draft-ietf-mobileip-gen-key-00.txt   draft-ietf-mobileip-gen-key-01.txt 
Mobile IP Working Group Charles E. Perkins Mobile IP Working Group Charles E. Perkins
INTERNET DRAFT Nokia Research Center INTERNET DRAFT Nokia Research Center
2 July 2001 Pat R. Calhoun 27 August 2001 Pat R. Calhoun
Sun Microsystems Laboratories Sun Microsystems Laboratories
Generalized Key Distribution Extensions for Mobile IP Generalized Key Distribution Extensions for Mobile IP
draft-ietf-mobileip-gen-key-00.txt draft-ietf-mobileip-gen-key-01.txt
Status of This Memo Status of This Memo
This document is a submission by the mobile-ip Working Group of the This document is a submission by the mobile-ip Working Group of the
Internet Engineering Task Force (IETF). Comments should be submitted Internet Engineering Task Force (IETF). Comments should be submitted
to the mobile-ip@sunroof.eng.sun.com mailing list. to the mobile-ip@sunroof.eng.sun.com mailing list.
Distribution of this memo is unlimited. Distribution of this memo is unlimited.
This document is an Internet-Draft and is in full conformance with This document is an Internet-Draft and is in full conformance with
skipping to change at page 1, line 47 skipping to change at page 1, line 47
Recent proposals have suggested several kinds of key extensions for Recent proposals have suggested several kinds of key extensions for
Mobile IP registration messages. These keys may be used between Mobile IP registration messages. These keys may be used between
the mobile node and mobility agents, or between the mobility agents the mobile node and mobility agents, or between the mobility agents
themselves. This document specifies generalized extension formats themselves. This document specifies generalized extension formats
that can be useful for several kinds of key distributions. Each that can be useful for several kinds of key distributions. Each
generalized extension format will have subtypes which indicate the generalized extension format will have subtypes which indicate the
specific format for the key distribution data. specific format for the key distribution data.
1. Introduction 1. Introduction
Recent proposals [5, 1, 6] have suggested several kinds of key Recent proposals [5, 6] have suggested several kinds of key
extensions for Mobile IP [4] registration messages. These keys may extensions for Mobile IP [4] registration messages. These keys may
be used between the mobile node and mobility agents, or between the be used between the mobile node and mobility agents, or between the
mobility agents themselves. This document specifies generalized mobility agents themselves. This document specifies generalized
extension formats that can be useful for several kinds of key extension formats that can be useful for several kinds of key
distributions. Each generalized extension format will have subtypes distributions. Each generalized extension format will have subtypes
which indicate the specific format for the key distribution data. which indicate the specific format for the key distribution data.
Each generalized format conforms to the overall format suggested for Each generalized format conforms to the overall format suggested for
generalized Mobile IP extensions recently described for MIER [2]. generalized Mobile IP extensions recently described for MIER [2].
Different generalized extensions are defined depending upon the Different generalized extensions are defined depending upon the
following factors: following factors:
- The intended use of the key - The intended use of the key
- Whether the extension requests a key or supplies a key - Whether the extension requests a key or supplies a key
Extensions that request a key are allowable in Mobile IP Registration
Request messages. Extensions that supply key material are allowable
in Mobile IP Registration Reply messages.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [1].
2. Generalized MN-FA Key Request Extension 2. Generalized MN-FA Key Request Extension
Figure 1 illustrates the Generalized MN-FA Key Request Extension. Figure 1 illustrates the Generalized MN-FA Key Request Extension.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Subtype | Length | | Type | Subtype | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Mobile Node SPI | | Mobile Node SPI |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| MN-FA Key Request Subtype Data ... | MN-FA Key Request Subtype Data ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 1: The Generalized Mobile IP MN-FA Key Request Extension Figure 1: The Generalized Mobile IP MN-FA Key Request Extension
Type 40 (not skippable) (see [4]) Type TBD (not skippable) (see [4] and section 8)
Subtype a number assigned to identify the way in Subtype a number assigned to identify the way in
which the Key Request Data is to be used which the Key Request Data is to be used when
when generating the registration key generating the registration key
Length 4 plus the number of bytes in the Subtype Length The 16-bit Length field indicates the length of
Data; SHOULD be at least 20. the extension. It is equal to the number of
bytes in the MN-FA Key Request Subtype Data plus
4 (for the Mobile Node SPI field), and SHOULD be
at least 20.
Mobile Node SPI The Security Parameters Index that the Mobile Node SPI The Security Parameters Index that the mobile
mobile node will assign for the security node will assign for the security association
association created for use with the created for use with the registration key.
registration key.
MN-FA Key Request Subtype Data MN-FA Key Request Subtype Data
Data needed to carry out the creation of the Data needed to carry out the creation of the
registration key on behalf of the mobile registration key on behalf of the mobile node.
node.
The Generalized MN-FA Key Request Extension defines a set of The Generalized MN-FA Key Request Extension defines a set of
extensions, identified by subtype, which may be used by a mobile node extensions, identified by subtype, which may be used by a mobile node
in a Mobile IP Registration Request message to request that some in a Mobile IP Registration Request message to request that some
other entity create a key for use by the mobile node with the mobile other entity create a key for use by the mobile node with the mobile
node's new foreign agent. node's new foreign agent.
3. Generalized MN-FA Key Reply Extension 3. Generalized MN-FA Key Reply Extension
The Generalized MN-FA Key Reply extension supplies a registration key The Generalized MN-FA Key Reply extension supplies a registration key
requested by using one of the subtypes of the Generalized MN-FA Key requested by using one of the subtypes of the Generalized MN-FA Key
Request extension. Figure 2 illustrates the format Generalized MN-FA Request extension. Figure 2 illustrates the format Generalized MN-FA
Key Reply Extension. Key Reply Extension.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Subtype | Length | | Type | Subtype | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Key Reply Subtype Data ... | MN-FA Key Reply Subtype Data ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 2: The Generalized Mobile IP MN-FA Key Reply Extension Figure 2: The Generalized Mobile IP MN-FA Key Reply Extension
Type 41 (not skippable) (see [4]) Type TBD (not skippable) (see [4] and section 8)
Subtype a number assigned to identify the way in which the
Subtype a number assigned to identify the way in which MN-FA Key Reply Subtype Data is to be decrypted to
the Encoded MN-FA Key Data is to be decrypted to
obtain the registration key obtain the registration key
Length The 16-bit Length field indicates the length of Length The 16-bit Length field is equal to the number of bytes
the extension. It is equal to 4 plus the number in the MN-FA Key Reply Subtype Data.
of bytes in the Encoded MN-FA Key Data.
MN-FA Key Reply Subtype Data MN-FA Key Reply Subtype Data
An encoded copy of the key to be used between the An encoded copy of the key to be used between the
mobile node and the foreign agent, along with mobile node and the foreign agent, along with any other
any other information needed by the recipient information needed by the recipient to create the
to create the designated Mobility Security designated Mobility Security Association.
Association.
For each subtype, the format of the MN-FA Key Reply Subtype Data has For each subtype, the format of the MN-FA Key Reply Subtype Data has
to be separately defined according to the particular method required to be separately defined according to the particular method required
to set up the security association. to set up the security association.
In some cases, the MN-FA Key supplied in the data for a subtype of In some cases, the MN-FA Key supplied in the data for a subtype of
this extension comes by a request which was sent using a subtype of this extension comes by a request which was sent using a subtype of
the Generalized MN-FA Key Request Extension. In that case, the SPI the Generalized MN-FA Key Request Extension. In that case, the SPI
to be used when employing the security association defined by the to be used when employing the security association defined by the
registration key is the same as given in the original request. registration key is the same as given in the original request.
skipping to change at page 3, line 35 skipping to change at page 3, line 43
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Subtype | Length | | Type | Subtype | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Mobile Node SPI | | Mobile Node SPI |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| MN-HA Key Request Subtype Data ... | MN-HA Key Request Subtype Data ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 3: The Generalized Mobile IP MN-HA Key Request Extension Figure 3: The Generalized Mobile IP MN-HA Key Request Extension
Type 42 (not skippable) (see [4]) Type TBD (not skippable) (see [4] and section 8)
Subtype a number assigned to identify the way in Subtype a number assigned to identify the way in
which the Key Request Data is to be used which the Key Request Data is to be used when
when generating the registration key generating the registration key
Length The 16-bit Length field indicates the length of
Length 4 plus the number of bytes in the Subtype the extension. It is equal to the number of
Data; SHOULD be at least 20. bytes in the MN-HA Key Request Subtype Data plus
4 (for the Mobile Node SPI field), and SHOULD be
at least 20.
Mobile Node SPI The Security Parameters Index that the Mobile Node SPI The Security Parameters Index that the mobile
mobile node will assign for the security node will assign for the security association
association created for use with the created for use with the registration key.
registration key.
MN-HA Key Request Subtype Data MN-HA Key Request Subtype Data
Data needed to carry out the creation of the Data needed to carry out the creation of the
registration key on behalf of the mobile registration key on behalf of the mobile node.
node.
The Generalized MN-HA Key Request Extension defines a set of The Generalized MN-HA Key Request Extension defines a set of
extensions, identified by subtype, which may be used by a mobile node extensions, identified by subtype, which may be used by a mobile node
in a Mobile IP Registration Request message to request that some in a Mobile IP Registration Request message to request that some
other entity create a key for use by the mobile node with the mobile other entity create a key for use by the mobile node with the mobile
node's new home agent. node's new home agent.
5. Generalized MN-HA Key Reply Extension 5. Generalized MN-HA Key Reply Extension
0 1 2 3 0 1 2 3
skipping to change at page 4, line 30 skipping to change at page 4, line 38
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Subtype | Length | | Type | Subtype | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Lifetime | | Lifetime |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| MN-HA Key Reply Subtype Data ... | MN-HA Key Reply Subtype Data ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 4: The Generalized Mobile IP MN-HA Key Reply Extension Figure 4: The Generalized Mobile IP MN-HA Key Reply Extension
Type 43 (not skippable) (see [4]) Type TBD (not skippable) (see [4] and section 8)
Subtype a number assigned to identify the way in which Subtype a number assigned to identify the way in which the
the Encoded MN-HA Key Data is to be decrypted to MN-HA Key Reply Subtype Data is to be decrypted to
obtain the registration key obtain the registration key
Length The 16-bit Length field indicates the length of Length The 16-bit Length field indicates the length of the
the extension. It is equal to 4 plus the number extension. It is equal to the number of bytes in the
of bytes in the Encoded MN-HA Key Data. MN-HA Key Reply Subtype Data plus 4 (for the Lifetime
field).
Lifetime This field indicates the duration of time (in Lifetime This field indicates the duration of time (in seconds)
seconds) for which the MN-HA key is valid. for which the MN-HA key is valid.
MN-HA Key Reply Subtype Data MN-HA Key Reply Subtype Data
An encrypted copy of the key to be used between An encrypted copy of the key to be used between the
the mobile node and its home agent, along with mobile node and its home agent, along with any other
any other information needed by the mobile information needed by the mobile node to create the
node to create the designated Mobility Security designated Mobility Security Association with the home
Association with the home agent. agent.
For each subtype, the format of the MN-HA Key Reply Subtype Data has For each subtype, the format of the MN-HA Key Reply Subtype Data has
to be separately defined according to the particular method required to be separately defined according to the particular method required
to set up the security association. to set up the security association.
6. Generalized FA-HA Key Reply Extension 6. Generalized FA-HA Key Reply Extension
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Subtype | Length | | Type | Subtype | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Lifetime | | Lifetime |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| FA-HA Key Reply Subtype Data ... | FA-HA Key Reply Subtype Data ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 5: The Generalized Mobile IP FA-HA Key Reply Extension Figure 5: The Generalized Mobile IP FA-HA Key Reply Extension
Type 45 (not skippable) (see [4]) Type TBD (not skippable) (see [4] and section 8)
Subtype a number assigned to identify the way in which Subtype a number assigned to identify the way in which the
the Encoded FA-HA Key Data is to be decrypted to FA-HA Key Reply Subtype Data is to be decrypted to
obtain the registration key obtain the registration key
Length The 16-bit Length field indicates the length of Length The 16-bit Length field is equal to the number of bytes
the extension. It is equal to 4 plus the number in the FA-HA Key Reply Subtype Data plus 4 (for the
of bytes in the Encoded FA-HA Key Data. Lifetime field).
Lifetime This field indicates the duration of time (in Lifetime This field indicates the duration of time (in seconds)
seconds) for which the FA-HA key is valid. for which the FA-HA key is valid.
FA-HA Key Reply Subtype Data FA-HA Key Reply Subtype Data
An encrypted copy of the key to be used between An encrypted copy of the key to be used between the
the foreign agent and the mobile node's home foreign agent and the mobile node's home agent, along
agent, along with any other information needed with any other information needed by the foreign agent
by the foreign agent to create the designated to create the designated Mobility Security Association
Mobility Security Association with that home with that home agent.
agent.
For each subtype, the format of the FA-HA Key Reply Subtype Data has For each subtype, the format of the FA-HA Key Reply Subtype Data has
to be separately defined according to the particular method required to be separately defined according to the particular method required
to set up the security association. to set up the security association.
7. Generalized FA-FA Key Reply Extension 7. Generalized FA-FA Key Reply Extension
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Subtype | Length | | Type | Subtype | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| FA-FA SPI | | FA-FA SPI |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| FA-FA Key Reply Subtype Data ... | FA-FA Key Reply Subtype Data ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
skipping to change at page 6, line 16 skipping to change at page 6, line 25
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Subtype | Length | | Type | Subtype | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| FA-FA SPI | | FA-FA SPI |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| FA-FA Key Reply Subtype Data ... | FA-FA Key Reply Subtype Data ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 6: The Generalized Mobile IP FA-FA Key Reply Extension Figure 6: The Generalized Mobile IP FA-FA Key Reply Extension
Type 46 (not skippable) (see [4]) Type TBD (not skippable) (see [4] and section 8)
Subtype a number assigned to identify the way in which Subtype a number assigned to identify the way in which the
the Encoded FA-FA Key Data is to be decrypted to FA-FA Key Reply Subtype Data is to be decrypted to
obtain the registration key obtain the registration key
Length The 16-bit Length field indicates the length of Length The 16-bit Length field is equal to the number of bytes
the extension. It is equal to 4 plus the number in the FA-FA Key Reply Subtype Data plus 4 (for the
of bytes in the Encoded FA-HA Key Data. FA-FA SPI field).
FA-FA SPI This field indicates the SPI that should be used FA-FA SPI This field indicates the SPI that should be used to
to decipher the FA-FA key. decipher the FA-FA key.
FA-FA Key Reply Subtype Data FA-FA Key Reply Subtype Data
An encrypted copy of the key to be used between An encrypted copy of the key to be used between two
the foreign agent and its home agent, along foreign agents, along with any other information needed
with any other information needed by the mobile by the foreign agents to create the desired security
node to create the designated Mobility Security association.
Association with the home agent.
For each subtype, the format of the FA-HA Key Reply Subtype Data has For each subtype, the format of the FA-FA Key Reply Subtype Data has
to be separately defined according to the particular method required to be separately defined according to the particular method required
to set up the security association. to set up the security association.
8. IANA Considerations 8. IANA Considerations
Each generalized extension specified in this document is to be The numbers for the Generalized Key Extensions specified in
numbered from the space of Mobile IP registration extension numbers sections 2 through 7 are to be taken from the non-skippable range of
defined in RFC 2002 [4] as extended in RFC 2356 [3]. The numbers 40, the Mobile IP registration extension namespace defined in [4].
41, 42, 43, 45 and 46 chosen in the text are currently unassigned.
A subtype address space must be created for each generalized Section 2 introduces the Generalized MN-FA Key Request Extension
extension defined in this document. From this space, subtype values namespace that requires IANA management. All values other than zero
will be assigned according to standards approved principally by the (0) are available for assignment via Standards Action [3].
mobile-ip working group, but other working groups may also submit
requests to assign subtype numbers for Mobile IP extensions. Section 3 introduces the Generalized MN-FA Key Reply Extension
namespace that requires IANA management. All values other than zero
(0) are available for assignment via Standards Action [3].
Section 4 introduces the Generalized MN-HA Key Request Extension
namespace that requires IANA management. All values other than zero
(0) are available for assignment via Standards Action [3].
Section 5 introduces the Generalized MN-HA Key Reply Extension
namespace that requires IANA management. All values other than zero
(0) are available for assignment via Standards Action [3].
Section 6 introduces the Generalized FA-HA Key Reply Extension
namespace that requires IANA management. All values other than zero
(0) are available for assignment via Standards Action [3].
Section 7 introduces the Generalized FA-FA Key Reply Extension
namespace that requires IANA management. All values other than zero
(0) are available for assignment via Standards Action [3].
9. Security Considerations 9. Security Considerations
The extensions in this document are intended to provide the The extensions in this document are intended to provide the
appropriate level of security for Mobile IP entities (mobile node, appropriate level of security for Mobile IP entities (mobile node,
foreign agent, and home agent) to operate Mobile IP registration foreign agent, and home agent) to operate Mobile IP registration
protocol. The security associations resulting from use of these protocol. The security associations resulting from use of these
extensions do not offer any higher level of security than what is extensions do not offer any higher level of security than what is
already implicit in use of the security association between the already implicit in use of the security association between the
receiver and the entity distributing the key. receiver and the entity distributing the key.
10. Acknowledgements
Thanks to Jouni Malinen and Madhavi Chandra for their careful review
and suggestions for improving this specification.
References References
[1] P. Calhoun, Haseeb Akhtar, Emad Qaddoura, and N. Asokan. Foreign [1] S. Bradner. Key words for use in RFCs to Indicate Requirement
Agent Keys Encoded as Opaque Tokens for use in Hand-off Process Levels. Request for Comments (Best Current Practice) 2119,
(work in progress). draft-calhoun-mobileip-min-lat-handoff-02.txt, Internet Engineering Task Force, March 1997.
March 2000.
[2] M. Khalil, R. Narayanan, H. Akhtar, and E. Qaddoura. [2] M. Khalil, R. Narayanan, H. Akhtar, and E. Qaddoura.
Mobile IP Extensions Rationalization (MIER) (work in Mobile IP Extensions Rationalization (MIER) (work in
progress). Internet Draft, Internet Engineering Task Force. progress). Internet Draft, Internet Engineering Task Force.
draft-ietf-mobileip-mier-06.txt, April 2001. draft-ietf-mobileip-mier-06.txt, April 2001.
[3] G. Montenegro and V. Gupta. Sun's SKIP Firewall Traversal for [3] T. Narten and H. Alvestrand. Guidelines for Writing an IANA
Mobile IP. Request for Comments (Informational) 2356, Internet Considerations Section in RFCs. Request for Comments (Best
Engineering Task Force, June 1998. Current Practice) 2434, Internet Engineering Task Force, October
1998.
[4] C. Perkins. IP Mobility Support. Request for Comments (Proposed [4] C. Perkins. IP Mobility Support. Request for Comments (Proposed
Standard) 2002, Internet Engineering Task Force, October 1996. Standard) 2002, Internet Engineering Task Force, October 1996.
[5] C. Perkins and P. Calhoun. AAA Keys for Mobile IP (work in [5] C. Perkins and P. Calhoun. AAA Keys for Mobile IP (work in
progress). Internet Draft, Internet Engineering Task Force. progress). Internet Draft, Internet Engineering Task Force.
draft-ietf-mobileip-aaa-key-00.txt, July 2001. draft-ietf-mobileip-aaa-key-00.txt, July 2001.
[6] C. E. Perkins, D. Johnson, and N. Asokan. Registration Keys for [6] C. E. Perkins, D. Johnson, and N. Asokan. Registration Keys for
Route Optimization (work in progress). Route Optimization (work in progress).
skipping to change at page 8, line 17 skipping to change at page 8, line 47
6000 Connection Dr. Suite 120 6000 Connection Dr. Suite 120
20251 Century Blvd 20251 Century Blvd
Irving, TX. 75039 Germantown MD 20874 Irving, TX. 75039 Germantown MD 20874
USA USA USA USA
Phone: +1 972-894-6709 Phone: +1 847-202-9314 Phone: +1 972-894-6709 Phone: +1 847-202-9314
Email: Basavaraj.Patil@nokia.com Email: PRoberts@MEGISTO.com Email: Basavaraj.Patil@nokia.com Email: PRoberts@MEGISTO.com
Questions about this memo can also be directed to the authors: Questions about this memo can also be directed to the authors:
Charles E. Perkins Pat R. Calhoun Charles E. Perkins Pat R. Calhoun
Communications Systems Lab Network & Security Center Communications Systems Lab
Nokia Research Center Sun Microsystems Laboratories Nokia Research Center Black Storm Networks
313 Fairchild Drive 15 Network Circle 313 Fairchild Drive 250 Cambridge Avenue, Suite 200
Mountain View, California 94043 Menlo Park, California 94025 Mountain View, California 94043 Palo Alto, California, 94306
USA USA USA USA
Phone: +1-650 625-2986 Phone: +1 650-786-7733 Phone: +1-650 625-2986 Phone: +1 650-617-2932
EMail: charliep@iprg.nokia.com EMail: pcalhoun@eng.sun.com EMail: charliep@iprg.nokia.com Email: pcalhoun@diameter.org
Fax: +1 650 625-2502 Fax: +1 650-786-6445 Fax: +1 650 625-2502 Fax: +1 650-786-6445
 End of changes. 

This html diff was produced by rfcdiff 1.25, available from http://www.levkowetz.com/ietf/tools/rfcdiff/