draft-ietf-mext-rfc3775bis-09.txt   draft-ietf-mext-rfc3775bis-10.txt 
IETF Mobile IP Working Group C. Perkins (Ed.) IETF Mobile IP Working Group C. Perkins (Ed.)
Internet-Draft Tellabs Inc. Internet-Draft Tellabs Inc.
Obsoletes: 3775 (if approved) D. Johnson Obsoletes: 3775 (if approved) D. Johnson
Intended status: Standards Track Rice University Intended status: Standards Track Rice University
Expires: April 8, 2011 J. Arkko Expires: April 16, 2011 J. Arkko
Ericsson Ericsson
Oct 05, 2010 Oct 13, 2010
Mobility Support in IPv6 Mobility Support in IPv6
draft-ietf-mext-rfc3775bis-09.txt draft-ietf-mext-rfc3775bis-10.txt
Abstract Abstract
This document specifies Mobile IPv6, a protocol which allows nodes to This document specifies Mobile IPv6, a protocol which allows nodes to
remain reachable while moving around in the IPv6 Internet. Each remain reachable while moving around in the IPv6 Internet. Each
mobile node is always identified by its home address, regardless of mobile node is always identified by its home address, regardless of
its current point of attachment to the Internet. While situated away its current point of attachment to the Internet. While situated away
from its home, a mobile node is also associated with a care-of from its home, a mobile node is also associated with a care-of
address, which provides information about the mobile node's current address, which provides information about the mobile node's current
location. IPv6 packets addressed to a mobile node's home address are location. IPv6 packets addressed to a mobile node's home address are
skipping to change at page 1, line 46 skipping to change at page 1, line 46
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on April 8, 2011. This Internet-Draft will expire on April 16, 2011.
Copyright Notice Copyright Notice
Copyright (c) 2010 IETF Trust and the persons identified as the Copyright (c) 2010 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
skipping to change at page 9, line 9 skipping to change at page 9, line 9
This document obsoletes RFC 3775. Issues with the original document This document obsoletes RFC 3775. Issues with the original document
have been observed during integration, testing and deployment of RFC have been observed during integration, testing and deployment of RFC
3775. A more detailed list of the changes since RFC 3775 may be 3775. A more detailed list of the changes since RFC 3775 may be
found in Appendix B. found in Appendix B.
2. Comparison with Mobile IP for IPv4 2. Comparison with Mobile IP for IPv4
The design of Mobile IP support in IPv6 (Mobile IPv6) benefits both The design of Mobile IP support in IPv6 (Mobile IPv6) benefits both
from the experiences gained from the development of Mobile IP support from the experiences gained from the development of Mobile IP support
in IPv4 (Mobile IPv4) [30] [23] [24], and from the opportunities in IPv4 (Mobile IPv4) [31] [24] [25], and from the opportunities
provided by IPv6. Mobile IPv6 thus shares many features with Mobile provided by IPv6. Mobile IPv6 thus shares many features with Mobile
IPv4, but is integrated into IPv6 and offers many other improvements. IPv4, but is integrated into IPv6 and offers many other improvements.
This section summarizes the major differences between Mobile IPv4 and This section summarizes the major differences between Mobile IPv4 and
Mobile IPv6: Mobile IPv6:
o There is no need to deploy special routers as "foreign agents", as o There is no need to deploy special routers as "foreign agents", as
in Mobile IPv4. Mobile IPv6 operates in any location without any in Mobile IPv4. Mobile IPv6 operates in any location without any
special support required from the local router. special support required from the local router.
o Support for route optimization is a fundamental part of the o Support for route optimization is a fundamental part of the
protocol, rather than a nonstandard set of extensions. protocol, rather than a nonstandard set of extensions.
o Mobile IPv6 route optimization can operate securely even without o Mobile IPv6 route optimization can operate securely even without
pre-arranged security associations. It is expected that route pre-arranged security associations. It is expected that route
optimization can be deployed on a global scale between all mobile optimization can be deployed on a global scale between all mobile
nodes and correspondent nodes. nodes and correspondent nodes.
o Support is also integrated into Mobile IPv6 for allowing route o Support is also integrated into Mobile IPv6 for allowing route
optimization to coexist efficiently with routers that perform optimization to coexist efficiently with routers that perform
"ingress filtering" [26]. "ingress filtering" [27].
o The IPv6 Neighbor Unreachability Detection assures symmetric o The IPv6 Neighbor Unreachability Detection assures symmetric
reachability between the mobile node and its default router in the reachability between the mobile node and its default router in the
current location. current location.
o Most packets sent to a mobile node while away from home in Mobile o Most packets sent to a mobile node while away from home in Mobile
IPv6 are sent using an IPv6 routing header rather than IP IPv6 are sent using an IPv6 routing header rather than IP
encapsulation, reducing the amount of resulting overhead compared encapsulation, reducing the amount of resulting overhead compared
to Mobile IPv4. to Mobile IPv4.
skipping to change at page 12, line 21 skipping to change at page 12, line 21
First (size, input) First (size, input)
Some formulas in this specification use a functional form "First Some formulas in this specification use a functional form "First
(size, input)" to indicate truncation of the "input" data so that (size, input)" to indicate truncation of the "input" data so that
only the first "size" bits remain to be used. only the first "size" bits remain to be used.
3.2. Mobile IPv6 Terms 3.2. Mobile IPv6 Terms
These terms are intended to be compatible with the definitions given These terms are intended to be compatible with the definitions given
in RFC 3753[37]. However, if there is any conflict, the definitions in RFC 3753[38]. However, if there is any conflict, the definitions
given here should be considered to supersede those in RFC 3753. given here should be considered to supersede those in RFC 3753.
home address home address
A unicast routable address assigned to a mobile node, used as the A unicast routable address assigned to a mobile node, used as the
permanent address of the mobile node. This address is within the permanent address of the mobile node. This address is within the
mobile node's home link. Standard IP routing mechanisms will mobile node's home link. Standard IP routing mechanisms will
deliver packets destined for a mobile node's home address to its deliver packets destined for a mobile node's home address to its
home link. Mobile nodes can have multiple home addresses, for home link. Mobile nodes can have multiple home addresses, for
instance when there are multiple home prefixes on the home link. instance when there are multiple home prefixes on the home link.
skipping to change at page 18, line 14 skipping to change at page 18, line 14
This document is written under the assumption that the mobile node is This document is written under the assumption that the mobile node is
configured with the home prefix for the mobile node to be able to configured with the home prefix for the mobile node to be able to
discover a home agent and configure a home address. This might be discover a home agent and configure a home address. This might be
limiting in deployments where the home agent and the home address for limiting in deployments where the home agent and the home address for
the mobile node needs to be assigned dynamically. Additional the mobile node needs to be assigned dynamically. Additional
mechanisms have been specified for the mobile node to dynamically mechanisms have been specified for the mobile node to dynamically
configure a home agent, a home address and the home prefix. These configure a home agent, a home address and the home prefix. These
mechanisms are described in "Mobile IPv6 Bootstrapping in Split mechanisms are described in "Mobile IPv6 Bootstrapping in Split
Scenario" [21] and "MIP6 bootstrapping for the Integrated Scenario" Scenario" [21] and "MIP6 bootstrapping for the Integrated Scenario"
[34]. [35].
4.2. New IPv6 Protocol 4.2. New IPv6 Protocol
Mobile IPv6 defines a new IPv6 protocol, using the Mobility Header Mobile IPv6 defines a new IPv6 protocol, using the Mobility Header
(see Section 6.1). This Header is used to carry the following (see Section 6.1). This Header is used to carry the following
messages: messages:
Home Test Init Home Test Init
Home Test Home Test
skipping to change at page 23, line 5 skipping to change at page 23, line 5
agent. In order to make this possible, it is necessary that the home agent. In order to make this possible, it is necessary that the home
address of the mobile node is visible in the Binding Updates and address of the mobile node is visible in the Binding Updates and
Acknowledgements. The home address is used in these packets as a Acknowledgements. The home address is used in these packets as a
source or destination, or in the Home Address destination option or source or destination, or in the Home Address destination option or
the type 2 routing header. the type 2 routing header.
As with all IPsec security associations in this specification, manual As with all IPsec security associations in this specification, manual
configuration of security associations MUST be supported. The shared configuration of security associations MUST be supported. The shared
secrets used MUST be random and unique for different mobile nodes, secrets used MUST be random and unique for different mobile nodes,
and MUST be distributed off-line to the mobile nodes. Automatic key and MUST be distributed off-line to the mobile nodes. Automatic key
management with IKEv2 [43] MAY be supported as described in [19]. management with IKEv2 [23] MAY be supported as described in [19].
Section 11.3.2 discusses how IKEv2 connections to the home agent need Section 11.3.2 discusses how IKEv2 connections to the home agent need
a careful treatment of the addresses used for transporting IKEv2. a careful treatment of the addresses used for transporting IKEv2.
This is necessary to ensure that a Binding Update is not needed This is necessary to ensure that a Binding Update is not needed
before the IKEv2 exchange which is needed for securing the Binding before the IKEv2 exchange which is needed for securing the Binding
Update. Update.
More detailed descriptions and examples using IPsec to protect More detailed descriptions and examples using IPsec to protect
communications between the mobile node and the home agent have been communications between the mobile node and the home agent have been
published [11][19]. published [11][19].
skipping to change at page 23, line 33 skipping to change at page 23, line 33
routability procedure is used to assure that the right mobile node is routability procedure is used to assure that the right mobile node is
sending the message. This method does not protect against attackers sending the message. This method does not protect against attackers
who are on the path between the home network and the correspondent who are on the path between the home network and the correspondent
node. However, attackers in such a location are capable of node. However, attackers in such a location are capable of
performing the same attacks even without Mobile IPv6. The main performing the same attacks even without Mobile IPv6. The main
advantage of the return routability procedure is that it limits the advantage of the return routability procedure is that it limits the
potential attackers to those having an access to one specific path in potential attackers to those having an access to one specific path in
the Internet, and avoids forged Binding Updates from anywhere else in the Internet, and avoids forged Binding Updates from anywhere else in
the Internet. For a more in depth explanation of the security the Internet. For a more in depth explanation of the security
properties of the return routability procedure, see Section 15. properties of the return routability procedure, see Section 15.
Also, consult [40] Also, consult [41]
The integrity and authenticity of the Binding Update messages to The integrity and authenticity of the Binding Update messages to
correspondent nodes is protected by using a keyed-hash algorithm. correspondent nodes is protected by using a keyed-hash algorithm.
The binding management key, Kbm, is used to key the hash algorithm The binding management key, Kbm, is used to key the hash algorithm
for this purpose. Kbm is established using data exchanged during the for this purpose. Kbm is established using data exchanged during the
return routability procedure. The data exchange is accomplished by return routability procedure. The data exchange is accomplished by
use of node keys, nonces, cookies, tokens, and certain cryptographic use of node keys, nonces, cookies, tokens, and certain cryptographic
functions. Section 5.2.5 outlines the basic return routability functions. Section 5.2.5 outlines the basic return routability
procedure. Section 5.2.6 shows how the results of this procedure are procedure. Section 5.2.6 shows how the results of this procedure are
used to authorize a Binding Update to a correspondent node. used to authorize a Binding Update to a correspondent node.
skipping to change at page 25, line 34 skipping to change at page 25, line 34
Home and care-of keygen tokens are produced by the correspondent node Home and care-of keygen tokens are produced by the correspondent node
based on its currently active secret key (Kcn) and nonces, as well as based on its currently active secret key (Kcn) and nonces, as well as
the home or care-of address (respectively). A keygen token is valid the home or care-of address (respectively). A keygen token is valid
as long as both the secret key (Kcn) and the nonce used to create it as long as both the secret key (Kcn) and the nonce used to create it
are valid. are valid.
5.2.4. Cryptographic Functions 5.2.4. Cryptographic Functions
By default in this specification, the function used to compute hash By default in this specification, the function used to compute hash
values is SHA1 [10]. Message Authentication Codes (MACs) are then values is SHA1 [10]. Message Authentication Codes (MACs) are then
computed using HMAC_SHA1 [25][10]. HMAC_SHA1(K,m) denotes such a MAC computed using HMAC_SHA1 [26][10]. HMAC_SHA1(K,m) denotes such a MAC
computed on message m with key K. computed on message m with key K.
5.2.5. Return Routability Procedure 5.2.5. Return Routability Procedure
The Return Routability Procedure enables the correspondent node to The Return Routability Procedure enables the correspondent node to
obtain some reasonable assurance that the mobile node is in fact obtain some reasonable assurance that the mobile node is in fact
addressable at its claimed care-of address as well as at its home addressable at its claimed care-of address as well as at its home
address. Only with this assurance is the correspondent node able to address. Only with this assurance is the correspondent node able to
accept Binding Updates from the mobile node which would then instruct accept Binding Updates from the mobile node which would then instruct
the correspondent node to direct that mobile node's data traffic to the correspondent node to direct that mobile node's data traffic to
skipping to change at page 34, line 41 skipping to change at page 34, line 41
the following we define the security measures taken to protect these, the following we define the security measures taken to protect these,
and to prevent their use in attacks against other parties. and to prevent their use in attacks against other parties.
This specification limits the use of the Home Address destination This specification limits the use of the Home Address destination
option to the situation where the correspondent node already has a option to the situation where the correspondent node already has a
Binding Cache entry for the given home address. This avoids the use Binding Cache entry for the given home address. This avoids the use
of the Home Address option in attacks described in Section 15.1. of the Home Address option in attacks described in Section 15.1.
Mobile IPv6 uses a type of routing header specific to Mobile IPv6. Mobile IPv6 uses a type of routing header specific to Mobile IPv6.
This type provides the necessary functionality but does not open This type provides the necessary functionality but does not open
vulnerabilities discussed in Section 15.1 and RFC 5095 [42]. vulnerabilities discussed in Section 15.1 and RFC 5095 [43].
Tunnels between the mobile node and the home agent are protected by Tunnels between the mobile node and the home agent are protected by
ensuring proper use of source addresses, and optional cryptographic ensuring proper use of source addresses, and optional cryptographic
protection. The mobile node verifies that the outer IP address protection. The mobile node verifies that the outer IP address
corresponds to its home agent. The home agent verifies that the corresponds to its home agent. The home agent verifies that the
outer IP address corresponds to the current location of the mobile outer IP address corresponds to the current location of the mobile
node (Binding Updates sent to the home agents are secure). The home node (Binding Updates sent to the home agents are secure). The home
agent identifies the mobile node through the source address of the agent identifies the mobile node through the source address of the
inner packet. (Typically, this is the home address of the mobile inner packet. (Typically, this is the home address of the mobile
node, but it can also be a link-local address, as discussed in node, but it can also be a link-local address, as discussed in
skipping to change at page 47, line 38 skipping to change at page 47, line 38
137 Expired care-of nonce index 137 Expired care-of nonce index
138 Expired nonces 138 Expired nonces
139 Registration type change disallowed 139 Registration type change disallowed
TBD Invalid Care-of Address TBD Invalid Care-of Address
Up-to-date values of the Status field are to be specified in the Up-to-date values of the Status field are to be specified in the
IANA registry of assigned numbers [28]. IANA registry of assigned numbers [29].
Key Management Mobility Capability (K) Key Management Mobility Capability (K)
If this bit is cleared, the protocol used by the home agent for If this bit is cleared, the protocol used by the home agent for
establishing the IPsec security associations between the mobile establishing the IPsec security associations between the mobile
node and the home agent does not survive movements. It may then node and the home agent does not survive movements. It may then
have to be rerun. (Note that the IPsec security associations have to be rerun. (Note that the IPsec security associations
themselves are expected to survive movements.) themselves are expected to survive movements.)
Correspondent nodes MUST set the K bit to 0. Correspondent nodes MUST set the K bit to 0.
skipping to change at page 59, line 13 skipping to change at page 59, line 13
routing headers. routing headers.
6.5. ICMP Home Agent Address Discovery Request Message 6.5. ICMP Home Agent Address Discovery Request Message
The ICMP Home Agent Address Discovery Request message is used by a The ICMP Home Agent Address Discovery Request message is used by a
mobile node to initiate the dynamic home agent address discovery mobile node to initiate the dynamic home agent address discovery
mechanism, as described in Section 11.4.1. The mobile node sends the mechanism, as described in Section 11.4.1. The mobile node sends the
Home Agent Address Discovery Request message to the Mobile IPv6 Home- Home Agent Address Discovery Request message to the Mobile IPv6 Home-
Agents anycast address [7] for its own home subnet prefix. (Note Agents anycast address [7] for its own home subnet prefix. (Note
that the currently defined anycast addresses may not work with all that the currently defined anycast addresses may not work with all
prefix lengths other than those defined in RFC 4291 [15] [35].) prefix lengths other than those defined in RFC 4291 [15] [36].)
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Code | Checksum | | Type | Code | Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Identifier | Reserved | | Identifier | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type Type
skipping to change at page 78, line 24 skipping to change at page 78, line 24
o The node MUST allow route optimization to be administratively o The node MUST allow route optimization to be administratively
enabled or disabled. The default SHOULD be enabled. enabled or disabled. The default SHOULD be enabled.
o The node MAY support the multicast address listener part of a o The node MAY support the multicast address listener part of a
multicast group membership protocol as described in multicast group membership protocol as described in
Section 11.3.4. If this support is provided, the mobile node MUST Section 11.3.4. If this support is provided, the mobile node MUST
be able to receive tunneled multicast packets from the home agent. be able to receive tunneled multicast packets from the home agent.
o The node MAY support stateful address autoconfiguration mechanisms o The node MAY support stateful address autoconfiguration mechanisms
such as DHCPv6 [29] on the interface represented by the tunnel to such as DHCPv6 [30] on the interface represented by the tunnel to
the home agent. the home agent.
9. Correspondent Node Operation 9. Correspondent Node Operation
9.1. Conceptual Data Structures 9.1. Conceptual Data Structures
IPv6 nodes with route optimization support maintain a Binding Cache IPv6 nodes with route optimization support maintain a Binding Cache
of bindings for other nodes. A separate Binding Cache SHOULD be of bindings for other nodes. A separate Binding Cache SHOULD be
maintained by each IPv6 node for each of its unicast routable maintained by each IPv6 node for each of its unicast routable
addresses. The Binding Cache MAY be implemented in any manner addresses. The Binding Cache MAY be implemented in any manner
skipping to change at page 89, line 37 skipping to change at page 89, line 37
index, sequence number being out of window (Section 9.5.1), or index, sequence number being out of window (Section 9.5.1), or
insufficiency of resources (Section 9.5.2), a Binding insufficiency of resources (Section 9.5.2), a Binding
Acknowledgement MUST be sent. If the node accepts the Binding Acknowledgement MUST be sent. If the node accepts the Binding
Update, the Binding Acknowledgement SHOULD NOT be sent. Update, the Binding Acknowledgement SHOULD NOT be sent.
If the node accepts the Binding Update and creates or updates an If the node accepts the Binding Update and creates or updates an
entry for this binding, the Status field in the Binding entry for this binding, the Status field in the Binding
Acknowledgement MUST be set to a value less than 128. Otherwise, the Acknowledgement MUST be set to a value less than 128. Otherwise, the
Status field MUST be set to a value greater than or equal to 128. Status field MUST be set to a value greater than or equal to 128.
Values for the Status field are described in Section 6.1.8 and in the Values for the Status field are described in Section 6.1.8 and in the
IANA registry of assigned numbers [28]. IANA registry of assigned numbers [29].
If the Status field in the Binding Acknowledgement contains the value If the Status field in the Binding Acknowledgement contains the value
136 (expired home nonce index), 137 (expired care-of nonce index), or 136 (expired home nonce index), 137 (expired care-of nonce index), or
138 (expired nonces) then the message MUST NOT include the Binding 138 (expired nonces) then the message MUST NOT include the Binding
Authorization Data mobility option. Otherwise, the Binding Authorization Data mobility option. Otherwise, the Binding
Authorization Data mobility option MUST be included, and MUST meet Authorization Data mobility option MUST be included, and MUST meet
the specific authentication requirements for Binding Acknowledgements the specific authentication requirements for Binding Acknowledgements
as defined in Section 5.2. as defined in Section 5.2.
If the Source Address field of the IPv6 header that carried the If the Source Address field of the IPv6 header that carried the
skipping to change at page 101, line 43 skipping to change at page 101, line 43
forwarding, described in the previous section. If this support is forwarding, described in the previous section. If this support is
not provided, multicast group membership control messages are not provided, multicast group membership control messages are
silently ignored. silently ignored.
In order to forward multicast data packets from the home network to In order to forward multicast data packets from the home network to
all the proper mobile nodes, the home agent SHOULD be capable of all the proper mobile nodes, the home agent SHOULD be capable of
receiving tunneled multicast group membership control information receiving tunneled multicast group membership control information
from the mobile node in order to determine which groups the mobile from the mobile node in order to determine which groups the mobile
node has subscribed to. These multicast group membership messages node has subscribed to. These multicast group membership messages
are Listener Report messages specified in MLD [8] or in other are Listener Report messages specified in MLD [8] or in other
protocols such as [38]. protocols such as [39].
The messages are issued by the mobile node, but sent through the The messages are issued by the mobile node, but sent through the
reverse tunnel to the home agent. These messages are issued whenever reverse tunnel to the home agent. These messages are issued whenever
the mobile node decides to enable reception of packets for a the mobile node decides to enable reception of packets for a
multicast group or in response to an MLD Query from the home agent. multicast group or in response to an MLD Query from the home agent.
The mobile node will also issue multicast group control messages to The mobile node will also issue multicast group control messages to
disable reception of multicast packets when it is no longer disable reception of multicast packets when it is no longer
interested in receiving multicasts for a particular group. interested in receiving multicasts for a particular group.
To obtain the mobile node's current multicast group membership the To obtain the mobile node's current multicast group membership the
skipping to change at page 102, line 42 skipping to change at page 102, line 42
section and the multicast forwarding in Section 10.4.2 are to be section and the multicast forwarding in Section 10.4.2 are to be
achieved. At the time of this writing it was thought that a full achieved. At the time of this writing it was thought that a full
IPv6 multicast router function would be necessary on the home agent, IPv6 multicast router function would be necessary on the home agent,
but it may be possible to achieve the same effects through a "proxy but it may be possible to achieve the same effects through a "proxy
MLD" application coupled with kernel multicast forwarding. This may MLD" application coupled with kernel multicast forwarding. This may
be the subject of future specifications. be the subject of future specifications.
10.4.4. Stateful Address Autoconfiguration 10.4.4. Stateful Address Autoconfiguration
This section describes how home agents support the use of stateful This section describes how home agents support the use of stateful
address autoconfiguration mechanisms such as DHCPv6 [29] from the address autoconfiguration mechanisms such as DHCPv6 [30] from the
mobile nodes. If this support is not provided, then the M and O bits mobile nodes. If this support is not provided, then the M and O bits
must remain cleared on the Mobile Prefix Advertisement Messages. Any must remain cleared on the Mobile Prefix Advertisement Messages. Any
mobile node which sends DHCPv6 messages to the home agent without mobile node which sends DHCPv6 messages to the home agent without
this support will not receive a response. this support will not receive a response.
If DHCPv6 is used, packets are sent with link-local source addresses If DHCPv6 is used, packets are sent with link-local source addresses
either to a link-scope multicast address or a link-local address. either to a link-scope multicast address or a link-local address.
Mobile nodes desiring to locate a DHCPv6 service may reverse tunnel Mobile nodes desiring to locate a DHCPv6 service may reverse tunnel
standard DHCPv6 packets to the home agent. Since these link-scope standard DHCPv6 packets to the home agent. Since these link-scope
packets cannot be forwarded onto the home network, it is necessary packets cannot be forwarded onto the home network, it is necessary
skipping to change at page 113, line 46 skipping to change at page 113, line 46
relying on Mobile IPv6. If application running on the mobile node relying on Mobile IPv6. If application running on the mobile node
has no particular knowledge that the communication being sent fits has no particular knowledge that the communication being sent fits
within this general type of communication, however, the mobile within this general type of communication, however, the mobile
node should not use its care-of address as the source of the node should not use its care-of address as the source of the
packet in this way. packet in this way.
The choice of the most efficient communications method is The choice of the most efficient communications method is
application specific, and outside the scope of this specification. application specific, and outside the scope of this specification.
The APIs necessary for controlling the choice are also out of The APIs necessary for controlling the choice are also out of
scope. One example of such an API is described in the IPv6 Socket scope. One example of such an API is described in the IPv6 Socket
API for Source Address Selection specification [41]. API for Source Address Selection specification [42].
o While not at its home link, the mobile node MUST NOT use the Home o While not at its home link, the mobile node MUST NOT use the Home
Address destination option when communicating with link-local Address destination option when communicating with link-local
peers. peers.
Similarly, the mobile node MUST NOT use the Home Address Similarly, the mobile node MUST NOT use the Home Address
destination option for IPv6 Neighbor Discovery [17] packets. destination option for IPv6 Neighbor Discovery [17] packets.
Detailed operation of these cases is described later in this section Detailed operation of these cases is described later in this section
and also discussed in [31]. and also discussed in [32].
For packets sent by a mobile node while it is at home, no special For packets sent by a mobile node while it is at home, no special
Mobile IPv6 processing is required. Likewise, if the mobile node Mobile IPv6 processing is required. Likewise, if the mobile node
uses any address other than one of its home addresses as the source uses any address other than one of its home addresses as the source
of a packet sent while away from home, no special Mobile IPv6 of a packet sent while away from home, no special Mobile IPv6
processing is required. In either case, the packet is simply processing is required. In either case, the packet is simply
addressed and transmitted in the same way as any normal IPv6 packet. addressed and transmitted in the same way as any normal IPv6 packet.
For packets sent by the mobile node sent while away from home using For packets sent by the mobile node sent while away from home using
the mobile node's home address as the source, special Mobile IPv6 the mobile node's home address as the source, special Mobile IPv6
skipping to change at page 115, line 35 skipping to change at page 115, line 35
* Change the Source Address field in the packet's IPv6 header to * Change the Source Address field in the packet's IPv6 header to
one of the mobile node's care-of addresses. This will one of the mobile node's care-of addresses. This will
typically be the mobile node's current primary care-of address, typically be the mobile node's current primary care-of address,
but MUST be an address assigned to the interface on the link but MUST be an address assigned to the interface on the link
being used. being used.
By using the care-of address as the Source Address in the IPv6 By using the care-of address as the Source Address in the IPv6
header, with the mobile node's home address instead in the Home header, with the mobile node's home address instead in the Home
Address option, the packet will be able to safely pass through any Address option, the packet will be able to safely pass through any
router implementing ingress filtering [26]. router implementing ingress filtering [27].
Reverse Tunneling Reverse Tunneling
This is the mechanism which tunnels the packets via the home This is the mechanism which tunnels the packets via the home
agent. It is not as efficient as the above mechanism, but is agent. It is not as efficient as the above mechanism, but is
needed if there is no binding yet with the correspondent node. needed if there is no binding yet with the correspondent node.
This mechanism is used for packets that have the mobile node's This mechanism is used for packets that have the mobile node's
home address as the Source Address in the IPv6 header, or with home address as the Source Address in the IPv6 header, or with
multicast control protocol packets as described in Section 11.3.4. multicast control protocol packets as described in Section 11.3.4.
skipping to change at page 117, line 44 skipping to change at page 117, line 44
However, such an exchange is not required, as long as the result However, such an exchange is not required, as long as the result
of the authentication calculation remains the same. of the authentication calculation remains the same.
When an automated key management protocol is used to create new When an automated key management protocol is used to create new
security associations for a peer, it is important to ensure that the security associations for a peer, it is important to ensure that the
peer can send the key management protocol packets to the mobile node. peer can send the key management protocol packets to the mobile node.
This may not be possible if the peer is the home agent of the mobile This may not be possible if the peer is the home agent of the mobile
node and the purpose of the security associations would be to send a node and the purpose of the security associations would be to send a
Binding Update to the home agent. Packets addressed to the home Binding Update to the home agent. Packets addressed to the home
address of the mobile node cannot be used before the Binding Update address of the mobile node cannot be used before the Binding Update
has been processed. For the default case of using IKEv2 [43] as the has been processed. For the default case of using IKEv2 [23] as the
automated key management protocol, such problems can be avoided by automated key management protocol, such problems can be avoided by
the following requirements when communicating with its home agent: the following requirements when communicating with its home agent:
o When the mobile node is away from home, it MUST use its care-of o When the mobile node is away from home, it MUST use its care-of
address as the Source Address of all packets it sends as part of address as the Source Address of all packets it sends as part of
the key management protocol (without use of Mobile IPv6 for these the key management protocol (without use of Mobile IPv6 for these
packets, as suggested in Section 11.3.1). packets, as suggested in Section 11.3.1).
The Key Management Mobility Capability (K) bit in Binding Updates and The Key Management Mobility Capability (K) bit in Binding Updates and
Acknowledgements can be used to avoid the need to rerun IKEv2 upon Acknowledgements can be used to avoid the need to rerun IKEv2 upon
skipping to change at page 119, line 49 skipping to change at page 119, line 49
In order to receive packets sent to some multicast group, a mobile In order to receive packets sent to some multicast group, a mobile
node must join that multicast group. One method, in which a mobile node must join that multicast group. One method, in which a mobile
node MAY join the group, is via a (local) multicast router on the node MAY join the group, is via a (local) multicast router on the
foreign link being visited. In this case, the mobile node MUST use foreign link being visited. In this case, the mobile node MUST use
its care-of address and MUST NOT use the Home Address destination its care-of address and MUST NOT use the Home Address destination
option when sending MLD packets [8]. option when sending MLD packets [8].
Alternatively, a mobile node MAY join multicast groups via a bi- Alternatively, a mobile node MAY join multicast groups via a bi-
directional tunnel to its home agent. The mobile node tunnels its directional tunnel to its home agent. The mobile node tunnels its
multicast group membership control packets (such as those defined in multicast group membership control packets (such as those defined in
[8] or in [38]) to its home agent, and the home agent forwards [8] or in [39]) to its home agent, and the home agent forwards
multicast packets down the tunnel to the mobile node. A mobile node multicast packets down the tunnel to the mobile node. A mobile node
MUST NOT tunnel multicast group membership control packets until (1) MUST NOT tunnel multicast group membership control packets until (1)
the mobile node has a binding in place at the home agent, and (2) the the mobile node has a binding in place at the home agent, and (2) the
latter sends at least one multicast group membership control packet latter sends at least one multicast group membership control packet
via the tunnel. Once this condition is true, the mobile node SHOULD via the tunnel. Once this condition is true, the mobile node SHOULD
assume it does not change as long as the binding does not expire. assume it does not change as long as the binding does not expire.
A mobile node that wishes to send packets to a multicast group also A mobile node that wishes to send packets to a multicast group also
has two options: has two options:
1. Send directly on the foreign link being visited. 1. Send directly on the foreign link being visited.
To do this, the application uses the care-of address as a source To do this, the application uses the care-of address as a source
address for multicast traffic, just as it would use a stationary address for multicast traffic, just as it would use a stationary
address. This requires that the application either knows the address. This requires that the application either knows the
care-of address, or uses an API such as the IPv6 Socket API for care-of address, or uses an API such as the IPv6 Socket API for
Source Address Selection specification [41] to request that the Source Address Selection specification [42] to request that the
care-of address be used as the source address in transmitted care-of address be used as the source address in transmitted
packets. The mobile node MUST NOT use Home Address destination packets. The mobile node MUST NOT use Home Address destination
option in such traffic. option in such traffic.
2. Send via a tunnel to its home agent. 2. Send via a tunnel to its home agent.
Because multicast routing in general depends upon the Source Because multicast routing in general depends upon the Source
Address used in the IPv6 header of the multicast packet, a mobile Address used in the IPv6 header of the multicast packet, a mobile
node that tunnels a multicast packet to its home agent MUST use node that tunnels a multicast packet to its home agent MUST use
its home address as the IPv6 Source Address of the inner its home address as the IPv6 Source Address of the inner
skipping to change at page 128, line 49 skipping to change at page 128, line 49
care-of address for any or all of the prefixes on its current link. care-of address for any or all of the prefixes on its current link.
Furthermore, since a wireless network interface may actually allow a Furthermore, since a wireless network interface may actually allow a
mobile node to be reachable on more than one link at a time (i.e., mobile node to be reachable on more than one link at a time (i.e.,
within wireless transmitter range of routers on more than one within wireless transmitter range of routers on more than one
separate link), a mobile node MAY have care-of addresses on more than separate link), a mobile node MAY have care-of addresses on more than
one link at a time. The use of more than one care-of address at a one link at a time. The use of more than one care-of address at a
time is described in Section 11.5.4. time is described in Section 11.5.4.
As described in Section 4, in order to form a new care-of address, a As described in Section 4, in order to form a new care-of address, a
mobile node MAY use either stateless [18] or stateful (e.g., DHCPv6 mobile node MAY use either stateless [18] or stateful (e.g., DHCPv6
[29]) Address Autoconfiguration. If a mobile node needs to use a [30]) Address Autoconfiguration. If a mobile node needs to use a
source address (other than the unspecified address) in packets sent source address (other than the unspecified address) in packets sent
as a part of address autoconfiguration, it MUST use an IPv6 link- as a part of address autoconfiguration, it MUST use an IPv6 link-
local address rather than its own IPv6 home address. local address rather than its own IPv6 home address.
RFC 4862 [18] specifies that in normal processing for Duplicate RFC 4862 [18] specifies that in normal processing for Duplicate
Address Detection, the node SHOULD delay sending the initial Neighbor Address Detection, the node SHOULD delay sending the initial Neighbor
Solicitation message by a random delay between 0 and Solicitation message by a random delay between 0 and
MAX_RTR_SOLICITATION_DELAY. Since delaying DAD can result in MAX_RTR_SOLICITATION_DELAY. Since delaying DAD can result in
significant delays in configuring a new care-of address when the significant delays in configuring a new care-of address when the
Mobile Node moves to a new link, the Mobile Node preferably SHOULD Mobile Node moves to a new link, the Mobile Node preferably SHOULD
skipping to change at page 129, line 41 skipping to change at page 129, line 41
Acknowledge (A) bits set its home agent, as described on Acknowledge (A) bits set its home agent, as described on
Section 11.7.1. Section 11.7.1.
To assist with smooth handovers, a mobile node SHOULD retain its To assist with smooth handovers, a mobile node SHOULD retain its
previous primary care-of address as a (non-primary) care-of address, previous primary care-of address as a (non-primary) care-of address,
and SHOULD still accept packets at this address, even after and SHOULD still accept packets at this address, even after
registering its new primary care-of address with its home agent. registering its new primary care-of address with its home agent.
This is reasonable, since the mobile node could only receive packets This is reasonable, since the mobile node could only receive packets
at its previous primary care-of address if it were indeed still at its previous primary care-of address if it were indeed still
connected to that link. If the previous primary care-of address was connected to that link. If the previous primary care-of address was
allocated using stateful Address Autoconfiguration [29], the mobile allocated using stateful Address Autoconfiguration [30], the mobile
node may not wish to release the address immediately upon switching node may not wish to release the address immediately upon switching
to a new primary care-of address. to a new primary care-of address.
Whenever a mobile node determines that it is no longer reachable Whenever a mobile node determines that it is no longer reachable
through a given link, it SHOULD invalidate all care-of addresses through a given link, it SHOULD invalidate all care-of addresses
associated with address prefixes that it discovered from routers on associated with address prefixes that it discovered from routers on
the unreachable link which are not in the current set of address the unreachable link which are not in the current set of address
prefixes advertised by the (possibly new) current default router. prefixes advertised by the (possibly new) current default router.
11.5.5. Returning Home 11.5.5. Returning Home
skipping to change at page 150, line 52 skipping to change at page 150, line 52
Service attack. For example, the correspondent node might be a Service attack. For example, the correspondent node might be a
site that will send a high-bandwidth stream of video to anyone who site that will send a high-bandwidth stream of video to anyone who
asks for it. Note that the use of flow-control protocols such as asks for it. Note that the use of flow-control protocols such as
TCP does not necessarily defend against this type of attack, TCP does not necessarily defend against this type of attack,
because the attacker can fake the acknowledgements. Even keeping because the attacker can fake the acknowledgements. Even keeping
TCP initial sequence numbers secret does not help, because the TCP initial sequence numbers secret does not help, because the
attacker can receive the first few segments (including the ISN) at attacker can receive the first few segments (including the ISN) at
its own address, and only then redirect the stream to the victim's its own address, and only then redirect the stream to the victim's
address. These types of attacks may also be directed to networks address. These types of attacks may also be directed to networks
instead of nodes. Further variations of this threat are described instead of nodes. Further variations of this threat are described
elsewhere [27] [33]. elsewhere [28] [34].
An attacker might also attempt to disrupt a mobile node's An attacker might also attempt to disrupt a mobile node's
communications by replaying a Binding Update that the node had communications by replaying a Binding Update that the node had
sent earlier. If the old Binding Update was accepted, packets sent earlier. If the old Binding Update was accepted, packets
destined for the mobile node would be sent to its old location as destined for the mobile node would be sent to its old location as
opposed to its current location. opposed to its current location.
A malicious mobile node associated to multiple home agents could A malicious mobile node associated to multiple home agents could
create a routing loop amongst them. This can be achieved when a create a routing loop amongst them. This can be achieved when a
mobile node binds one home address located on a first home agent mobile node binds one home address located on a first home agent
skipping to change at page 151, line 46 skipping to change at page 151, line 46
Address destination option, a new routing header type (type 2), Address destination option, a new routing header type (type 2),
and uses tunneling headers in the payload packets. The protocol and uses tunneling headers in the payload packets. The protocol
must protect against potential new threats involving the use of must protect against potential new threats involving the use of
these mechanisms. these mechanisms.
Third parties become exposed to a reflection threat via the Home Third parties become exposed to a reflection threat via the Home
Address destination option, unless appropriate security Address destination option, unless appropriate security
precautions are followed. The Home Address destination option precautions are followed. The Home Address destination option
could be used to direct response traffic toward a node whose IP could be used to direct response traffic toward a node whose IP
address appears in the option. In this case, ingress filtering address appears in the option. In this case, ingress filtering
would not catch the forged "return address" [36] [40]. would not catch the forged "return address" [37] [41].
A similar threat exists with the tunnels between the mobile node A similar threat exists with the tunnels between the mobile node
and the home agent. An attacker might forge tunnel packets and the home agent. An attacker might forge tunnel packets
between the mobile node and the home agent, making it appear that between the mobile node and the home agent, making it appear that
the traffic is coming from the mobile node when it is not. Note the traffic is coming from the mobile node when it is not. Note
that an attacker who is able to forge tunnel packets would that an attacker who is able to forge tunnel packets would
typically also be able to forge packets that appear to come typically also be able to forge packets that appear to come
directly from the mobile node. This is not a new threat as such. directly from the mobile node. This is not a new threat as such.
However, it may make it easier for attackers to escape detection However, it may make it easier for attackers to escape detection
by avoiding ingress filtering and packet tracing mechanisms. by avoiding ingress filtering and packet tracing mechanisms.
skipping to change at page 155, line 24 skipping to change at page 155, line 24
vulnerability exists if either the sequence number space is cycled vulnerability exists if either the sequence number space is cycled
through, or if the home agent reboots and forgets its sequence through, or if the home agent reboots and forgets its sequence
numbers (and uses volatile memory to store the sequence numbers). numbers (and uses volatile memory to store the sequence numbers).
Assuming the mobile node moves continuously every 10 minutes, it Assuming the mobile node moves continuously every 10 minutes, it
takes roughly 455 days before the sequence number space has been takes roughly 455 days before the sequence number space has been
cycled through. Typical movement patterns rarely reach this high cycled through. Typical movement patterns rarely reach this high
frequency today. frequency today.
o A mobile node and its home agent belong to the same domain. If o A mobile node and its home agent belong to the same domain. If
this were not the case, manual keying would not be possible [39], this were not the case, manual keying would not be possible [40],
but in Mobile IPv6 only these two parties need to know the but in Mobile IPv6 only these two parties need to know the
manually configured keys. Similarly, we note that Mobile IPv6 manually configured keys. Similarly, we note that Mobile IPv6
employs standard block ciphers in IPsec, and is not vulnerable to employs standard block ciphers in IPsec, and is not vulnerable to
problems associated with stream ciphers and manual keying. problems associated with stream ciphers and manual keying.
o It is expected that the owner of the mobile node and the o It is expected that the owner of the mobile node and the
administrator of the home agent agree on the used keys and other administrator of the home agent agree on the used keys and other
parameters with some off-line mechanism. parameters with some off-line mechanism.
The use of IKEv2 with Mobile IPv6 is documented in more detail in The use of IKEv2 with Mobile IPv6 is documented in more detail in
skipping to change at page 157, line 37 skipping to change at page 157, line 37
available. available.
The resulting level of security is in theory the same even without The resulting level of security is in theory the same even without
this additional protection: the return routability tokens are this additional protection: the return routability tokens are
still exposed only to one path within the whole Internet. still exposed only to one path within the whole Internet.
However, the mobile nodes are often found on an insecure link, However, the mobile nodes are often found on an insecure link,
such as a public access Wireless LAN. Thus, in many cases, this such as a public access Wireless LAN. Thus, in many cases, this
addition makes a practical difference. addition makes a practical difference.
For further information about the design rationale of the return For further information about the design rationale of the return
routability procedure, see [27] [33] [32] [40]. The mechanisms used routability procedure, see [28] [34] [33] [41]. The mechanisms used
have been adopted from these documents. have been adopted from these documents.
15.4.2. Achieved Security Properties 15.4.2. Achieved Security Properties
The return routability procedure protects Binding Updates against all The return routability procedure protects Binding Updates against all
attackers who are unable to monitor the path between the home agent attackers who are unable to monitor the path between the home agent
and the correspondent node. The procedure does not defend against and the correspondent node. The procedure does not defend against
attackers who can monitor this path. Note that such attackers are in attackers who can monitor this path. Note that such attackers are in
any case able to mount an active attack against the mobile node when any case able to mount an active attack against the mobile node when
it is at its home location. The possibility of such attacks is not it is at its home location. The possibility of such attacks is not
skipping to change at page 160, line 13 skipping to change at page 160, line 13
particular if these links are publicly accessible wireless LANs. particular if these links are publicly accessible wireless LANs.
Attacks against the routers or switches on the path are typically Attacks against the routers or switches on the path are typically
harder to accomplish. The security on layer 2 of the links plays harder to accomplish. The security on layer 2 of the links plays
then a major role in the resulting overall network security. then a major role in the resulting overall network security.
Similarly, security of IPv6 Neighbor and Router Discovery on these Similarly, security of IPv6 Neighbor and Router Discovery on these
links has a large impact. If these were secured using some new links has a large impact. If these were secured using some new
technology in the future, this could change the situation technology in the future, this could change the situation
regarding the easiest point of attack. regarding the easiest point of attack.
For a more in-depth discussion of these issues, see [40]. For a more in-depth discussion of these issues, see [41].
15.4.4. Replay Attacks 15.4.4. Replay Attacks
The return routability procedure also protects the participants The return routability procedure also protects the participants
against replayed Binding Updates. The attacker is unable replay the against replayed Binding Updates. The attacker is unable replay the
same message due to the sequence number which is a part of the same message due to the sequence number which is a part of the
Binding Update. It is also unable to modify the Binding Update since Binding Update. It is also unable to modify the Binding Update since
the MAC verification would fail after such a modification. the MAC verification would fail after such a modification.
Care must be taken when removing bindings at the correspondent node, Care must be taken when removing bindings at the correspondent node,
skipping to change at page 160, line 44 skipping to change at page 160, line 44
Binding Update arrives. This is achieved through the construct of Binding Update arrives. This is achieved through the construct of
keygen tokens from the nonces and node keys that are not specific to keygen tokens from the nonces and node keys that are not specific to
individual mobile nodes. The keygen tokens can be reconstructed by individual mobile nodes. The keygen tokens can be reconstructed by
the correspondent node, based on the home and care-of address the correspondent node, based on the home and care-of address
information that arrives with the Binding Update. This means that information that arrives with the Binding Update. This means that
the correspondent nodes are safe against memory exhaustion attacks the correspondent nodes are safe against memory exhaustion attacks
except where on-path attackers are concerned. Due to the use of except where on-path attackers are concerned. Due to the use of
symmetric cryptography, the correspondent nodes are relatively safe symmetric cryptography, the correspondent nodes are relatively safe
against CPU resource exhaustion attacks as well. against CPU resource exhaustion attacks as well.
Nevertheless, as [27] describes, there are situations in which it is Nevertheless, as [28] describes, there are situations in which it is
impossible for the mobile and correspondent nodes to determine if impossible for the mobile and correspondent nodes to determine if
they actually need a binding or whether they just have been fooled they actually need a binding or whether they just have been fooled
into believing so by an attacker. Therefore, it is necessary to into believing so by an attacker. Therefore, it is necessary to
consider situations where such attacks are being made. consider situations where such attacks are being made.
Even if route optimization is a very important optimization, it is Even if route optimization is a very important optimization, it is
still only an optimization. A mobile node can communicate with a still only an optimization. A mobile node can communicate with a
correspondent node even if the correspondent refuses to accept any correspondent node even if the correspondent refuses to accept any
Binding Updates. However, performance will suffer because packets Binding Updates. However, performance will suffer because packets
from the correspondent node to the mobile node will be routed via the from the correspondent node to the mobile node will be routed via the
skipping to change at page 164, line 17 skipping to change at page 164, line 17
another location. Administrators should be aware of this when another location. Administrators should be aware of this when
allowing such home addresses. In particular, the outer IP address allowing such home addresses. In particular, the outer IP address
check described above is not sufficient against all attackers. The check described above is not sufficient against all attackers. The
use of encrypted tunnels is particularly useful for these kinds of use of encrypted tunnels is particularly useful for these kinds of
home addresses. home addresses.
15.8. Home Address Option 15.8. Home Address Option
When the mobile node sends packets directly to the correspondent When the mobile node sends packets directly to the correspondent
node, the Source Address field of the packet's IPv6 header is the node, the Source Address field of the packet's IPv6 header is the
care-of address. Therefore, ingress filtering [26] works in the care-of address. Therefore, ingress filtering [27] works in the
usual manner even for mobile nodes, as the Source Address is usual manner even for mobile nodes, as the Source Address is
topologically correct. The Home Address option is used to inform the topologically correct. The Home Address option is used to inform the
correspondent node of the mobile node's home address. correspondent node of the mobile node's home address.
However, the care-of address in the Source Address field does not However, the care-of address in the Source Address field does not
survive in replies sent by the correspondent node unless it has a survive in replies sent by the correspondent node unless it has a
binding for this mobile node. Also, not all attacker tracing binding for this mobile node. Also, not all attacker tracing
mechanisms work when packets are being reflected through mechanisms work when packets are being reflected through
correspondent nodes using the Home Address option. For these correspondent nodes using the Home Address option. For these
reasons, this specification restricts the use of the Home Address reasons, this specification restricts the use of the Home Address
skipping to change at page 166, line 9 skipping to change at page 166, line 9
This implies that a device which implements the filtering of packets This implies that a device which implements the filtering of packets
should be able to distinguish between a type 2 routing header and should be able to distinguish between a type 2 routing header and
other routing headers, as required in Section 8.3. This is necessary other routing headers, as required in Section 8.3. This is necessary
in order to allow Mobile IPv6 traffic while still having the option in order to allow Mobile IPv6 traffic while still having the option
of filtering out other uses of routing headers. of filtering out other uses of routing headers.
16. Contributors 16. Contributors
Work done by Tuomas Aura, Mike Roe, Greg O'Shea, Pekka Nikander, Erik Work done by Tuomas Aura, Mike Roe, Greg O'Shea, Pekka Nikander, Erik
Nordmark, and Michael Thomas shaped the return routability protocols Nordmark, and Michael Thomas shaped the return routability protocols
described in [33]. described in [34].
Significant contributions were made by members of the Mobile IPv6 Significant contributions were made by members of the Mobile IPv6
Security Design Team, including (in alphabetical order) Gabriel Security Design Team, including (in alphabetical order) Gabriel
Montenegro, Erik Nordmark and Pekka Nikander. Montenegro, Erik Nordmark and Pekka Nikander.
17. Acknowledgements 17. Acknowledgements
We would like to thank the members of the Mobile IP, Mobility We would like to thank the members of the Mobile IP, Mobility
Extensions for IPv6, and IPng Working Groups for their comments and Extensions for IPv6, and IPng Working Groups for their comments and
suggestions on this work. We would particularly like to thank (in suggestions on this work. We would particularly like to thank (in
skipping to change at page 169, line 33 skipping to change at page 169, line 33
[20] Narten, T., Draves, R., and S. Krishnan, "Privacy Extensions [20] Narten, T., Draves, R., and S. Krishnan, "Privacy Extensions
for Stateless Address Autoconfiguration in IPv6", RFC 4941, for Stateless Address Autoconfiguration in IPv6", RFC 4941,
September 2007. September 2007.
[21] Giaretta, G., Kempf, J., and V. Devarapalli, "Mobile IPv6 [21] Giaretta, G., Kempf, J., and V. Devarapalli, "Mobile IPv6
Bootstrapping in Split Scenario", RFC 5026, October 2007. Bootstrapping in Split Scenario", RFC 5026, October 2007.
[22] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA [22] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA
Considerations Section in RFCs", BCP 26, RFC 5226, May 2008. Considerations Section in RFCs", BCP 26, RFC 5226, May 2008.
[23] Kaufman, C., Hoffman, P., Nir, Y., and P. Eronen, "Internet Key
Exchange Protocol Version 2 (IKEv2)", RFC 5996, September 2010.
18.2. Informative References 18.2. Informative References
[23] Perkins, C., "IP Encapsulation within IP", RFC 2003, [24] Perkins, C., "IP Encapsulation within IP", RFC 2003,
October 1996. October 1996.
[24] Perkins, C., "Minimal Encapsulation within IP", RFC 2004, [25] Perkins, C., "Minimal Encapsulation within IP", RFC 2004,
October 1996. October 1996.
[25] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed-Hashing [26] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed-Hashing
for Message Authentication", RFC 2104, February 1997. for Message Authentication", RFC 2104, February 1997.
[26] Ferguson, P. and D. Senie, "Network Ingress Filtering: [27] Ferguson, P. and D. Senie, "Network Ingress Filtering:
Defeating Denial of Service Attacks which employ IP Source Defeating Denial of Service Attacks which employ IP Source
Address Spoofing", BCP 38, RFC 2827, May 2000. Address Spoofing", BCP 38, RFC 2827, May 2000.
[27] Aura, T. and J. Arkko, "MIPv6 BU Attacks and Defenses", [28] Aura, T. and J. Arkko, "MIPv6 BU Attacks and Defenses",
draft-aura-mipv6-bu-attacks-01 (work in progress), March 2002. draft-aura-mipv6-bu-attacks-01 (work in progress), March 2002.
[28] Reynolds, J., "Assigned Numbers: RFC 1700 is Replaced by an On- [29] Reynolds, J., "Assigned Numbers: RFC 1700 is Replaced by an On-
line Database", RFC 3232, January 2002. line Database", RFC 3232, January 2002.
[29] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., and M. [30] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., and M.
Carney, "Dynamic Host Configuration Protocol for IPv6 Carney, "Dynamic Host Configuration Protocol for IPv6
(DHCPv6)", RFC 3315, July 2003. (DHCPv6)", RFC 3315, July 2003.
[30] Perkins, C., "IP Mobility Support for IPv4", RFC 3344, [31] Perkins, C., "IP Mobility Support for IPv4", RFC 3344,
August 2002. August 2002.
[31] Draves, R., "Default Address Selection for Internet Protocol [32] Draves, R., "Default Address Selection for Internet Protocol
version 6 (IPv6)", RFC 3484, February 2003. version 6 (IPv6)", RFC 3484, February 2003.
[32] Nordmark, E., "Securing MIPv6 BUs using return routability [33] Nordmark, E., "Securing MIPv6 BUs using return routability
(BU3WAY)", draft-nordmark-mobileip-bu3way-00 (work in (BU3WAY)", draft-nordmark-mobileip-bu3way-00 (work in
progress), November 2001. progress), November 2001.
[33] Roe, M., "Authentication of Mobile IPv6 Binding Updates and [34] Roe, M., "Authentication of Mobile IPv6 Binding Updates and
Acknowledgments", draft-roe-mobileip-updateauth-02 (work in Acknowledgments", draft-roe-mobileip-updateauth-02 (work in
progress), March 2002. progress), March 2002.
[34] Chowdhury, K. and A. Yegin, "MIP6-bootstrapping for the [35] Chowdhury, K. and A. Yegin, "MIP6-bootstrapping for the
Integrated Scenario", Integrated Scenario",
draft-ietf-mip6-bootstrapping-integrated-dhc-06 (work in draft-ietf-mip6-bootstrapping-integrated-dhc-06 (work in
progress), April 2008. progress), April 2008.
[35] Savola, P., "Use of /127 Prefix Length Between Routers [36] Savola, P., "Use of /127 Prefix Length Between Routers
Considered Harmful", RFC 3627, September 2003. Considered Harmful", RFC 3627, September 2003.
[36] Savola, P., "Security of IPv6 Routing Header and Home Address [37] Savola, P., "Security of IPv6 Routing Header and Home Address
Options", draft-savola-ipv6-rh-ha-security-02 (work in Options", draft-savola-ipv6-rh-ha-security-02 (work in
progress), March 2002. progress), March 2002.
[37] Manner, J. and M. Kojo, "Mobility Related Terminology", [38] Manner, J. and M. Kojo, "Mobility Related Terminology",
RFC 3753, June 2004. RFC 3753, June 2004.
[38] Vida, R. and L. Costa, "Multicast Listener Discovery Version 2 [39] Vida, R. and L. Costa, "Multicast Listener Discovery Version 2
(MLDv2) for IPv6", RFC 3810, June 2004. (MLDv2) for IPv6", RFC 3810, June 2004.
[39] Bellovin, S. and R. Housley, "Guidelines for Cryptographic Key [40] Bellovin, S. and R. Housley, "Guidelines for Cryptographic Key
Management", BCP 107, RFC 4107, June 2005. Management", BCP 107, RFC 4107, June 2005.
[40] Nikander, P., Arkko, J., Aura, T., Montenegro, G., and E. [41] Nikander, P., Arkko, J., Aura, T., Montenegro, G., and E.
Nordmark, "Mobile IP Version 6 Route Optimization Security Nordmark, "Mobile IP Version 6 Route Optimization Security
Design Background", RFC 4225, December 2005. Design Background", RFC 4225, December 2005.
[41] Nordmark, E., Chakrabarti, S., and J. Laganier, "IPv6 Socket [42] Nordmark, E., Chakrabarti, S., and J. Laganier, "IPv6 Socket
API for Source Address Selection", RFC 5014, September 2007. API for Source Address Selection", RFC 5014, September 2007.
[42] Abley, J., Savola, P., and G. Neville-Neil, "Deprecation of [43] Abley, J., Savola, P., and G. Neville-Neil, "Deprecation of
Type 0 Routing Headers in IPv6", RFC 5095, December 2007. Type 0 Routing Headers in IPv6", RFC 5095, December 2007.
[43] Kaufman, C., Hoffman, P., Nir, Y., and P. Eronen, "Internet Key
Exchange Protocol Version 2 (IKEv2)", RFC 5996, September 2010.
Appendix A. Future Extensions Appendix A. Future Extensions
A.1. Piggybacking A.1. Piggybacking
This document does not specify how to piggyback payload packets on This document does not specify how to piggyback payload packets on
the binding related messages. However, it is envisioned that this the binding related messages. However, it is envisioned that this
can be specified in a separate document when issues such as the can be specified in a separate document when issues such as the
interaction between piggybacking and IPsec are fully resolved (see interaction between piggybacking and IPsec are fully resolved (see
also Appendix A.3). The return routability messages can indicate also Appendix A.3). The return routability messages can indicate
support for piggybacking with a new mobility option. support for piggybacking with a new mobility option.
skipping to change at page 174, line 33 skipping to change at page 174, line 33
Fixed. Fixed.
Issue #5 Wrong protocol number (2 instead of 135) used in discussion Issue #5 Wrong protocol number (2 instead of 135) used in discussion
about checksum pseudo-header. about checksum pseudo-header.
Fixed. See Section 6.1.1. Fixed. See Section 6.1.1.
Issue #8 Application using the care-of address [Julien Laganier] Issue #8 Application using the care-of address [Julien Laganier]
Cite IPv6 Socket API for Source Address Selection specification Cite IPv6 Socket API for Source Address Selection specification
[41]. See Section 11.3.4. [42]. See Section 11.3.4.
Issue #10 The usage of "HA lifetime" [Ryuji Wakikawa] Issue #10 The usage of "HA lifetime" [Ryuji Wakikawa]
The mobile node SHOULD store the list of home agents for later use The mobile node SHOULD store the list of home agents for later use
in case the home agent currently managing the mobile node's in case the home agent currently managing the mobile node's
care-of address forwarding should become unavailable. See care-of address forwarding should become unavailable. See
Section 11.4.1. Section 11.4.1.
Issue #11 De-registration when returning home [Vijay Devarapalli] Issue #11 De-registration when returning home [Vijay Devarapalli]
skipping to change at page 175, line 17 skipping to change at page 175, line 17
Fixed. See Section 4.2. Fixed. See Section 4.2.
Issue #13 Home Link Detection [Suresh Krishnan] Issue #13 Home Link Detection [Suresh Krishnan]
Proposal: add Section 11.5.2 for Home Link Detection, drawing on Proposal: add Section 11.5.2 for Home Link Detection, drawing on
Internet Draft draft-krishnan-mext-hld. Internet Draft draft-krishnan-mext-hld.
Issue #14 References to Bootstrapping [Vijay Devarapalli] Issue #14 References to Bootstrapping [Vijay Devarapalli]
Cite "Mobile IPv6 Bootstrapping in Split Scenario" [21] and "MIP6 Cite "Mobile IPv6 Bootstrapping in Split Scenario" [21] and "MIP6
bootstrapping for the Integrated Scenario" [34]. See Section 4.1. bootstrapping for the Integrated Scenario" [35]. See Section 4.1.
Issue #17 Multi-homed mobile node can cause routing loop between Issue #17 Multi-homed mobile node can cause routing loop between
home agents [Benjamin Lim] home agents [Benjamin Lim]
Added security advisory in Section 15.1, to highlight risk of Added security advisory in Section 15.1, to highlight risk of
routing loop among HAs (e.g., in 3GPP): routing loop among HAs (e.g., in 3GPP):
A malicious mobile node associated to multiple home agents could A malicious mobile node associated to multiple home agents could
create a routing loop amongst them. This would happen when a create a routing loop amongst them. This would happen when a
mobile node binds one home address located on a first home agent mobile node binds one home address located on a first home agent
 End of changes. 58 change blocks. 
59 lines changed or deleted 59 lines changed or added

This html diff was produced by rfcdiff 1.40. The latest version is available from http://tools.ietf.org/tools/rfcdiff/