Thanks for your review, Patrick!
Comments inline:
I expect that the biggest risk of telling a mobile agent to use a new home
agent
is the threat of impersonation, i.e., moving home agents so as to insert a
woman-in-the-middle.
The document doesn't talk about this at all, only mentioning in the security
considerations that
a change agent command should be authenticated.
Yes. But the protocols used between mobile nodes and home agents
require authentication and authorization of both sides to act in their
roles. This applies even with the new home agent.
Perhaps a statement about this for the security considerations
section would be appropriate.
General Comments:
- There are a bunch of places where something is defined/identified with no
obvious explanation.
For example, "section 7. Protocol Considerations", defines two timeout
values. I wonder how they
came up with the values?
Good question -- though I would expect any number to be
merely guidance that may get changed with implementation
and usage experience.
- The IANA considerations may need a note to point that when the requested
value is assigned, the
multiple TBDs in the text will need to change. Just as a reminder.
This is usually taken care of by the RFC Editor and IANA.
For ensuring that IANA actually does catch them, using
a string such as "TBD by IANA" is recommended, however.
Jari
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf