1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
|
<pre>Network Working Group A. Patel, Ed.
Request for Comments: 4640 Cisco
Category: Informational G. Giaretta, Ed.
Telecom Italia
September 2006
<span class="h1">Problem Statement for Bootstrapping Mobile IPv6 (MIPv6)</span>
Status of This Memo
This memo provides information for the Internet community. It does
not specify an Internet standard of any kind. Distribution of this
memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2006).
Abstract
A mobile node needs at least the following information: a home
address, a home agent address, and a security association with home
agent to register with the home agent. The process of obtaining this
information is called bootstrapping. This document discusses issues
involved with how the mobile node can be bootstrapped for Mobile IPv6
(MIPv6) and various potential deployment scenarios for mobile node
bootstrapping.
Table of Contents
<a href="#section-1">1</a>. Introduction ....................................................<a href="#page-2">2</a>
<a href="#section-1.1">1.1</a>. Overview of the Problem ....................................<a href="#page-3">3</a>
<a href="#section-1.2">1.2</a>. Bootstrapping ..............................................<a href="#page-3">3</a>
<a href="#section-1.3">1.3</a>. Terminology ................................................<a href="#page-4">4</a>
<a href="#section-2">2</a>. Assumptions .....................................................<a href="#page-5">5</a>
<a href="#section-3">3</a>. Design Goals ....................................................<a href="#page-6">6</a>
<a href="#section-4">4</a>. Non-goals .......................................................<a href="#page-7">7</a>
<a href="#section-5">5</a>. Motivation for bootstrapping ....................................<a href="#page-7">7</a>
<a href="#section-5.1">5.1</a>. Addressing .................................................<a href="#page-7">7</a>
<a href="#section-5.1.1">5.1.1</a>. Dynamic Home Address Assignment .....................<a href="#page-7">7</a>
<a href="#section-5.1.2">5.1.2</a>. Dynamic Home Agent Assignment .......................<a href="#page-9">9</a>
<a href="#section-5.1.3">5.1.3</a>. "Opportunistic" or "Local" Discovery ................<a href="#page-9">9</a>
<a href="#section-5.1.4">5.1.4</a>. Management Requirements .............................<a href="#page-9">9</a>
<a href="#section-5.2">5.2</a>. Security Infrastructure ...................................<a href="#page-10">10</a>
<a href="#section-5.2.1">5.2.1</a>. Integration with AAA Infrastructure ................<a href="#page-10">10</a>
<a href="#section-5.3">5.3</a>. Topology Change ...........................................<a href="#page-10">10</a>
<span class="grey">Patel & Giaretta Informational [Page 1]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-2" ></span>
<span class="grey"><a href="./rfc4640">RFC 4640</a> PS Bootstrapping Mobile IPv6 September 2006</span>
<a href="#section-5.3.1">5.3.1</a>. Dormant Mode Mobile Nodes ..........................<a href="#page-10">10</a>
<a href="#section-6">6</a>. Network Access and Mobility Services ...........................<a href="#page-11">11</a>
<a href="#section-7">7</a>. Deployment Scenarios ...........................................<a href="#page-13">13</a>
<a href="#section-7.1">7.1</a>. Mobility Service Subscription Scenario ....................<a href="#page-13">13</a>
<a href="#section-7.2">7.2</a>. Integrated ASP Network Scenario ...........................<a href="#page-14">14</a>
<a href="#section-7.3">7.3</a>. Third-Party MSP Scenario ..................................<a href="#page-14">14</a>
<a href="#section-7.4">7.4</a>. Infrastructure-less Scenario ..............................<a href="#page-15">15</a>
<a href="#section-8">8</a>. Parameters for Authentication ..................................<a href="#page-15">15</a>
<a href="#section-9">9</a>. Security Considerations ........................................<a href="#page-17">17</a>
<a href="#section-9.1">9.1</a>. Security Requirements of Mobile IPv6 ......................<a href="#page-17">17</a>
<a href="#section-9.2">9.2</a>. Threats to the Bootstrapping Process ......................<a href="#page-18">18</a>
<a href="#section-10">10</a>. Contributors ..................................................<a href="#page-19">19</a>
<a href="#section-11">11</a>. Acknowledgements ..............................................<a href="#page-20">20</a>
<a href="#section-12">12</a>. Informative References ........................................<a href="#page-20">20</a>
<span class="h2"><a class="selflink" id="section-1" href="#section-1">1</a>. Introduction</span>
Mobile IPv6 [<a href="./rfc3775" title=""Mobility Support in IPv6"">RFC3775</a>] specifies mobility support based on the
assumption that a mobile node (MN) has a trust relationship with an
entity called the home agent. Once the home agent address has been
learned (for example, via manual configuration, anycast discovery
mechanisms, or DNS lookup), Mobile IPv6 signaling messages between
the mobile node and the home agent are secured with IPsec or with the
authentication protocol, as defined in [<a href="./rfc4285" title=""Authentication Protocol for Mobile IPv6"">RFC4285</a>]. The requirements
for this security architecture are created with [<a href="./rfc3775" title=""Mobility Support in IPv6"">RFC3775</a>], and the
details of this procedure are described in [<a href="./rfc3776" title=""IAB and IESG Selection, Confirmation, and Recall Process: Operation of the Nominating and Recall Committees"">RFC3776</a>].
In [<a href="./rfc3775" title=""Mobility Support in IPv6"">RFC3775</a>], there is an implicit requirement that the MN be
provisioned with enough information that will permit it to register
successfully with its home agent. However, having this information
statically provisioned creates practical deployment issues.
This document serves to define the problem of bootstrapping.
Bootstrapping is defined as the process of obtaining enough
information at the mobile node that it can successfully register with
an appropriate home agent.
The requirements for bootstrapping could consider various
scenarios/network deployment issues. It is the basic assumption of
this document that certain minimal parameters (seed information) are
available to the mobile node to aid in bootstrapping. The exact seed
information available differs depending on the deployment scenario.
This document describes various deployment scenarios and provides a
set of minimal parameters that are available in each deployment
scenario.
<span class="grey">Patel & Giaretta Informational [Page 2]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-3" ></span>
<span class="grey"><a href="./rfc4640">RFC 4640</a> PS Bootstrapping Mobile IPv6 September 2006</span>
This document stops short of suggesting the preferred solutions for
how the mobile node should obtain information. Such details will be
available from separate documents.
<span class="h3"><a class="selflink" id="section-1.1" href="#section-1.1">1.1</a>. Overview of the Problem</span>
Mobile IPv6 [<a href="./rfc3775" title=""Mobility Support in IPv6"">RFC3775</a>] expects the mobile node to have a static home
address, a home agent address (which can be derived from an anycast
address), and a security association with a home agent (or multiple
home agents).
This static provisioning of information has various problems, as
discussed in <a href="#section-5">Section 5</a>.
The aim of this document is:
o To define bootstrapping;
o To identify sample deployment scenarios where Mobile Internet
Protocol version 6 (MIPv6) will be deployed, taking into account
the relationship between the subscriber and the service provider;
and
o To identify the minimal set of information required on the Mobile
Node and in the network in order for the mobile node to obtain
address and security credentials, to register with the home agent.
<span class="h3"><a class="selflink" id="section-1.2" href="#section-1.2">1.2</a>. Bootstrapping</span>
Bootstrapping is defined as obtaining enough information at the
mobile node that the mobile node can successfully register with an
appropriate home agent. Specifically, this means obtaining the home
agent address and home address, and for the mobile node and home
agent to authenticate and mutually construct security credentials for
Mobile IPv6.
Typically, bootstrapping happens when a mobile node does not have all
the information it needs to set up the Mobile IPv6 service. This
includes, but is not limited to, situations in which the mobile node
does not having any information when it boots up for the first time
(out of the box), or does not retain any information during reboots.
Also, in certain scenarios, after the MN bootstraps for the first
time (out of the box), the need for subsequent bootstrapping is
implementation dependent. For instance, the MN may bootstrap every
time it boots, bootstrap every time on prefix change, or bootstrap
periodically to anchor to an optimal HA (based on distance, load,
etc.).
<span class="grey">Patel & Giaretta Informational [Page 3]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-4" ></span>
<span class="grey"><a href="./rfc4640">RFC 4640</a> PS Bootstrapping Mobile IPv6 September 2006</span>
<span class="h3"><a class="selflink" id="section-1.3" href="#section-1.3">1.3</a>. Terminology</span>
General mobility terminology can be found in [<a href="./rfc3753" title=""Mobility Related Terminology"">RFC3753</a>]. The
following additional terms are used here:
Trust relationship
In the context of this document, trust relationship means that the
two parties in question, typically the user of the mobile host and
the mobility or access service authorizer, have some sort of prior
contact in which the mobile node was provisioned with credentials.
These credentials allow the mobile node to authenticate itself to
the mobility or access service provider and to prove its
authorization to obtain service.
Infrastructureless relationship
In the context of this document, an infrastructureless
relationship is one in which the user of the mobile node and the
mobility or access service provider have no previous contact and
the mobile node is not required to supply credentials to
authenticate and prove authorization for service. Mobility and/or
network access service is provided without any authentication or
authorization. Infrastructureless in this context does not mean
that there is no network infrastructure, such as would be the case
for an ad hoc network.
Credentials
Data used by a mobile node to authenticate itself to a mobility or
access network service authorizer and to prove authorization to
receive service. User name/passwords, one time password cards,
public/private key pairs with certificates, and biometric
information are some examples.
ASA
Access Service Authorizer. A network operator that authenticates
a mobile node and establishes the mobile node's authorization to
receive Internet service.
ASP
Access Service Provider. A network operator that provides direct
IP packet forwarding to and from the end host.
<span class="grey">Patel & Giaretta Informational [Page 4]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-5" ></span>
<span class="grey"><a href="./rfc4640">RFC 4640</a> PS Bootstrapping Mobile IPv6 September 2006</span>
Serving Network Access Provider
A network operator that is the mobile node's ASP but not its ASA.
The serving network access provider may or may not additionally
provide mobility service.
Home Network Access Provider
A network operator that is both the mobile node's ASP and ASA.
The home network access provider may or may not additionally
provide mobility service (note that this is a slightly different
definition from that in <a href="./rfc3775">RFC 3775</a>).
IASP
Integrated Access Service Provider. A service provider that
provides both authorization for network access and mobility
service.
MSA
Mobility Service Authorizer. A service provider that authorizes
Mobile IPv6 service.
MSP
Mobility Service Provider. A service provider that provides
Mobile IPv6 service. In order to obtain such service, the mobile
node must be authenticated and prove authorization to obtain the
service.
Home Mobility Service Provider
A MSP that both provides mobility service and authorizes it.
Serving Mobility Service Provider
A MSP that provides mobility service but depends on another
service provider to authorize it.
<span class="h2"><a class="selflink" id="section-2" href="#section-2">2</a>. Assumptions</span>
o A basic assumption in Mobile IPv6 [<a href="./rfc3775" title=""Mobility Support in IPv6"">RFC3775</a>] is that there is a
trust relationship between the mobile node and its home agent(s).
This trust relationship can be direct, or indirect through, for
instance, an ASP that has a contract with the MSP. This trust
relationship can be used to bootstrap the MN.
<span class="grey">Patel & Giaretta Informational [Page 5]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-6" ></span>
<span class="grey"><a href="./rfc4640">RFC 4640</a> PS Bootstrapping Mobile IPv6 September 2006</span>
One typical way of verifying the trust relationship is using
authentication, authorization, and accounting (AAA)
infrastructure. In this document, two distinct uses of AAA are
considered:
AAA for Network Access
This functionality provides authentication and authorization to
access the network (obtain address and send/receive packets).
AAA for Mobility Service
This functionality provides authentication and authorization
for mobility services.
These functionalities may be implemented in a single entity or in
different entities, depending on the service models described in
<a href="#section-6">Section 6</a> or deployment scenarios as described in <a href="#section-7">Section 7</a>.
o Some identifier, such as an Network Access Identifier (NAI), as
defined in [<a href="./rfc4283" title=""Mobile Node Identifier Option for Mobile IPv6 (MIPv6)"">RFC4283</a>] or [<a href="./rfc2794" title=""Mobile IP Network Access Identifier Extension for IPv4"">RFC2794</a>], is provisioned on the MN that
permits the MN to identify itself to the ASP and MSP.
<span class="h2"><a class="selflink" id="section-3" href="#section-3">3</a>. Design Goals</span>
A solution to the bootstrapping problem has the following design
goals:
o The following information must be available at the end of
bootstrapping, to enable the MN to register with the HA.
* MN's home agent address
* MN's home address
* IPsec Security Association (SA) between MN and HA, Intenet Key
Exchange Protocol (IKE) pre-shared secret between MN and HA
o The bootstrapping procedure can be triggered at any time, either
by the MN or by the network. Bootstrapping can occur, for
instance, due to administrative action, information going stale,
or HA indicating the MN. Bootstrapping may be initiated even when
the MN is registered with the HA and has all the required
credentials. This may typically happen to refresh/renew the
credentials.
<span class="grey">Patel & Giaretta Informational [Page 6]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-7" ></span>
<span class="grey"><a href="./rfc4640">RFC 4640</a> PS Bootstrapping Mobile IPv6 September 2006</span>
o Subsequent protocol interaction (for example, updating the IPsec
SA) can be executed between the MN and the HA itself without
involving the infrastructure that was used during bootstrapping.
o Solutions to the bootstrapping problem should enable storage of
user-specific information on entities other than the home agent.
o Solutions to the bootstrapping problem should not exclude storage
of user-specific information on entities other than the home
agent.
o Configuration information which is exchanged between the mobile
node and the home agent must be secured using integrity and replay
protection. Confidentiality protection should be provided if
necessary.
o The solution should be applicable to all feasible deployment
scenarios that can be envisaged, along with the relevant
authentication/authorization models.
<span class="h2"><a class="selflink" id="section-4" href="#section-4">4</a>. Non-goals</span>
This following issues are clearly outside the scope of bootstrapping:
o Home prefix renumbering is not explicitly supported as part of
bootstrapping. If the MN executes the bootstrap procedures every
time it powers on (as opposed to caching state information from
previous bootstrap process), then home network renumbering is
taken care of automatically.
o Bootstrapping in the absence of a trust relationship between MN
and any provider is not considered.
<span class="h2"><a class="selflink" id="section-5" href="#section-5">5</a>. Motivation for bootstrapping</span>
<span class="h3"><a class="selflink" id="section-5.1" href="#section-5.1">5.1</a>. Addressing</span>
The default bootstrapping described in the Mobile IPv6 base
specification [<a href="./rfc3775" title=""Mobility Support in IPv6"">RFC3775</a>] has a tight binding to the home addresses and
home agent addresses.
In this section, we discuss the problems caused by the currently
tight binding to home addresses and home agent addresses.
<span class="h4"><a class="selflink" id="section-5.1.1" href="#section-5.1.1">5.1.1</a>. Dynamic Home Address Assignment</span>
Currently, the home agent uses the mobile node's home address for
authorization. When manual keying is used, this happens through the
<span class="grey">Patel & Giaretta Informational [Page 7]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-8" ></span>
<span class="grey"><a href="./rfc4640">RFC 4640</a> PS Bootstrapping Mobile IPv6 September 2006</span>
security policy database, which specifies that a certain security
association may only be used for a specific home address. When
dynamic keying is used, the home agent ensures that the IKE Phase 1
identity is authorized to request security associations for the given
home address. Mobile IPv6 uses IKEv1, which is unable to update the
security policy database according to a dynamically assigned home
address. As a result, static home address assignment is really the
only home address configuration technique compatible with the base
specification.
However, support for dynamic home address assignment would be
desirable for the following reasons:
Dynamic Host Configuration Protocol (DHCP)-based address assignment.
Some providers may want to use DHCPv6 or other dynamic address
assignment (e.g., IKEv2) from the home network to configure home
addresses.
Recovery from a duplicate address collision. It may be necessary to
recover from a collision of addresses on the home network by one of
the mobile nodes changing its home address.
Addressing privacy. It may be desirable to establish randomly
generated addresses as in [<a href="./rfc3041" title=""Privacy Extensions for Stateless Address Autoconfiguration in IPv6"">RFC3041</a>] and use them for a short period
of time. Unfortunately, current protocols make it possible to use
such addresses only from the visited network. As a result, these
addresses cannot be used for communications lasting longer than the
attachment to a particular visited network.
Ease of deployment. In order to simplify the deployment of Mobile
IPv6, it is desirable to free users and administrators from the task
of allocating home addresses and specifying them in the security
policy database. This is consistent with the general IPv6 design
goal of using autoconfiguration wherever possible.
Prefix changes in the home network. The Mobile IPv6 specification
contains support for a mobile node to autoconfigure a home address as
based on its discovery of prefix information on the home subnet
[<a href="./rfc3775" title=""Mobility Support in IPv6"">RFC3775</a>]. Autoconfiguration in case of network renumbering is done
by replacing the existing network prefix with the new network prefix.
Subsequently, the MN needs to update the mobility binding in the HA
to register the newly configured Home Address. However, the MN may
not be able to register the newly configured address with the HA if a
security association related to that reconfigured Home Address does
not exist in the MN and the HA. This situation is not handled in the
current MIPv6 specification [<a href="./rfc3775" title=""Mobility Support in IPv6"">RFC3775</a>].
<span class="grey">Patel & Giaretta Informational [Page 8]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-9" ></span>
<span class="grey"><a href="./rfc4640">RFC 4640</a> PS Bootstrapping Mobile IPv6 September 2006</span>
<span class="h4"><a class="selflink" id="section-5.1.2" href="#section-5.1.2">5.1.2</a>. Dynamic Home Agent Assignment</span>
Currently, the address of the home agent is specified in the security
policy database. Support for multiple home agents requires the
configuration of multiple security policy database entries.
However, support for dynamic home agent assignment would be desirable
for the following reasons:
Home agent discovery. The Mobile IPv6 specification contains support
for a mobile node to autoconfigure a home agent address as based on a
discovery protocol [<a href="./rfc3775" title=""Mobility Support in IPv6"">RFC3775</a>].
Independent network management. An MSP may want to assign home
agents dynamically in different subnets; for instance, not require
that a roaming mobile node have a fixed home subnet.
Local home agents. The mobile node's MSP may want to allow the
serving MSP to assign a local home agent for the mobile node. This
is useful from the point of view of communications efficiency and has
also been mentioned as one approach to support location privacy.
Ease of deployment. In order to simplify the deployment of Mobile
IPv6, it is desirable to free users and administrators from the task
of allocating home agent addresses in a static manner. Moreover, an
MSP may want to have a dynamic home agent assignment mechanism to
load balance users among home agents located on different links.
<span class="h4"><a class="selflink" id="section-5.1.3" href="#section-5.1.3">5.1.3</a>. "Opportunistic" or "Local" Discovery</span>
The home agent discovery protocol does not support an "opportunistic"
or local discovery mechanisms in an ASP's local access network. It
is expected that the mobile node must know the prefix of the home
subnet in order to be able to discover a home agent. It must either
obtain that information through prefix update or have it statically
configured. A more typical pattern for inter-domain service
discovery in the Internet is that the client (mobile node in this
case) knows the domain name of the service and uses DNS to find the
server in the visited domain. For local service discovery, DHCP is
typically used.
<span class="h4"><a class="selflink" id="section-5.1.4" href="#section-5.1.4">5.1.4</a>. Management Requirements</span>
As described earlier, new addresses invalidate configured security
policy databases and authorization tables. Regardless of the
specific protocols used, there is a need for either an automatic
system for updating the security policy entries or manual
configuration. These requirements apply to both home agents and
<span class="grey">Patel & Giaretta Informational [Page 9]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-10" ></span>
<span class="grey"><a href="./rfc4640">RFC 4640</a> PS Bootstrapping Mobile IPv6 September 2006</span>
mobile nodes, but it cannot be expected that mobile node users are
capable of performing the required tasks.
<span class="h3"><a class="selflink" id="section-5.2" href="#section-5.2">5.2</a>. Security Infrastructure</span>
<span class="h4"><a class="selflink" id="section-5.2.1" href="#section-5.2.1">5.2.1</a>. Integration with AAA Infrastructure</span>
The current IKEv1-based dynamic key exchange protocol, described in
[<a href="./rfc3776" title=""IAB and IESG Selection, Confirmation, and Recall Process: Operation of the Nominating and Recall Committees"">RFC3776</a>], has no integration with backend authentication,
authorization, and accounting techniques unless the authentication
credentials and trust relationships use certificates or pre-shared
secrets.
Certificates are not easily supported by traditional AAA
infrastructures. Where a traditional AAA infrastructure is used, the
home agent is not able to leverage authentication and authorization
information established between the mobile node, the foreign AAA
server, and the home AAA server. This would be desirable when the
mobile node gains access to the foreign network, in order to
authenticate the mobile node's identity and determine whether the
mobile node is authorized for mobility service.
The lack of connection to the AAA infrastructure also means that the
home agent does not know where to send accounting records at
appropriate times during the mobile node's session, as determined by
the business relationship between the MSP and the mobile node's
owner.
Presumably, some backend AAA protocol between the home agent and home
AAA could be utilized, but IKEv1 does not contain support for
exchanging full AAA credentials with the mobile node. It is
worthwhile to note that IKEv2 provides this feature.
<span class="h3"><a class="selflink" id="section-5.3" href="#section-5.3">5.3</a>. Topology Change</span>
<span class="h4"><a class="selflink" id="section-5.3.1" href="#section-5.3.1">5.3.1</a>. Dormant Mode Mobile Nodes</span>
The description of the protocol to push prefix information to mobile
nodes in <a href="./rfc3775#section-10.6">Section 10.6 of [RFC3775]</a> has an implicit assumption that
the mobile node is active and taking IP traffic. In fact, many, if
not most, mobile devices will be in a low power "dormant mode" to
save battery power, or will even be switched off, so they will miss
any propagation of prefix information. As a practical matter, if
this protocol is used, an MSP will need to keep the old prefix around
and handle any queries to the old home agent anycast address on the
old subnet, whereby the mobile node asks for a new home agent as
described in <a href="#section-11.4">Section 11.4</a>, until all mobile nodes are accounted for.
Even then, since some mobile nodes are likely to be turned off for
<span class="grey">Patel & Giaretta Informational [Page 10]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-11" ></span>
<span class="grey"><a href="./rfc4640">RFC 4640</a> PS Bootstrapping Mobile IPv6 September 2006</span>
long periods, some owners would need to be contacted by other means,
reducing the utility of the protocol.
Bootstrapping does not explicitly try to solve this problem of home
network renumbering when MN is in dormant mode. If the MN can
configure itself after it 'comes back on' by reinitiating the
bootstrapping process, then network renumbering problem is fixed as a
side effect.
<span class="h2"><a class="selflink" id="section-6" href="#section-6">6</a>. Network Access and Mobility Services</span>
This section defines some terms as they pertain to authentication and
practical network deployment/roaming scenarios. This description
lays the groundwork for <a href="#section-7">Section 7</a>. The focus is on the 'service'
model since, ultimately, it is the provider providing the service
that wants to authenticate the mobile (and vice versa for mutual
authentication between provider and the user of the service).
Network access service enables a host to send and receive IP packets
on the Internet or an intranet. IP address configuration and IP
packet forwarding capabilities are required to deliver this service.
A network operator providing this service is called an access service
provider (ASP). An ASP can, for example, be a commercial ASP, the IT
department of an enterprise network, or the maintainer of a home
(residential) network.
If the mobile node is not directly usable for communication at the
current location of the MN in which network access service is
provided by its home ASP, the mobile node is roaming. In this case,
the home ASP acts as the access service authorizer, but the actual
network access is provided by the serving network access provider.
During the authentication and authorization prior to the mobile nodes
having Internet access, the serving network access provider may
simply act as a routing agent for authentication and authorization
back to the access service authorizer, or it may require an
additional authentication and authorization step itself. An example
of a roaming situation is when a business person is using a hotspot
service in an airport and the hotspot service provider has a roaming
agreement with the business person's cellular provider. In that
case, the hotspot network is acting as the serving network access
provider, and the cellular network is acting as the access service
authorizer. When the business person moves from the hotspot network
to the cellular network, the cellular network is both the home access
service provider and the access service authorizer.
Mobility service using Mobile IPv6 is conceptually and possibly also
in practice separate from network access service, though of course
network access is required prior to providing mobility. Mobile IPv6
<span class="grey">Patel & Giaretta Informational [Page 11]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-12" ></span>
<span class="grey"><a href="./rfc4640">RFC 4640</a> PS Bootstrapping Mobile IPv6 September 2006</span>
service enables an IPv6 host to maintain its reachability despite
changing its network attachment point (subnets). A network operator
providing Mobile IPv6 service is called a mobility service provider
(MSP). Granting Mobile IPv6 service requires that a host
authenticate and prove authorization for the service. A network
operator that authenticates a mobile node and authorizes mobility
service is called a mobility service authorizer (MSA). If both types
of operation are performed by the same operator, that operator is
called a home mobility service provider. If authentication and
authorization is provided by one operator and the actual service is
provided by another, the operator providing the service is called the
serving mobility service provider. The serving MSP must contact the
mobile node's mobility service authorizer to check the mobile node's
authorization prior to granting mobility service.
The service model defined here clearly separates the entity providing
the service from the entity that authenticates and authorizes the
service. In the case of basic network access, this supports the
traditional and well-known roaming model, in which inter-operator
roaming agreements allow a host to obtain network access in areas
where their home network access provider does not have coverage. In
the case of mobility service, this allows a roaming mobile node to
obtain mobility service in the local operator's network while having
that service authorized by the home operator. The service model also
allows mobility service and network access service to be provided by
different entities. This allows a network operator with no wireless
access, such as, for example, an enterprise network operator, to
deploy a Mobile IPv6 home agent for mobility service while the actual
wireless network access is provided by the serving network access
providers with which the enterprise operator has a contract. Here
are some other possible combinations of ASPs and MSPs:
o The serving ASP might be the home ASP. Similarly, the serving MSP
might be the home MSP.
o The home ASP and the home MSP may be the same operator, or not.
When they are the same, the same set of credentials may be used
for both services.
o The serving ASP and the serving MSP may be the same operator, or
not.
o It is possible that serving ASP and home MSP are the same
operator.
Similarly the home ASP and serving MSP may be the same. Also, the
ASA and MSA may be the same.
<span class="grey">Patel & Giaretta Informational [Page 12]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-13" ></span>
<span class="grey"><a href="./rfc4640">RFC 4640</a> PS Bootstrapping Mobile IPv6 September 2006</span>
These entities and all combinations that are reasonable from a
deployment perspective must be taken into consideration to solve the
Mobile IPv6 bootstrapping problem. They impact home agent discovery,
home address configuration, and mobile node-to-home agent
authentication aspects.
<span class="h2"><a class="selflink" id="section-7" href="#section-7">7</a>. Deployment Scenarios</span>
This section describes the various network deployment scenarios. The
various combinations of service providers described in <a href="#section-6">Section 6</a> are
considered.
For each scenario, the underlying assumptions are described. The
basic assumption is that there is a trust relationship between mobile
user and the MSA. Typically, this trust relationship is between the
mobile user and AAA in the MSA's network. Seed information needed to
bootstrap the mobile node is considered in two cases:
o AAA authentication is mandatory for network access.
o AAA authentication is not part of network access.
The seed information is described further in <a href="#section-8">Section 8</a>.
<span class="h3"><a class="selflink" id="section-7.1" href="#section-7.1">7.1</a>. Mobility Service Subscription Scenario</span>
Many commercial deployments are based on the assumption that mobile
nodes have a subscription with a service provider. In this scenario
the MN has a subscription with an MSA, also called the home MSP, for
Mobile IPv6 service. As stated in <a href="#section-6">Section 6</a>, the MSP is responsible
for setting up a home agent on a subnet that acts as a Mobile IPv6
home link. As a consequence, the home MSP should explicitly
authorize and control the whole bootstrapping procedure.
Since the MN is assumed to have a pre-established trust relationship
with its home provider, it must be configured with an identity and
credentials; for instance, an NAI and a shared secret by some out-
of-band means (i.e., manual configuration) before bootstrapping.
In order to guarantee ubiquitous service, the MN should be able to
bootstrap MIPv6 operations with its home MSP from any possible access
location, such as an open network or a network managed by an ASP,
that may be different from the MSP and that may not have any pre-
established trust relationship with it.
<span class="grey">Patel & Giaretta Informational [Page 13]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-14" ></span>
<span class="grey"><a href="./rfc4640">RFC 4640</a> PS Bootstrapping Mobile IPv6 September 2006</span>
<span class="h3"><a class="selflink" id="section-7.2" href="#section-7.2">7.2</a>. Integrated ASP Network Scenario</span>
In this scenario, the ASA and MSA are the same entity. The MN has
security credentials for access to the network, and these credentials
can also be used to bootstrap MIPv6.
Figure 1 describes an AAA design example for integrated ASP scenario.
+----------------------------+
| IASP(ASA+MSA) |
+----+ +-----+ +----+ |
| MN |--- | NAS | | HA | |
+----+ +-----+ +----+ |
| \ \ |
| \ +------+ \ +-------+ |
| -|AAA-NA| -|AAA-MIP| |
| +------+ +-------+ |
+----------------------------+
NAS: Network Access Server
AAA-NA: AAA for network access
AAA-MIP: AAA for Mobile IP service
Figure 1. Integrated ASP network
<span class="h3"><a class="selflink" id="section-7.3" href="#section-7.3">7.3</a>. Third-Party MSP Scenario</span>
Mobility service has traditionally been provided by the same entity
that authenticates and authorizes the subscriber for network access.
This is certainly the only model supported by the base Mobile IPv6
specification.
In the third-party mobility service provider scenario, the
subscription for mobility service is made with one entity (the MSA,
is for instance, a corporate), but the actual mobility service is
provided by yet another entity (such as an operator specializing in
this service, the serving MSP). These two entities have a trust
relationship. Transitive trust among the mobile node and these two
entities may be used to assure the participants that they are dealing
with trustworthy peers.
This arrangement is similar to the visited - home operator roaming
arrangement for network access.
<span class="grey">Patel & Giaretta Informational [Page 14]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-15" ></span>
<span class="grey"><a href="./rfc4640">RFC 4640</a> PS Bootstrapping Mobile IPv6 September 2006</span>
Figure 2 describes an example of a network for the third-party MSP
scenario.
+--------------+ +--------+
| | |Serving |
| ASP | | MSP |
+----+ +-----+ | | +----+ |
| MN |--- | NAS | | | | HA | | +-------------------+
+----+ +-----+ |===| +----+ | | MSA |
| \ | | \ || (e.g., corporate NW)|
| \ +------+ | | \ | +-------+ |
| -|AAA-NA| | | -------|AAA-MIP| |
| +------+ | | | | +-------+ |
+------------ + +--------+ +-------------------+
Figure 2. Third-Party MSP network
<span class="h3"><a class="selflink" id="section-7.4" href="#section-7.4">7.4</a>. Infrastructure-less Scenario</span>
Infrastructure refers to network entities like AAA, Public-Key
Infrastructure (PKI), and Home Location Register (HLR).
"Infrastructure-less" implies that there is no dependency on any
elements in the network with which the user has any form of trust
relationship.
In such a scenario, there is absolutely no relationship between host
and infrastructure.
A good example of infrastructure-less environment for MIPv6
bootstrapping is the IETF network at IETF meetings. It is possible
that there could be MIP6 service available on this network (i.e., a
MIPv6 HA). However, there is not really any AAA infrastructure or,
for that matter, any trust relationship that a user attending the
meeting has with any entity in the network.
This specific scenario is not supported in this document. The reason
for this is described in <a href="#section-9">Section 9</a>.
<span class="h2"><a class="selflink" id="section-8" href="#section-8">8</a>. Parameters for Authentication</span>
The following is a list of parameters that are used as the seed for
the bootstrapping procedure. The parameters vary depending on
whether authentication for network access is independent of
authentication for mobility services. If different client identities
are used for network access and mobility services, authentication for
network access is independent of authentication for mobility
services.
<span class="grey">Patel & Giaretta Informational [Page 15]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-16" ></span>
<span class="grey"><a href="./rfc4640">RFC 4640</a> PS Bootstrapping Mobile IPv6 September 2006</span>
o Parameter Set 1
In this case, authentication for network access is independent of
authentication for mobility services.
If the home agent address is not known to the mobile node, the
following parameter is needed for discovering the home agent
address:
* The domain name or Fully Qualified Domain Name (FQDN) of the
home agent
This parameter may be derived in various ways, such as (but not
limited to) static configuration, use of the domain name from the
network access NAI (even if AAA for network access is not
otherwise used), or use of the domain name of the serving ASP,
where the domain name may be obtained via DHCP in the serving ASP.
If the home agent address is not known but the home subnet prefix
is known, Dynamic Home Agent Address Discovery of Mobile IPv6 may
be used for discovering the home agent address, and the above
parameter may not be used.
When the home agent address is known to the mobile node, the
following parameter is needed for performing mutual authentication
between the mobile node and the home agent by using IKE:
* IKE credentials (*)
In the case where the home agent does not have the entire set of
IKE credentials, the home agent may communicate with another
entity (for example, an AAA server) to perform mutual
authentication in IKE. In such a case, the IKE credentials
include the credentials used between the mobile node and the other
entity. In the case where an AAA protocol is used for the
communication between the home agent and the other entity during
the IKE procedure, AAA for Mobile IPv6 service may be involved in
IKE. If the authentication protocol [<a href="./rfc4285" title=""Authentication Protocol for Mobile IPv6"">RFC4285</a>] is used, the shared
key-based security association with the home agent is needed.
o Parameter Set 2
In this case, some dependency exists between authentication for
network access and authentication for mobility services in that a
security association that is established as a result of
authentication for network access is re-used for authentication
for mobility services.
<span class="grey">Patel & Giaretta Informational [Page 16]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-17" ></span>
<span class="grey"><a href="./rfc4640">RFC 4640</a> PS Bootstrapping Mobile IPv6 September 2006</span>
All required information, including IKE credentials, is
bootstrapped from the following parameter:
* Network access credentials(*)
(*) A pair of an NAI and a pre-shared secret is an example of a set
of credentials. A pair of an NAI and a public key, which may be
provided as a digital certificate, is another example of a set of
credentials.
<span class="h2"><a class="selflink" id="section-9" href="#section-9">9</a>. Security Considerations</span>
There are two aspects of security for the Mobile IPv6 bootstrapping
problem:
1. The security requirements imposed on the outcome of the
bootstrapping process by <a href="./rfc3775">RFC 3775</a> and other RFCs used by Mobile
IPv6 for security.
2. The security of the bootstrapping process itself, in the sense of
threats to the bootstrapping process imposed by active or passive
attackers.
Note that the two are related; if the bootstrapping process is
compromised, the level of security required by <a href="./rfc3775">RFC 3775</a> may not be
achieved.
The following two sections discuss these issues.
<span class="h3"><a class="selflink" id="section-9.1" href="#section-9.1">9.1</a>. Security Requirements of Mobile IPv6</span>
The Mobile IPv6 specification in <a href="./rfc3775">RFC 3775</a> requires the establishment
of a collection of IPsec SAs between the home agent and mobile node
to secure the signaling traffic for Mobile IP, and, optionally, also
to secure data traffic. The security of an IPsec SA required by the
relevant IPsec RFCs must be quite strong. Provisioning of keys and
other cryptographic material during the establishment of the SA
through bootstrapping must be done in a manner such that authenticity
is proved and confidentiality is ensured. In addition, the
generation of any keying material or other cryptographic material for
the SA must be done in a way such that the probability of compromise
after the SA is in place is minimized. The best way to minimize the
probability of such a compromise is to have the cryptographic
material only known or calculable by the two end nodes that share the
SA -- in this case, the home agent and mobile node. If other parties
are involved in establishing the SA (through key distribution, for
example) the process should follow the constraints designed to
provide equivalent security.
<span class="grey">Patel & Giaretta Informational [Page 17]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-18" ></span>
<span class="grey"><a href="./rfc4640">RFC 4640</a> PS Bootstrapping Mobile IPv6 September 2006</span>
<a href="./rfc3775">RFC 3775</a> also requires a trust relationship, as defined in <a href="#section-1.3">Section</a>
<a href="#section-1.3">1.3</a>, between the mobile node and its home agent(s). This is
necessary, for instance, to ensure that fraudulent mobile nodes that
attempt to flood other mobile nodes with traffic be not only shut off
but tracked down. An infrastructureless relationship as defined in
<a href="#section-1.3">Section 1.3</a> does not satisfy this requirement. Any bootstrapping
solution must include a trust relationship between mobile node and
mobility service provider. Solutions that depend on an
infrastructureless relationship are out of scope for bootstrapping.
Another requirement is that a home address be authorized to one
specific host at a time. <a href="./rfc3775">RFC 3775</a> requires this so that misbehaving
mobile nodes can be shut down. This implies that, in addition to the
IPsec SA, the home agent must somehow authorize the mobile node for a
home address. The authorization can be either implicit (for example,
as a side effect of the authentication for mobility service) or
explicit. The authorization can either be done at the time the SA is
created or be dynamically managed through a first come, first served
allocation policy.
<span class="h3"><a class="selflink" id="section-9.2" href="#section-9.2">9.2</a>. Threats to the Bootstrapping Process</span>
Various attacks are possible on the bootstrapping process itself.
These attacks can compromise the process such that the <a href="./rfc3775">RFC 3775</a>
requirements for Mobile IP security are not met, or they can serve
simply to disrupt the process such that bootstrapping cannot be
completed. Here are some possible attacks:
o An attacking network entity purporting to offer the mobile node a
legitimate home agent address or bootstrapping for the IPsec SAs
may instead offer a bogus home agent address or configure bogus
SAs that allow the home agent to steal the mobile node's traffic
or otherwise disrupt the mobile node's mobility service.
o An attacking mobile node may attempt to steal mobility service by
offering up fake credentials to a bootstrapping network entity or
otherwise disrupting the home agent's ability to offer mobility
service.
o A man in the middle on the link between the mobile node and the
bootstrapping network entity could steal credentials or other
sensitive information and use that to steal mobility service or
deny it to the legitimate owner of the credentials. Refer to
<a href="./rfc3748#section-7.15">Section 7.15 in [RFC3748]</a> and [<a href="#ref-AAA-EAP-LLA" title=""EAP lower layer attributes for AAA protocols"">AAA-EAP-LLA</a>] for further
information.
<span class="grey">Patel & Giaretta Informational [Page 18]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-19" ></span>
<span class="grey"><a href="./rfc4640">RFC 4640</a> PS Bootstrapping Mobile IPv6 September 2006</span>
o An attacker could arrange for a distributed denial-of-service
attack on the bootstrapping entity, to disrupt legitimate users
from bootstrapping.
In addition to these attacks, there are other considerations that are
important in achieving a good security design. As mobility and
network access authentication are separate services, keys generated
for these services need to be cryptographically separate, to be
separately named, and to have separate lifetimes. This needs to be
achieved even though the keys are generated from the same
authentication credentials. This is necessary because a mobile node
must be able to move from one serving (or roaming) network access
provider to another without needing to change its mobility access
provider. Finally, basic cryptographic processes must provide for
multiple algorithms in order to accommodate the widely varying
deployment needs; the need for replacement of algorithms when attacks
become possible must also be considered in the design.
<span class="h2"><a class="selflink" id="section-10" href="#section-10">10</a>. Contributors</span>
This contribution is a joint effort of the problem statement design
team of the Mobile IPv6 WG. The contributors include Basavaraj
Patil, Gerardo Giaretta, Jari Arkko, James Kempf, Yoshihiro Ohba,
Ryuji Wakikawa, Hiroyuki Ohnishi, Mayumi Yanagiya Samita Chakrabarti,
Gopal Dommety, Kent Leung, Alper Yegin, Hannes Tschofenig, Vijay
Devarapalli, and Kuntal Chowdury.
The design team members can be reached at the following email
addresses:
Basavaraj Patil: basavaraj.patil@nokia.com
Gerardo Giaretta: gerardo.giaretta@telecomitalia.it
Jari Arkko: jari.arkko@kolumbus.fi
James Kempf: kempf@docomolabs-usa.com
Yoshihiro Ohba: yohba@tari.toshiba.com
Ryuji Wakikawa: ryuji@sfc.wide.ad.jp
Hiroyuki Ohnishi: ohnishi.hiroyuki@lab.ntt.co.jp
Mayumi Yanagiya: yanagiya.mayumi@lab.ntt.co.jp
Samita Chakrabarti: Samita.Chakrabarti@eng.sun.com
<span class="grey">Patel & Giaretta Informational [Page 19]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-20" ></span>
<span class="grey"><a href="./rfc4640">RFC 4640</a> PS Bootstrapping Mobile IPv6 September 2006</span>
Gopal Dommety: gdommety@cisco.com
Kent Leung: kleung@cisco.com
Alper Yegin: alper.yegin@samsung.com
Hannes Tschofenig: hannes.tschofenig@siemens.com
Vijay Devarapalli: vijayd@iprg.nokia.com
Kuntal Chowdhury: kchowdhury@starentnetworks.com
<span class="h2"><a class="selflink" id="section-11" href="#section-11">11</a>. Acknowledgements</span>
Special thanks to James Kempf and Jari Arkko for writing the initial
version of the bootstrapping statement. Thanks to John Loughney and
T.J. Kniveton for their detailed reviews.
<span class="h2"><a class="selflink" id="section-12" href="#section-12">12</a>. Informative References</span>
[<a id="ref-RFC3748">RFC3748</a>] Aboba, B., Blunk, L., Vollbrecht, J., Carlson, J., and
H. Levkowetz, "Extensible Authentication Protocol
(EAP)", <a href="./rfc3748">RFC 3748</a>, June 2004.
[<a id="ref-AAA-EAP-LLA">AAA-EAP-LLA</a>] Mariblanca, D., "EAP lower layer attributes for AAA
protocols", Work in Progress, May 2004.
[<a id="ref-RFC2794">RFC2794</a>] Calhoun, P. and C. Perkins, "Mobile IP Network Access
Identifier Extension for IPv4", <a href="./rfc2794">RFC 2794</a>, March 2000.
[<a id="ref-RFC3041">RFC3041</a>] Narten, T. and R. Draves, "Privacy Extensions for
Stateless Address Autoconfiguration in IPv6", <a href="./rfc3041">RFC 3041</a>,
January 2001.
[<a id="ref-RFC3753">RFC3753</a>] Manner, J. and M. Kojo, "Mobility Related Terminology",
<a href="./rfc3753">RFC 3753</a>, June 2004.
[<a id="ref-RFC3775">RFC3775</a>] Johnson, D., Perkins, C., and J. Arkko, "Mobility
Support in IPv6", <a href="./rfc3775">RFC 3775</a>, June 2004.
[<a id="ref-RFC3776">RFC3776</a>] Galvin, J., "IAB and IESG Selection, Confirmation, and
Recall Process: Operation of the Nominating and Recall
Committees", <a href="https://www.rfc-editor.org/bcp/bcp10">BCP 10</a>, <a href="./rfc3777">RFC 3777</a>, June 2004.
[<a id="ref-RFC4283">RFC4283</a>] Patel, A., Leung, K., Khalil, M., Akhtar, H., and K.
Chowdhury, "Mobile Node Identifier Option for Mobile
IPv6 (MIPv6)", <a href="./rfc4283">RFC 4283</a>, November 2005.
<span class="grey">Patel & Giaretta Informational [Page 20]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-21" ></span>
<span class="grey"><a href="./rfc4640">RFC 4640</a> PS Bootstrapping Mobile IPv6 September 2006</span>
[<a id="ref-RFC4285">RFC4285</a>] Patel, A., Leung, K., Khalil, M., Akhtar, H., and K.
Chowdhury, "Authentication Protocol for Mobile IPv6",
<a href="./rfc4285">RFC 4285</a>, January 2006.
Authors' Addresses
Alpesh Patel
Cisco
170 W. Tasman Drive
San Jose, CA 95134
USA
Phone: +1 408 853 9580
EMail: alpesh@cisco.com
Gerardo Giaretta
Telecom Italia
via Reiss Romoli 274
Torino 10148
Italy
Phone: +39 011 228 6904
EMail: gerardo.giaretta@telecomitalia.it
<span class="grey">Patel & Giaretta Informational [Page 21]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-22" ></span>
<span class="grey"><a href="./rfc4640">RFC 4640</a> PS Bootstrapping Mobile IPv6 September 2006</span>
Full Copyright Statement
Copyright (C) The Internet Society (2006).
This document is subject to the rights, licenses and restrictions
contained in <a href="https://www.rfc-editor.org/bcp/bcp78">BCP 78</a>, and except as set forth therein, the authors
retain all their rights.
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Intellectual Property
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in <a href="https://www.rfc-editor.org/bcp/bcp78">BCP 78</a> and <a href="https://www.rfc-editor.org/bcp/bcp79">BCP 79</a>.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
<a href="http://www.ietf.org/ipr">http://www.ietf.org/ipr</a>.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at
ietf-ipr@ietf.org.
Acknowledgement
Funding for the RFC Editor function is provided by the IETF
Administrative Support Activity (IASA).
Patel & Giaretta Informational [Page 22]
</pre>
|
