RFC 3012 (rfc3012) - Page 2 of 17


Mobile IPv4 Challenge/Response Extensions



Alternative Format: Original Text Document



RFC 3012             Mobile IPv4 Challenge/Response        November 2000


Table of Contents

    1. Introduction . . . . . . . . . . . . . . . . . . . . . . . .  2
    2. Mobile IP Agent Advertisement Challenge Extension  . . . . .  3
    3. Operation  . . . . . . . . . . . . . . . . . . . . . . . . .  3
        3.1. Mobile Node Processing for Registration Requests . . .  3
        3.2. Foreign Agent Processing for Registration Requests . .  5
        3.3. Foreign Agent Processing for Registration Replies  . .  7
        3.4. Home Agent Processing for the Challenge Extensions . .  7
    4. MN-FA Challenge Extension  . . . . . . . . . . . . . . . . .  7
    5. Generalized Mobile IP Authentication Extension . . . . . . .  8
    6. MN-AAA Authentication subtype. . . . . . . . . . . . . . . .  9
    7. Reserved SPIs for Mobile IP. . . . . . . . . . . . . . . . .  9
    8. SPI For RADIUS AAA Servers . . . . . . . . . . . . . . . . . 10
    9. Configurable Parameters. . . . . . . . . . . . . . . . . . . 10
   10. Error Values  . . . . . . . . . . . . . . . . .. . . . . . . 10
   11. IANA Considerations  . . . . . . . . . . . . . . . . . . . . 11
   12. Security Considerations  . . . . . . . . . . . . . . . . . . 12
   13. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 12
   References . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
    A. Verification Infrastructure  . . . . . . . . . . . . . . . . 14
   Addresses  . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
   Full Copyright Statement . . . . . . . . . . . . . . . . . . . . 17

1. Introduction

   Mobile IP, as originally specified, defines an authentication
   extension (the Mobile-Foreign Authentication extension) by which a
   mobile node can authenticate itself to a foreign agent.

   Unfortunately, this extension does not provide ironclad replay
   protection, from the point of view of the foreign agent, and does not
   allow for the use of existing techniques (such as CHAP [12]) for
   authenticating portable computer devices.  In this specification, we
   define extensions for the Mobile IP Agent Advertisements and the
   Registration Request that allow a foreign agent to a use
   challenge/response mechanism to authenticate the mobile node.

   All SPI values defined in this document refer to values for the
   Security Parameter Index, as defined in RFC 2002 [8].  The key words
   "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD",
   "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document
   are to be interpreted as described in [1].








Perkins & Calhoun           Standards Track