draft-ietf-mext-flow-binding-07.txt   draft-ietf-mext-flow-binding-08.txt 
skipping to change at page 1, line 16 skipping to change at page 1, line 16
Intended status: Standards Track Elevate Technologies Intended status: Standards Track Elevate Technologies
Expires: February 17, 2011 N. Montavont Expires: February 17, 2011 N. Montavont
IT/TB IT/TB
G. Giaretta G. Giaretta
Qualcomm Qualcomm
K. Kuladinithi K. Kuladinithi
University of Bremen University of Bremen
August 16, 2010 August 16, 2010
Flow Bindings in Mobile IPv6 and NEMO Basic Support Flow Bindings in Mobile IPv6 and NEMO Basic Support
draft-ietf-mext-flow-binding-07.txt draft-ietf-mext-flow-binding-08.txt
Abstract Abstract
This document introduces extensions to Mobile IPv6 that allow nodes This document introduces extensions to Mobile IPv6 that allow nodes
to bind one or more flows to a care-of address. These extensions to bind one or more flows to a care-of address. These extensions
allow multihomed nodes to instruct home agents and other Mobile IPv6 allow multihomed nodes to instruct home agents and other Mobile IPv6
entities to direct inbound flows to specific addresses. entities to direct inbound flows to specific addresses.
Status of this Memo Status of this Memo
skipping to change at page 33, line 8 skipping to change at page 33, line 8
Section 4.2.1.4. Implementations are encouradged to keep binding Section 4.2.1.4. Implementations are encouradged to keep binding
updates to sizes below than that of the path's MTU by making full use updates to sizes below than that of the path's MTU by making full use
of BID Reference Section 4.2.1.3 and FID Summary Section 4.2.2 sub- of BID Reference Section 4.2.1.3 and FID Summary Section 4.2.2 sub-
options, which allows them to refer to already registered care-off options, which allows them to refer to already registered care-off
addresses and flows, while registering new ones in subsequent binding addresses and flows, while registering new ones in subsequent binding
update messages. update messages.
7. Security considerations 7. Security considerations
This draft introduces a new option that adds more granularity to the This draft introduces a new option that adds more granularity to the
binding update and acknowledgement messages defined in [RFC3775], , binding update and acknowledgement messages defined in [RFC3775],
and [RFC5555] [RFC3963], and as such inherits the security [RFC5555], and [RFC3963], so it inherits the security considerations
considerations discussed in these documents. The new option allows discussed in these documents. The new option allows the mobile node
the mobile node to associate some flows to one interface and other to associate some flows to one interface and other flows to another
flows to another interface. Since the flow identification mobility interface. Since the flow identification mobility option is part of
option is part of the mobility header, it uses the same security as the mobility header, it uses the same security as the Binding Update,
the Binding Update, whether it is sent to a mobility agent, or to a whether it is sent to a mobility agent, or to a correspondent node.
correspondent node.
This specification does not open up new fundamental lines of attack This specification does not open up new fundamental lines of attack
on communications between the MN and its correspondent nodes. on communications between the MN and its correspondent nodes.
However, it allows attacks of a finer granularity than those on the However, it allows attacks of a finer granularity than those on the
binding update. For instance, the attacker can divert or replicate binding update. For instance, the attacker can divert or replicate
flows of special interest to the attacker to an address of the flows of special interest to the attacker to an address of the
attacker's choosing, if the attacker is able to impersonate the MN or attacker's choosing, if the attacker is able to impersonate the MN or
modify a binding update sent by the MN. Hence it becomes doubly modify a binding update sent by the MN. Hence it becomes doubly
critical that authentication and integrity services are applied to critical that authentication and integrity services are applied to
binding updates. binding updates.
 End of changes. 2 change blocks. 
9 lines changed or deleted 8 lines changed or added

This html diff was produced by rfcdiff 1.38. The latest version is available from http://tools.ietf.org/tools/rfcdiff/