
   TIA TR45-6 WG, Gabriel Montenegro, Vipul Gupta, Pete McCann,
   Robert Marks, Ahmad Muhanna, and Luca Salgarelli for their useful
   discussions.  A recent draft by Mohamed Khalil, Raja Narayanan, Emad
   Qaddoura, and Haseeb Akhtar has also suggested the definition of a
   generalized authentication extension similar to the specification
   contained in section 5.






Perkins, Calhoun, Bharatia       Expires 17 April  2004        [Page 16]

Internet Draft      Mobile IPv4 Challenge/Response      17 October  2003


References

    [1] S. Bradner.  Key words for use in RFCs to Indicate Requirement
        Levels.  Request for Comments (Best Current Practice) 2119,
        Internet Engineering Task Force, March 1997.

    [2] P. Calhoun and C. Perkins.  Mobile IP Network Access Identifier
        Extension for IPv4.  Request for Comments (Proposed Standard)
        2794, Internet Engineering Task Force, January 2000.

    [3] P. Calhoun and C. E. Perkins.  Mobile IP Foreign Agent
        Challenge/Response Extension.  Request for Comments (Proposed
        Standard) 3012, Internet Engineering Task Force, December 2000.

    [4] S. Deering.  ICMP Router Discovery Messages.  Request for
        Comments (Proposed Standard) 1256, Internet Engineering Task
        Force, September 1991.

    [5] D. Eastlake, 3rd, S. Crocker, and J. Schiller.  Randomness
        Recommendations for Security.  Request for Comments
        (Informational) 1750, Internet Engineering Task Force, December
        1994.

    [6] H. Krawczyk, M. Bellare, and R. Canetti.  HMAC: Keyed-Hashing
        for Message Authentication.  Request for Comments
        (Informational) 2104, Internet Engineering Task Force,
        February 1997.

    [7] C. Perkins.  IP Mobility Support.  Request for Comments
        (Proposed Standard) 3344, Internet Engineering Task Force,
        August 2002.

    [8] C. Rigney, A. Rubens, W. Simpson, and S. Willens.  Remote
        Authentication Dial In User Service (RADIUS).  Request for
        Comments (Proposed Standard) 2138, Internet Engineering Task
        Force, April 1997.

    [9] R. Rivest.  The MD5 Message-Digest Algorithm.  Request for
        Comments (Informational) 1321, Internet Engineering Task Force,
        April 1992.

   [10] W. Simpson.  PPP Challenge Handshake Authentication Protocol
        (CHAP).  Request for Comments (Draft Standard) 1994, Internet
        Engineering Task Force, August 1996.

   All references are normative.






Perkins, Calhoun, Bharatia       Expires 17 April  2004        [Page 17]

Internet Draft      Mobile IPv4 Challenge/Response      17 October  2003


A. Change History

   List of the important changes for version 03.

    -  Foreign agent recommended to include a Challenge in every
       Registration Reply, so that mobile node can re-register without
       waiting for an Advertisement.

    -  Foreign agent MUST record applicable challenge values used by
       each mobile node

    -  Mobile node forbidden to use Challenge values which were
       advertised previous to the last Challenge value which it had used
       for a registration.

    -  terminology for stale challenge vs.  unused challenge clarified

    -  terminology for "valid" challenge deleted in favor of "unused
       challenge"

    -  Programming suggestion added as an appendix

   List of the important changes for version 04.

    -  The definition of "previously used challenge" is merged with
       "stale challenge" definition in section 1.1.

    -  Reference 7 is updated from RFC 3320 to RFC 3344 and reference 9
       is updated from RFC 2138 to RFC 2865 in "Reference" section.

    -  Reference to RFC 3344 is added in section 3.

    -  HMAC_CHAP_SPI option is added for Generalized Mobile IP
       Authentication extension.  Upon receipt of HMAC_CHAP_SPI,
       HMAC-MD5 is used instead of MD5 for computing the authenticator.

    -  Clarified processing of error messages at the mobile node
       (section 3.1).

    -  Modified text of section 2.1 and 3.2 for further clarity.

   List of the important changes for version 05.

    -  Added BAD_AAA_AUTHENTICATION_SET_BY_FA and
       BAD_AAA_AUTHENTICATION_SET_BY_HA error codes to report
       authentication errors caused while processing Mobile-AAA
       Authentication extension.





Perkins, Calhoun, Bharatia       Expires 17 April  2004        [Page 18]

Internet Draft      Mobile IPv4 Challenge/Response      17 October  2003


    -  Processing of the Mobile-AAA Authentication extension is
       clarified for the foreign agent and the Home Agent.

    -  Co-existence of the Mobile-AAA Authentication extension in the
       same Registration Request is made explicit.

    -  The situation in which the foreign agent sets MISSING_CHALLENGE
       is clarified further.

    -  The use of Mobile-AAA Authentication Extension is allowed by the
       Mobile Node with co-located care-of-address.

   List of the important changes for version 06.

    -  Minor editorial changes are made through out the document.

    -  Added definition of "previously used challenge" and removed
       definition of "stale challenge" from section 1.1.

    -  Renamed BAD_AAA_AUTHENTICATION_SET_BY_FA to FA_BAD_AAA_AUTH and
       BAD_AAA_AUTHENTICATION_SET_BY_HA to HA_BAD_AAA_AUTH.

    -  Defined an order of the Mobile-AAA Authentication extension
       received with the authentication extension(s) defined in RFC
       3344 [7].

    -  Added protection against bogus Registration Reply and Agent
       Advertisement.  Also, the processing of the Challenge is
       clarified if it is received in the multicast/unicast Agent
       Advertisement.


B. Verification Infrastructure

   The Challenge extensions in this protocol specification are expected
   to be useful to help the foreign agent manage connectivity for
   visiting mobile nodes, even in situations where the foreign agent
   does not have any security association with the mobile node or the
   mobile node's home agent.  In order to carry out the necessary
   authentication, it is expected that the foreign agent will need the
   assistance of external administrative systems, which have come to be
   called AAA systems.  For the purposes of this document, we call the
   external administrative support the "verification infrastructure".
   The verification infrastructure is described to motivate the design
   of the protocol elements defined in this document, and is not
   strictly needed for the protocol to work.  The foreign agent is free
   to use any means at its disposal to verify the credentials of the
   mobile node.  This could, for instance, rely on a separate protocol




Perkins, Calhoun, Bharatia       Expires 17 April  2004        [Page 19]

Internet Draft      Mobile IPv4 Challenge/Response      17 October  2003


   between the foreign agent and the Mobile IP home agent, and still be
   completely invisible to the mobile node.

   In order to verify the credentials of the mobile node, we imagine
   that the foreign agent has access to a verification infrastructure
   that can return a secure notification to the foreign agent that the
   authentication has been performed, along with the results of that
   authentication.  This infrastructure may be visualized as shown in
   figure 4.


            +----------------------------------------------------+
            |                                                    |
            |  Verification and Key Management Infrastructure    |
            |                                                    |
            +----------------------------------------------------+
                   ^ |                                  ^ |
                   | |                                  | |
                   | v                                  | v
            +---------------+                    +---------------+
            |               |                    |               |
            | foreign agent |                    |   home agent  |
            |               |                    |               |
            +---------------+                    +---------------+


               Figure 4: The Verification Infrastructure



   After the foreign agent gets the Challenge authentication, it MAY
   pass the authentication to the (here unspecified) infrastructure,
   and await a Registration Reply.  If the Reply has a positive status
   (indicating that the registration was accepted), the foreign agent
   accepts the registration.  If the Reply contains the Code value
   BAD_AUTHENTICATION (see Section 10), the foreign agent takes actions
   indicated for rejected registrations.

   Implicit in this picture, is the important observation that the
   foreign agent and the home agent have to be equipped to make use
   of whatever protocol is made available to them by the challenge
   verification and key management infrastructure shown in the figure.

   The protocol messages for handling the authentication within the
   verification infrastructure, and identity of the agent performing the
   verification of the foreign agent challenge, are not specified in
   this document, because those operations do not have to be performed
   by any Mobile IP entity.




Perkins, Calhoun, Bharatia       Expires 17 April  2004        [Page 20]

Internet Draft      Mobile IPv4 Challenge/Response      17 October  2003


C. Message Flow for FA Challenge Messaging with Mobile-AAA Extension


    MN                  FA                   Verification     home agent
     |<-- Adv+Challenge--|                  Infrastructure          |
     |    (if needed)    |                         |                |
     |                   |                         |                |
     |-- RReq+Challenge->|                         |                |
     |    + Auth.Ext.    |                         |                |
     |                   |   Auth. Request, incl.  |                |
     |                   |--- RReq + Challenge --->|                |
     |                   |      + Auth.Ext         |   RReq +       |
     |                   |                         |-- Challenge -->|
     |                   |                         |                |
     |                   |                         |                |
     |                   |                         |<--- RRep ----- |
     |                   |   Authorization, incl.  |                |
     |                   |<-- RRep + Auth.Ext.-----|                |
     |                   |                         |                |
     |<-- RRep+Auth.Ext--|                         |                |
     |  + New Challenge  |                         |                |


           Figure 5: Message Flows for FA Challenge Messaging


   In figure 5, the following informational message flow is illustrated:

    1. The foreign agent disseminates a Challenge Value in an Agent
       Advertisement if needed.  This advertisement MAY have been
       produced after receiving an Agent Solicitation from the mobile
       node (not shown in the diagram).

    2. The mobile node creates a Registration Request including the
       advertised Challenge Value in the Challenge Extension, along with
       an Mobile-AAA authentication extension.

    3. The foreign agent relays the Registration Request either to
       the home agent specified by the mobile node, or else to its
       locally configured Verification Infrastructure (see appendix B),
       according to local policy.

    4. The foreign agent receives a Registration Reply with the
       appropriate indications for authorizing connectivity for the
       mobile node.

    5. The foreign agent relays the Registration Reply to the mobile
       node, possibly along with a new Challenge Value to be used by the
       mobile node in its next Registration Reply message.



Perkins, Calhoun, Bharatia       Expires 17 April  2004        [Page 21]

Internet Draft      Mobile IPv4 Challenge/Response      17 October  2003


D. Message Flow for FA Challenge Messaging with MN-FA Authentication


         MN                  FA                     home agent
          |<-- Adv+Challenge--|                         |
          |    (if needed)    |                         |
          |                   |                         |
          |-- RReq+Challenge->|                         |
          |    + Auth.Ext.    |                         |
          |                   |--- RReq + Challenge --->|
          |                   |   + HA-FA Auth.Ext      |
          |                   |                         |
          |                   |<-- RRep + Challenge ----|
          |                   |   + HA-FA Auth.Ext      |
          |                   |                         |
          |<-- RRep+Auth.Ext--|                         |
          |  + New Challenge  |                         |


           Figure 6: Message Flows for FA Challenge Messaging
                       with MN-FA Authentication


   In figure 6, the following informational message flow is illustrated:

    1. The foreign agent disseminates a Challenge Value in an Agent
       Advertisement if needed.  This advertisement MAY have been
       produced after receiving an Agent Solicitation from the mobile
       node (not shown in the diagram).

    2. The mobile node creates a Registration Request including the
       advertised Challenge Value in the Challenge Extension, along with
       an Mobile-Foreign Authentication extension.

    3. The foreign agent relays the Registration Request to the home
       agent specified by the mobile node.

    4. The foreign agent receives a Registration Reply with the
       appropriate indications for authorizing connectivity for the
       mobile node.

    5. The foreign agent relays the Registration Reply to the mobile
       node, possibly along with a new Challenge Value to be used by the
       mobile node in its next Registration Reply message.  If the Reply
       contains the Code value HA_BAD_AAA_AUTH (see Section 10), the
       foreign agent takes actions indicated for rejected registrations.






Perkins, Calhoun, Bharatia       Expires 17 April  2004        [Page 22]

Internet Draft      Mobile IPv4 Challenge/Response      17 October  2003


E. Foreign Agent Algorithm for Tracking Used Challenges

   If the foreign agent maintains a large CHALLENGE_WINDOW, it becomes
   more important for scalability purposes to efficiently compare
   incoming challenges against the set of Challenge values which have
   been advertised recently.  This can be done by keeping the Challenge
   values in order of advertisement, and by making use of the mandated
   behavior that mobile nodes MUST NOT use Challenge values which were
   advertised before the last advertised Challenge value that the mobile
   node has attempted to use.  The following stylized programmatic
   algorithm accomplishes this objective.  The maximum amount of total
   storage required by this algorithm is equal to Size*(CHALLENGE_WINDOW
   + (2*N)), where N is the current number of mobile nodes for which the
   foreign agent is storing challenge values.  Note that, whenever the
   stored challenge value is no longer in the CHALLENGE_WINDOW, it can
   be deleted from the foreign agent's records, perhaps along with all
   other registration information for the mobile node if it is no longer
   registered.

   In the program fragment, it is presumed that the foreign agent
   keeps an array of advertised Challenges ("VALID_ADV_CHALLENGES"), a
   record of the last advertised challenge used by a mobile node, and
   also a record of the last challenge provided to a mobile node in a
   Registration Reply or unicast Agent Advertisement.

   To meet the security obligations outlined in Section 12, the FA
   SHOULD use one of the already stored, previously unused challenges
   when responding to an unauthenticated Registration Request or
   Agent Solicitation.  If none of the already stored challenges are
   previously unused, the FA SHOULD generate a new challenge, include it
   in the response, and store it in the per-Mobile data structure.

   current_chal := RegistrationRequest.challenge_extension_value
   last_chal := mobile_node_record.last_used_adv_chal

   if (current_chal == mobile_node_record.RegReply_challenge) {
        update (mobile_node_record, current_chal)
        return (OK)
   }
   else if (current_chal "among" VALID_ADV_CHALLENGES[]{
        if (last_chal "among" VALID_ADV_CHALLENGES[]) {
                if (current_chal is "before" last_chal) {
                        send_error(STALE_CHALLENGE)
                        return (FAILURE)
                }
                else {
                        update (mobile_node_record, current_chal)
                        return (OK)
                }



Perkins, Calhoun, Bharatia       Expires 17 April  2004        [Page 23]

Internet Draft      Mobile IPv4 Challenge/Response      17 October  2003


        }
        else {
                update (mobile_node_record, current_chal)
                return (OK)

        }
   }
   else {
        send_error(UNKNOWN_CHALLENGE);
   }










































Perkins, Calhoun, Bharatia       Expires 17 April  2004        [Page 24]

Internet Draft      Mobile IPv4 Challenge/Response      17 October  2003


Addresses

   Questions about this memo can be directed to the authors:


     Charles E. Perkins                Pat R. Calhoun
     Communications Systems Lab
     Nokia Research Center             Airespace Networks
     313 Fairchild Drive               110 Nortech Parkway
     Mountain View, California 94043   San Jose, CA 95134
     USA                               USA
     Phone: +1-650 625-2986            Phone:  +1 408 635 2000
     EMail: charles.perkins@nokia.com  Email:  pcalhoun@diameter.org
     Fax:  +1 650 625-2502             Fax:  +1 720-293-7501


     Jayshree Bharatia
     Nortel Networks
     2221, Lakeside Blvd.
     Richardson, TX, 75082
     USA
     Phone:  +1 972-684-5767
     Email:  jayshree@nortelnetworks.com
     Fax:  +1 972-684-3775




























Perkins, Calhoun, Bharatia       Expires 17 April  2004        [Page 25]


Html markup produced by rfcmarkup 1.109, available from https://tools.ietf.org/tools/rfcmarkup/