RFC 3012 (rfc3012) - Page 2 of 17
Mobile IPv4 Challenge/Response Extensions
Alternative Format: Original Text Document
RFC 3012 Mobile IPv4 Challenge/Response November 2000
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Mobile IP Agent Advertisement Challenge Extension . . . . . 3
3. Operation . . . . . . . . . . . . . . . . . . . . . . . . . 3
3.1. Mobile Node Processing for Registration Requests . . . 3
3.2. Foreign Agent Processing for Registration Requests . . 5
3.3. Foreign Agent Processing for Registration Replies . . 7
3.4. Home Agent Processing for the Challenge Extensions . . 7
4. MN-FA Challenge Extension . . . . . . . . . . . . . . . . . 7
5. Generalized Mobile IP Authentication Extension . . . . . . . 8
6. MN-AAA Authentication subtype. . . . . . . . . . . . . . . . 9
7. Reserved SPIs for Mobile IP. . . . . . . . . . . . . . . . . 9
8. SPI For RADIUS AAA Servers . . . . . . . . . . . . . . . . . 10
9. Configurable Parameters. . . . . . . . . . . . . . . . . . . 10
10. Error Values . . . . . . . . . . . . . . . . .. . . . . . . 10
11. IANA Considerations . . . . . . . . . . . . . . . . . . . . 11
12. Security Considerations . . . . . . . . . . . . . . . . . . 12
13. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 12
References . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
A. Verification Infrastructure . . . . . . . . . . . . . . . . 14
Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Full Copyright Statement . . . . . . . . . . . . . . . . . . . . 17
1. Introduction
Mobile IP, as originally specified, defines an authentication
extension (the Mobile-Foreign Authentication extension) by which a
mobile node can authenticate itself to a foreign agent.
Unfortunately, this extension does not provide ironclad replay
protection, from the point of view of the foreign agent, and does not
allow for the use of existing techniques (such as CHAP [12]) for
authenticating portable computer devices. In this specification, we
define extensions for the Mobile IP Agent Advertisements and the
Registration Request that allow a foreign agent to a use
challenge/response mechanism to authenticate the mobile node.
All SPI values defined in this document refer to values for the
Security Parameter Index, as defined in RFC 2002 [8]. The key words
"MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD",
"SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document
are to be interpreted as described in [1].
Perkins & Calhoun Standards Track