Network Working Group                                           A. Patel
Internet-Draft                                                  K. Leung
Expires: August 11, 2005 March 6, 2006                                     Cisco Systems
                                                               M. Khalil
                                                               H. Akhtar
                                                         Nortel Networks
                                                            K. Chowdhury
                                                        Starent Networks
                                                       February 10,
                                                       September 2, 2005

                Mobile Node Identifier Option for Mobile IPv6
                 draft-ietf-mip6-mn-ident-option-02.txt MIPv6

Status of this Memo

   By submitting this Internet-Draft, I certify each author represents that any
   applicable patent or other IPR claims of which I am he or she is aware
   have been or will be disclosed, and any of which I become he or she becomes
   aware will be disclosed, in accordance with
   RFC 3668. Section 6 of BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as
   Internet-Drafts. Internet-

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at

   The list of Internet-Draft Shadow Directories can be accessed at

   This Internet-Draft will expire on August 11, 2005. March 6, 2006.

Copyright Notice

   Copyright (C) The Internet Society (2005).  All Rights Reserved.


   Mobile IPv6 defines a new Mobility header which is used by mobile
   nodes, correspondent nodes, and home agents in all messaging related
   to the creation and management of bindings.  Mobile IPv6 nodes need
   the capability to identify themselves using an identity other than

February 2005
   the default home IP address.  Some examples of identifiers include
   NAI, FQDN, IMSI, MSISDN, etc.  This document defines a new mobility
   option that can be used by Mobile IP6 IPv6 entities to identify
   themselves in messages containing a mobility header.

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
   2.  Terminology  . . . . . . . . . . . . . . . . . . . . . . . . .  4
   3.  Mobile Node Identifier option  . . . . . . . . . . . . . . . .  5
     3.1.  MN-NAI mobility option . . . . . . . . . . . . . . . . . .  6
     3.2.  Processing Considerations  . . . . . . . . . . . . . . . .  6
   4.  Security Considerations  . . . . . . . . . . . . . . . . . . .  7
     4.1.  General Considerations . . . . . . . . . . . . . . . . . .  7
     4.2.  MN NAI consideration . . . . . . . . . . . . . . . . . . .  7
   5.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . .  8
   6.  IPR Disclosure Acknowledgement . . . . . . . . . . . . . . . .  9
   7.  Acknowledgements . . . . . . . . . . . . . . . . . . . . . . .  9
   7. 10
   8.  Normative References . . . . . . . . . . . . . . . . . . . . .  9 10
   Authors' Addresses . . . . . . . . . . . . . . . . . . . . . .  9 . . 11
   Intellectual Property and Copyright Statements . . . . . . . . 11

February 2005 . . 13

1.  Introduction

   The base specification of Mobile IPv6 [RFC3775] identifies mobility
   entities using an IPv6 address.  It is essential to have a mechanism
   wherein mobility entities can be identified using other identifiers
   (for example, a network access identifier (NAI) [RFC_2486bis],
   International Mobile Station Identifier (IMSI), an application/
   deployment specific opaque identifier etc).

   The capability to identify a mobility entity via identifiers other
   than the IPv6 address can be leveraged for performing various
   functions, eg.

   o  authentication and authorization using an existing AAA
      (Authentication, Authorization and Accounting) infrastructure or
      via an HLR/AuC (Home Location Register/Authentication Center),

   o  dynamic allocation of a mobility anchor point,

   o  dynamic allocation of a home address etc.

   This document defines an option with subtype number which denotes a
   specific type of identifier.  One instance of subtype, the NAI is
   defined in Section 3.1.  It is anticipated that other identifiers
   will be defined for use in the mobility header in the future.

February 2005

   This option SHOULD be used when IKE/IPsec is not used for protecting
   binding update or binding acknowledgements as specified in [RFC3775].
   It is typically used with authentication option [auth_id].  But this
   option may be used independently.  For example, the identifier can
   provide accounting and billing services.

2.  Terminology

   The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   document are to be interpreted as described in RFC 2119.

February 2005

3.  Mobile Node Identifier option

   The Mobile node identifier option is a new optional data field that
   is carried in the Mobile IPv6 defined messages which includes the
   mobility header.  Various forms of identifiers can be used to
   identify a MN.  Some examples include a Network Access Identifier
   (NAI) [RFC_2486bis], an opaque identifier applicable to a particular
   application, etc.  The subtype field in the option defines the
   specific type of identifier.

   This option can be used in mobility messages containing a mobility
   header.  The subtype field in the option is used to interpret the
   specific type of identifier.

       0                   1                   2                   3
       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
                                       |  Option Type  | Option Length |
       |  Subtype      |          Identifier ...

      Option Type:

         MN-ID-OPTION-TYPE to be defined by IANA.  An 8-bit identifier
         of the type mobility option.

      Option Length:

         8-bit unsigned integer, representing the length in octets of
         the Subtype and Identifier fields.


         Subtype field defines the specific type of identifier included
         in the identifier field.


         A variable length identifier of type as specified by the
         subtype field of this option.

   This option does not have any alignment requirements.

February 2005


3.1.  MN-NAI mobility option

   The MN-NAI mobility option uses the general format of the MN-NAI mobility Mobile Node
   Identifier option is as defined in Section 3.  This option uses the
   subtype value of 1.  The MN-NAI mobility option is used to identify
   the mobile node.

   The MN-NAI mobility option uses an identifier of the form user@realm

3.2  This option MUST be implemented by the entities
   implementing this specification.

3.2.  Processing Considerations

   The location of the MN identifier option is as follows: When present,
   this option MUST appear before any authentication related option in a
   message containing a mobility header.

February 2005

4.  Security Considerations

4.1.  General Considerations

   Mobile IPv6 already contains one mechanism for identifying mobile
   nodes, the Home Address Option [RFC 3775]. [RFC3775].  As a result, the
   vulnerabilities of the new option defined in this document are
   similar to those that already exist for Mobile IPv6.  In particular,
   the use of a permanent, stable identifier may compromise the privacy
   of the user, making it possible to track a particular device or user
   as it moves through different locations.

   In addition, since an

4.2.  MN NAI consideration

   Since a Mobile Node Identifier option Section 3 reveals the home
   affiliation of a user, it may assist an attacker in determining the
   identity of the user, help the attacker in targeting specific
   victims, or assist in further probing of the username space.

   These vulnerabilities can be addressed through various mechanisms,
   such as those discussed below:

   o  Encrypting traffic at link layer such that other users on the same
      link do not see the identifiers.  This mechanism does not help
      against attackers on the rest of the path between the mobile node
      and its home agent.

   o  Encrypting the whole packet, such as when using IPsec to protect
      the communications with the home agent [RFC 3776]. [RFC3776].

   o  Using an authentication mechanism that enables the use of privacy
      NAIs [RFC_2486bis] or temporary, changing "pseudonyms" as

   In any case, it should be noted that as the identifier option is only
   needed on the first registration at the home agent and subsequent
   registrations can use the home address, the window of privacy
   vulnerability in this document is reduced as compared to the RFC
   [RFC3775].  In addition, this document is a part of a solution to
   allow dynamic home addresses to be used.  This is an improvement to
   privacy as well, and affects both communications with the home agent
   and the correspondent nodes, both of which have to be told the home

February 2005

5.  IANA Considerations

   IANA services are required for this document.  The values for new
   mobility options must be assigned from the Mobile IPv6 [RFC3775]
   numbering space.

   The values for Mobility Option types MN-ID-OPTION-TYPE as defined in
   Section 3 need to be assigned.  The suggested value is 7 for the

   IANA should record a value for this new mobility option.

   In addition, IANA needs to create a new namespace for the subtype
   field of the Mobile Node Identifier Option.  The currently allocated
   values are as follows:

   NAI (defined in this document) [1]

   New values for this namespace can be allocated using Standards Action

February 2005

6.   IPR Disclosure Acknowledgement

   By submitting this Internet-Draft, each author represents that any
   applicable patent or other IPR claims of which he or she is aware
   have been or will be disclosed, and any of which he or she becomes
   aware will be disclosed, in accordance with Section 6 of BCP 79.

7.  Acknowledgements

   The authors would like to thank Basavaraj Patil for his review and
   suggestions on this draft.  Thanks to Jari Arkko for review and
   suggestions regarding security considerations and various other
   aspects of the document.


8.  Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.

   [RFC2434]  Narten, T. and H. Alvestrand, "Guidelines for Writing an
              IANA Considerations Section in RFCs", BCP 26, RFC 2434,
              October 1998.

   [RFC3775]  Johnson, D., Perkins, C. C., and J. Arkko, "Mobility Support
              in IPv6", RFC 3775, June 2004.

   [RFC3776]  Arkko, J., Devarapalli, V., and F. Dupont, "Using IPsec to
              Protect Mobile IPv6 Signaling Between Mobile Nodes and
              Home Agents", RFC 3776, June 2004.

              Aboba, et. al., B., "The Network Access Identifier",
              draft-ietf-radext-rfc2486bis-03.txt (work in progress),
              November 2004.

   [auth_id]  Patel et. al., A., "Authentication Protocol for Mobile
              IPv6", draft-ietf-mip6-mn-ident-option-04.txt (work in
              progress), February 2005.

Authors' Addresses

   Alpesh Patel
   Cisco Systems
   170 W. Tasman Drive
   San Jose, CA  95134

   Phone: +1 408-853-9580

   Kent Leung
   Cisco Systems
   170 W. Tasman Drive
   San Jose, CA  95134

   Phone: +1 408-526-5030

February 2005

   Mohamed Khalil
   Nortel Networks
   2221 Lakeside Blvd.
   Richardson, TX  75082

   Phone: +1 972-685-0574

   Haseeb Akhtar
   Nortel Networks
   2221 Lakeside Blvd.
   Richardson, TX  75082

   Phone: +1 972-684-4732
   Kuntal Chowdhury
   Starent Networks
   2540 Coolwater Dr.
   Plano, TX  75025
   30 International Place
   Tewksbury, MA  01876

   Phone: +1 214 550 1416

February 2005

Intellectual Property Statement

   The IETF takes no position regarding the validity or scope of any
   Intellectual Property Rights or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; nor does it represent that it has
   made any independent effort to identify any such rights.  Information
   on the procedures with respect to rights in RFC documents can be
   found in BCP 78 and BCP 79.

   Copies of IPR disclosures made to the IETF Secretariat and any
   assurances of licenses to be made available, or the result of an
   attempt made to obtain a general license or permission for the use of
   such proprietary rights by implementers or users of this
   specification can be obtained from the IETF on-line IPR repository at

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights that may cover technology that may be required to implement
   this standard.  Please address the information to the IETF at

Disclaimer of Validity

   This document and the information contained herein are provided on an

Copyright Statement

   Copyright (C) The Internet Society (2005).  This document is subject
   to the rights, licenses and restrictions contained in BCP 78, and
   except as set forth therein, the authors retain all their rights.


   Funding for the RFC Editor function is currently provided by the
   Internet Society.