One document matched: draft-mkhalil-mobileip-mier-00.txt
Internet Engineering Task Force Mohamed Khalil
INTERNET-DRAFT Raja Narayanan
<draft-mkhalil-mobileip-mier-00.txt> Emad Qaddoura
Date: October, 1999 Haseeb Akhtar
Expires: April, 2000 Nortel Networks
Mobile IP Extensions Rationalization (MIER)
Status of this memo
This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other
documents at any time. It is inappropriate to use Internet-Drafts
as reference material or to cite them other than as "work in
progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
Abstract
As the large scale Mobile IP deployment becomes fairly imminent, we
see many drafts proposing new extensions for Mobile IP. Therefore
there is a real need to conserve the type field in the extensions
structure. MIER describes a new extensions structure to Mobile IP
to make the extensions truly extensible and secure.
1. Introduction
The type field in the Mobile IP extension structure can support
Khalil, et al. Expires April 2000 [Page 1]
Internet-Draft MIER 16 October 1999
upto 255 uniquely identifiable extensions. With large scale
deployment needs there is a strong possibility that the available
space will run out. In addition the current extension format does
not provide for encryption.
Mobile IP Extensions Rationalization (MIER) describes a new
extensions structure to solve this problem. MIER strategy is to
initially aggregate certain types of extensions (e.g, NAI) and sub
types (content type) to identify the precise sub type of the
extension (example MN/User NAI, HA NAI etc). This will greatly
reduce the usage of the type field. In addition MIER format
provides a way for these extensions to be optionally encrypted thus
providing a measure of security to the contents of the extension.
MIER also specifies a specific type to be used when all the space
in the type field is used up.
2. Terminology
This document uses the following terminology:
SA Security Association is the logical term used
to capture the shared secret keys, secruity
attributes and policy that needs to be defined
in order to apply protection to traffic between
any two nodes in a network. SPI (defined below)
uniquely identifies a SA within the context of
a host.
MN Mobile Node [Perkins98]
HA Home Agent [Perkins98]
FA Foreign Agent [Perkins98]
AAA Authentication, Authorization, and Accounting
Server
SPI Security Parameters Index is a 32 bit number to
index a SA in a database.
Khalil, et al. Expires April 2000 [Page 2]
Internet-Draft MIER 16 October 1999
3. Specification Language
The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in
this document are to be interpreted as described in RFC 2119 [2].
4. Generic Mobile IP Extension format
The Mobile IP Extension format is described below:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | length | content-type |E| rsv |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| SPI |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Data .....
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The type field MUST be used in a a way to aggregate extensions.
The content-type field MUST identify the sub types. If E is set to
1 then the data is encrypted. SPI is the Security Parameter Index
to identify the encryption attributes. SPI field MUST be dropped if
the E field is set to 0. The rsv field is reserved for future use.
5. New Extension Specification
Some of the extensions proposed in the following sections are under
consideration in the Mobile IP WG by virtue of other drafts namely,
MN NAI Extension [Calhoun99a], Vendor/Organization specific
extension [Dommety99]. This draft proposes the same extensions in a
format that reduces type field proliferation and provides
optionality for encryption.
5.1. NAI Extension
This section defines a general purpose NAI extension for different
types of entities such MN, HA, FA etc.
Khalil, et al. Expires April 2000 [Page 3]
Internet-Draft MIER 16 October 1999
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | length | content-type |E| rsv |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| SPI |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| NAI-INFO .....
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type NAI Aggregate type (TBD)
length The length of the NAI-INFO field.
content-type this field describes the type of the entity which
owns the NAI. The following types are defined:
0 MN-NAI
1 FA-NAI
2 HA-NAI
E if 1 then the contents of NAI-INFO field
is encrypted.
SPI Security Parameter Index. Defines the key and type
of encrypted algorithm which used to encrypt the
NAI. This parameter is included only if the E bit
set ( E=1).
NAI-INFO Contains the NAI string in an encrypted or regular
string format.
5.2. Address Extension
This section defines a general purpose L2 Address extension for
different types of transport technologies.
Khalil, et al. Expires April 2000 [Page 4]
Internet-Draft MIER 16 October 1999
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | length | content-type |E| rsv |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| SPI |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| L2-ADDRESS-INFO .....
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type Layer 2 Address Aggregate type (TBD)
length The length of the L2 ADDRESS-INFO field.
content-type this field describes the type of L2 addresses
included in the extension. The following types
are defined:
0 ETHERNET-ADDRESS
1 IMSI
2 MIN (Mobile Identification Number)
E if 1 then the contents of L2-ADDRESS-INFO field
is encrypted.
SPI Security Parameter Index. Defines the key and type
of encrypted algorithm which used to encrypt the
L2-ADDRESS-INFO filed. This parameter is included
only if the E bit set ( E=1).
L2-ADDRESS-INFO Contains the L2 address in an encrypted of reqular
format.
5.3. IP Extension
This section defines a general purpose IP extension which carry IP
addresses in encrypted or unencrypted format. Currently the MN Home
IP address is carried in the clear. Under requirements for user
privacy there MAY be need to send the MN's IP address encrypted and
this extension provides a way to do that.
Khalil, et al. Expires April 2000 [Page 5]
Internet-Draft MIER 16 October 1999
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | length | content-type |E| rsv |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| SPI |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| IP-INFO .....
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type IP Extension Aggregate type (TBD)
length The length of the IP-INFO field.
content-type defines the type of entity which owns the IP
address:
0 MN-HOME-IP
1 DEFAULT-ROUTER-IP
E if 1 then the contents of IP-INFO field is
encrypted.
SPI Security Parameter Index. Defines the key and type
of encrypted algorithm which used to encrypt the
IP-INFO filed. This parameter is included only if
the E bit set ( E=1).
IP-INFO Contains the IP address in an encrypted of reqular
format.
5.4. Per Session Security Association Extension
This section defines a general purpose security association
extension which carrries information necessary to establish
security association between different entities in the Mobile IP
model (e.g. MN-FA SA and FA-HA SA).
Khalil, et al. Expires April 2000 [Page 6]
Internet-Draft MIER 16 October 1999
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | length | content-type |E| rsv |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| SPI |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| SA-INFO .....
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type Per Session SA Aggregate type (TBD)
length The length of the SA-INFO field.
content-type defines the type of entity which owns the IP
address:
0 MN-FA-SA
1 FA-HA-SA
E if 1 then the contents of SA-INFO field
is encrypted.
SPI Security Parameter Index. Defines the key and type
of encrypted algorithm which used to encrypt the
SA-INFO field. This parameter is included only if
the E bit set ( E=1).
SA-INFO This field encode the information to establish
security association such as private key or
session key.
5.5. Vendor/Organization Specific Extension
This section defines a general purpose vendor/organization specific
extension [Dommety99]
Khalil, et al. Expires April 2000 [Page 7]
Internet-Draft MIER 16 October 1999
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | length | content-type |E| rsv |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Vendor ID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| SPI |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Data .....
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type Vendor/organization Specific Aggregate Type (TBD)
length The length of the Data field
content-type defines the type of vendor/organization specific
extension as critical or normal.
0 Critical
1 Normal
Critical or Normal as as defined in Dommety99.
Vendor ID Vendor ID is as referred to in Dommety99.
E if 1 then the contents of SA-INFO field
is encrypted.
SPI Security Parameter Index. Defines the key and type
of encrypted algorithm which used to encrypt the
SA-INFO field. This parameter is included only if
the E bit set ( E=1).
Data This field contains the vendor specific data.
5.6. General Extension
In the event when all the available type space is consumed the
following format will further provide extensibility. This format
MAY also be used in the event that a certain aggregation type
requires the length field to be greater than one.
Khalil, et al. Expires April 2000 [Page 8]
Internet-Draft MIER 16 October 1999
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Actual-Type | Content-Type |E| rsv |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| SPI |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Data .....
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type The general type (TBD)
Actual-Type The actual aggregate type
length The length of the Data field.
content-type Defines the sub type of aggregate type
E if 1 then the contents of Data field
is encrypted.
SPI Security Parameter Index. Defines the key and type
of encrypted algorithm which used to encrypt the
SA-INFO field. This parameter is included only if
the E bit set ( E=1).
Data This field contains the actual data
6. IANA Considerations
Assignment of the TBDs for the types, content types and actual
types MUST occur in a non conflicting manner.
7. Security Considerations
Each extension has a field using which the extension MAY be
encrypted. The SPI field MUST be present if the extension is
encrypted.
Khalil, et al. Expires April 2000 [Page 9]
Internet-Draft MIER 16 October 1999
8. Acknowledgements
The authors would like to acknowledge Basavaraj Patil for his input
in writing this draft.
Khalil, et al. Expires April 2000 [Page 10]
Internet-Draft MIER 16 October 1999
9. References
[1] [Calhoun99a] Calhoun, Perkins, "Mobile IP Network Access
Identifier Extension", draft-ietf-mobileip-mn-nai-04.txt
[2] [Dommety99] Dommety, Leung, "Vendor/Organization Specific
Extensions for Mobile IP", draft-dommety-mobileip-vendor-ext-
00.txt
[3] [Perkins96] Perkins, "IP mobility Support", RFC 2002, Oct 96
[4] Bradner S., "Key words for use in RFCs to Indicate Requirement
Levels", RFC 2119, March 1997.
10. Authors' Addresses
Questions about this document can be directed to:
Mohamed Khalil Emad Qaddoura
Nortel Networks Inc. Nortel Networks Inc.
2201 Lakeside Blvd 2201 Lakeside Blvd
Richardson, TX 75082-4399 Richardson, TX 75082-4399
Phone: +1 972 685-0564 Phone: +1 972 684-2705
E-mail: mkhalil@nortelnetworks.com E-mail: emadq@nortelnetworks.com
Raja Narayanan Haseeb Akhtar
Nortel Networks Inc. Nortel Networks Inc.
2201 Lakeside Blvd 2201 Lakeside Blvd
Richardson, TX 75082-4399 Richardson, TX 75082-4399
Phone: +1 972 684-5707 Phone: +1 972 684-8850
E-mail: raja@nortelnetworks.com E-mail: haseeb@nortelnetworks.com
Khalil, et al. Expires April 2000 [Page 11]
| PAFTECH AB 2003-2026 | 2026-04-21 21:19:43 |