OPEN ISSUE: Standards Track

Thu May 22 14:06:54 CEST 2003

Hello Steven,

"Steven M. Bellovin" wrote:

> It wasn't a matter of a "sophisticated and super robost security solution";
> it was a matter of one that would *ever* work outside a company.

This isn't true.  A mobile node could roam outside a company,
and still get data from its home agent.  I'm worried about
going over technical details on the problem statement list,
so I'll stop there.

> You can't do AH or ESP without keys; the difference is that we had a
> story about where those keys could come from even before we had a key
> distribution mechanism.  The story was simple:  pre-arranged keys.

Exactly.

> That only works for MobileIP if you can pre-arrange keys with every
> possible spot you'd ever roam to, which is quite at variance with the
> plans I'd heard for MobileIP.

No, you could do it with prearranged keys with the home agent
(as I hope you would agree), and prearranged keys with some
selected correspondent nodes.

>                                  The only path forward we heard was, in
> effect, the One True PKI; that's something that will not, can not, and
> should not exist ("should not" because it would be horribly destructive
> towards any form of Internet privacy).

The other path, which _was_ articulated, was doing prearranged
keys first, and better key distribution later.  Which is what
happened anyway, but we just couldn't publish the Proposed
Standard.

> I won't argue that point; however, any form of cryptographic
> authentication would run into the same key distribution problem.
> Very little of the issue had to do with the syntax or semantics of
> IPsec.  You were running afoul of a basic architectural issue.

Actually, the situation was _far_ more complicated than that,
and IPsec produces serious constraints on what can be actually
run in a protocol.  Again, this is far afield from the problem
statement list material.

> Let me expand a bit more on why IPsec can work (on a small scale)
> without key distribution, and on why the models are fundamentally
> different.

The scale for initial deployment with correspondent nodes would be
limited by the lack of key distribution.  That was never at issue.

> With MobileIP, the mobile node and the home agent are trying to
> persuade random parts of the Internet infrastructure of assorted
> ownership and trust relationships.  But where's the trust anchor?

What a lot of people wanted was the ability to run Mobile IP with
home agents and a few correspondent nodes.  What the ADs demanded
was assurance that we could run Mobile IPv6 with an entire
IPv6-universe full of mobile nodes.  It was and is a great goal.
I think we achieved it, but it shouldn't have stood in the way
of Proposed Standard.

Regards,
Charlie P.