RE: WGLC: draft-ietf-v6ops-cpe-simple-security-10.txt

[Mohacsi Janos <mohacsi@niif.hu>]

On Tue, 20 Apr 2010, Laganier, Julien wrote:

> However MIPv6 also relies on the use of a degenerated tunneling 
> mechanism between a Mobile Node and its corresponds nodes. This 
> tunneling involves the use of the Routing Header Type 2 and of the Home 
> Address destination option, which are not covered in the document.
>
> In practice I believe this type of tunnel should be treated as IP-in-IP 
> tunnels, but this is currently not the case. The issues is as follows:
>
> Outbound packets sent in the tunnel are sent from the Mobile Node 
> Care-of Address and with a Home Address destination option -- so it 
> seems that there is no problem for those, although we might want to be 
> explicit.
>
> However inbound packets corresponding to an outbound initiated tunnel 
> should be accepted as well (as for IP-in-IP), but these packets will be 
> destined to the Home Address and carrying the Care-of Address in the 
> Routing Header Type 2, so they will not be handled properly absent an 
> explicit recommendation that the CPE tracks MIPv6 HoA/RH2 degenerated 
> tunnels.
>
> I believe we should cover MIPv6 adequately in this specification by 
> adding explicit tracking of outbound initiated MIPv6 HoA/RH2 degenerated 
> tunnels.
>
> [ The MEXT WG has two documents specifying firewall behavior for MIPv6 
> that could be used as a starting point for text to be included in this 
> spec -- see 
> http://tools.ietf.org/html/draft-ietf-mext-firewall-vendor-02 and 
> http://tools.ietf.org/html/draft-ietf-mext-firewall-admin-02 ]
>
> What do people think?

Is it still applies to "CPE simple security"?  In my opinion, vendor might 
decide implement these additional settings... 
Best Regards,

Janos Mohacsi
Head of HBONE+ project
Network Engineer, Deputy Director of Network Planning and Projects
NIIF/HUNGARNET, HUNGARY
Key 70EF9882: DEC2 C685 1ED4 C95A 145F  4300 6F64 7B00 70EF 9882