-- S7.2, paragraph 2: "Since some mobility entities, e.g., local
mobility anchor and mobile access gateway, are allowed
to receive
and possibly send a Binding Revocation Indication or Binding
Revocation Acknowledgement for different cases,
therefore, if IPsec
is used to secure signaling between the local mobility
anchor and
mobile access gateway, it prevents any of them from processing a
Binding Revocation message that was not constructed by an
authorized party."
I have trouble parsing this sentence.
(You did not respond to this one.)
[Ahmad]
We basically wanted to say that since the MAG and LMA are
both allowed
to send BRI and receive BRA, IPsec will enable the peer to
detect if a
man in the middle, for example, reflected a BRI message that it has
initiated back to the peer and consequently silently drop that BRI
message. In the broader sense, we wanted to say that IPsec
enables any
of the peers to detect if the received BRI is coming from an
unauthorized party and consequently ignore without processing it.
I hope we got it right:)
I think if you replace the ".. allowed
to receive and possibly send a Binding Revocation Indication
or Binding Revocation Acknowledgement for different cases"
with "...allowed to send BRI and receive BRA", it would be
easier to read.
[Ahmad]
Sure, makes sense.
Thanks again for all the comments.
Hopefully will get a new revision before the end of the week.
Regards,
Ahmad
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf