Browse Prior Art Database

Mobile IPv4 Challenge/Response Extensions (RFC3012)

IP.com Disclosure Number: IPCOM000005204D
Original Publication Date: 2000-Nov-01
Included in the Prior Art Database: 2001-Aug-17
Document File: 18 page(s) / 37K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

C. Perkins: AUTHOR [+2]

Abstract

Mobile IP, as originally specified, defines an authentication extension (the Mobile-Foreign Authentication extension) by which a mobile node can authenticate itself to a foreign agent. Unfortunately, this extension does not provide ironclad replay protection for the foreign agent, and does not allow for the use of existing techniques (such as CHAP) for authenticating portable computer devices. In this specification, we define extensions for the Mobile IP Agent Advertisements and the Registration Request that allow a foreign agent to use a challenge/response mechanism to authenticate the mobile node.

This text was extracted from a ASCII Text document.
This is the abbreviated version, containing approximately 9% of the total text.

Network Working Group C. Perkins Request for Comments: 3012 Nokia Research Center Category: Standards Track P. Calhoun Sun Microsystems Laboratories

November 2000

Mobile IPv4 Challenge/Response Extensions

Status of this Memo

This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (2000). All Rights Reserved.

Abstract

Mobile IP, as originally specified, defines an authentication extension (the Mobile-Foreign Authentication extension) by which a mobile node can authenticate itself to a foreign agent. Unfortunately, this extension does not provide ironclad replay protection for the foreign agent, and does not allow for the use of existing techniques (such as CHAP) for authenticating portable computer devices. In this specification, we define extensions for the Mobile IP Agent Advertisements and the Registration Request that allow a foreign agent to use a challenge/response mechanism to authenticate the mobile node.

Perkins Calhoun Standards Track [Page 1]

RFC 3012 Mobile IPv4 Challenge/Response November 2000

Table of Contents

1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Mobile IP Agent Advertisement Challenge Extension . . . . . 3 3. Operation . . . . . . . . . . . . . . . . . . . . . . . . . 3 3.1. Mobile Node Processing for Registration Requests . . . 3 3.2. Foreign Agent Processing for Registration Requests . . 5 3.3. Foreign Agent Processing for Registration Replies . . 7

3.4. Home Agent Processing for the Challenge Extensions . . 7 4. MN-FA Challenge Extension . . . . . . . . . . . . . . . . . 7 5. Generalized Mobile IP Authentication Extension . . . . . . . 8 6. MN-AAA Authentication subtype. . . . . . . . . . . . . . . . 9 7. Reserved SPIs for Mobile IP. . . . . . . . . . . . . . . . . 9 8. SPI For RADIUS AAA Servers . . . . . . . . . . . . . . . . . 10

9. Configurable Parameters. . . . . . . . . . . . . . . . . . . 10 10. Error Values . . . . . . . . . . . . . . . . .. . . . . . . 10 11. IANA Considerations . . . . . . . . . . . . . . . . . . . . 11 12. Security Considerations . . . . . . . . . . . . . . . . . . 12 13. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 12 References . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

A. Verification Infrastructure . . . . . . . . . . . . . . . . 14 Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Full Copyright Statement . . . . . . . . . . . . . . . . . . . . 17

1. Introduction

Mobile IP, as originally specified, defines an authentication extension (the Mobile-Foreign Authentication extension) by which a mobile node can authenticate itself to a foreign agent.

Unfortunately, this extension does not provide ironclad replay prote...