Editor's Note:  These minutes have not been edited.



                 38th IETF Meeting Minutes (Memphis)
                       Reported by Frank Ciotti
                       (edited by Jim Solomon)

I) Mobile IPv4 -- 4/7/97 0930

 1. Dave Johnson reminded everyone about MobiCom '97
    Sept 26-30  Budapest, Hungary

 2. Jim Solomon -- PPP IPCP Mobile IP Option draft
    <draft-ietf-pppext-ipcp-mip-00.txt> 

     Main benefits:
       1. allows FA's to be deployed which have no means for assigning
          unique addresses to MNs.
       2. Less wasteful of IP addr space - no unique IP addr
          assignment to MN unless one is required.

     Issues:
      - Co-located COA assignment mechanism might be redundant with
        the IP-Address option semantics.  Jim and Steve to
        investigate whether the IP-Address option can be used instead.
    
     Jim to present to PPPEXT working group and to move the draft
     forward.
    
 3. Jim Solomon on behalf of Gabriel Montenegro -- Reverse Tunneling
    draft <draft-ietf-mobileip-tunnel-reverse-01.txt>

    Issues:
      - MN *MUST* use FA as ONLY rtr, not simply default router.
      - Major security hole with reverse tunneling: Bad Guy can
        conspire to get an FA to reverse tunnel the packets generated
        by a Good Guy to a bogus location [possibly causing a routing
        loop -- ed.]  Gabriel to address security concerns before this
        document moves forward.
      - Things to clarify in the draft:
        + Why use 16 bits for a 1-bit field in the Delivery Style
          Extension?  Why not just use a "boolean" extension?
        + Should the Registration Reply contain a list of the types of
          encapsulation supported (IPIP vs MIN vs GRE)?
        + If the MN is a router and is forwarding pkts, the MN should
          encapsulate the datagrams itself before sending them to the FA.
        + The draft states that the HA should only accept reverse
          tunneled packets from the MN's COA.  This is incompatible
          with generic IP in IP encapsulation (e.g., tunnels unrelated
          to mobility) and provides no security since the COA can be
          spoofed anyway.

    Chairs expressed concern that, despite numerous requests, these
    issues had not been brought up on the mailing list before the
    meeting.
    
 4. Vipul Gupta -- Firewall Traversal draft
    <draft-ietf-mobileip-firewall-trav-00.txt> 
    
    Goals: Enable use of Mobile IP in the presence of multiple IPSEC
           firewalls & private addresses.
    
    Issues:
      - MTU can go to zero if there are large numbers of firewalls but
        usually there will only be one or two.
      - In future, all ESP transforms will have authentication too.
      - We should keep the requirement that the FW is not necessarily
        the HA and vice-versa.        
      - IPv6 provides site-local addresses which perpetuates the
        "private address" problem.  We should not drop "private
        addresses" as a requirement.
      - MIP is really first "consumer" of IPSEC services and IPSEC
        doesn't really address policy concerns which is why all of
        these issues are coming up.
      - The AFT working group is wrestling with internal nodes getting
        out through the firewall -- not external (authorized) nodes
        getting inside the firewall.

    Open Issues:
      - how does MN discover all firewalls?
      - how does MN detect that it is "inside" versus "outside" the
        firewalls. 
    
    CONCLUSION: we need to continue this exercise to see what develops
    in terms of requirements, particularly with regard to policy, for
    MNs, HAs, and firewalls.  Whether the MOBILEIP working group goes
    beyond this, by specifying packet formats and message sequences,
    is unclear.  This latter activity might be performed by the IPSEC
    group.  The chairs have requested help from the Security Area to
    assist in the firewall-traversal effort.

 5. Steve Glass -- FTP Software Interoperability Testathon Results

     - 18 attendees
     - 10 implementations (6 corporations, 4 universities)
     - 4 days of testing (lost 1 day due to Winter storm)
     - 14 HA's, 13 FA's, 10 MN's
     - co-located COAs obtained by manual configuration
     - 'R' bit tested with co-located MNs
     - reverse tunneling demonstrated
     - Jim Solomon and Frank Kastenholz put together a list of issues
       and will post them to the mailing list.
     - Steve Glass will post more detailed results to the mailing
       list.

    To get to draft standard we need:    
     - Significant campus type deployment experience (at least "a
       few" campuses with "many" people actually using MIP).
     - Traversal over public network required.

II) Mobile IPv6 -- 4/8/97 1300

 Dave Johnson -- Mobility Support in IPv6
 <draft-ietf-mobileip-ipv6-02.txt>

 Issues:

 1. Dynamic HA address discovery
    - no directed broadcasts in IPv6;
    - IPng wg does not like the multicast-in-anycast tunnel
      discussed in San Jose because of denial-of-service attack;
    - IPng wg prefers a change which requires *all* IPv6 routers
      to recognize a "HA Discovery Anycast Packet" and emit it
      as an all-nodes multicast on home link.
    - authentication isn't an issue cuz all HAs *reject* this
      anyway which, by definition, means they don't modify
      behavior as a result.
    - Is this an ICMP?  Destination Option?  UDP?  Other?
      + Use of ICMP for HA Discover packet would make it easy for
        routers to process since they must already implement
        support for ICMP.

 2. How will a MN find an HA on its home network if its home
    network is renumbered while it is away?  The general consensus
    here was that this was an administrative issue since the Home
    Address configured in the MN itself will also need to be
    modified at the time the Home Network is renumbered.

 3. Replay protection for Binding Updates

    - We cannot use replay protection provided by IPSEC because
      Binding Updates *must* be applied *only* in order.
    - Choices:
      a. Do our own replay protection.
      b. Convince IPSEC wg to modify their replay protection 
         to allow us to select an in-order option.
      c. Use IPSEC replay prot *and* our own sequence number.
      The best choice seems to be #3
       + Lets IPSEC worry about re-keying before wrap around.
       + Lets us worry only about sequencing.
       + Similar to TCP seq # when using IPSEC replay protection.
      Most people agreed with this choice.

 4. Multiple Routers on the Foreign Network

    Issues:
     - MN can really only do neighbor unreachability detection with
       its default router

    Solutions:
     - Route packet to specific router:
       + Use a routing header to first go to the correct rtr, then to
         the COA.
       + somewhat reintroduces the concept of FAs.
     - Fix the problem outside of Mobile IP:
       + This is a wireless problem, not a Mobile IP problem.
       + Most likely a problem together w/mip, though.

    Consensus:  This is a wireless problem that needs to be fixed but
    not in the Mobile IP working group.  Also, if this is an issue,
    don't architect the system such that transceivers on the *same*
    subnet have coverage overlap (i.e., make them separate links).

 5. Movement Detection Timing

    Proposal: Add a field (e.g., a Nominal Advertisement Interval
    field) that lets MN know *exactly* how often the router is
    advertising such that the MN can know *exactly* when it has missed
    one.

    There were some concerns, but overall feeling was to submit the
    proposal to the IPng working group.

 6. Other issues

    a. PROBLEM: If router B does not support sending a Binding Update
       to router A after the MN moves from A to B, packets may be
       dropped.

       SOLUTION: The spec should be changed to say the lifetime of the
       Binding Update MUST (not SHOULD) be <= the registration
       lifetime.

    b. PROBLEM:  Ingress Filtering might prevent MN from sending pkt
       w/src addr = home address.

       PROPOSAL: Both the MN and the CH use the care-of address
       instead of the MN's home addr.  The MN also sends a router
       header to the CH to indicate the route back to MN home addr.
       If the CH ever loses the routing information (power loss), the
       CH will send the pkt to the care-of address, not the home
       address.  The MN can detect it received the packet via its
       care-of addr, not home addr, and send a routing header to the CH.

       Continue discussion on mailing list.