The IESG returned the Mobile IPv6 (MIPv6) draft to the working group due to concerns about the security and scalability of binding updates (BUs) sent to correspondent nodes and the associated IPsec processing that is specified in the draft. Since that time discussions have continued to attempt to define what is really needed to make binding updates secure while taking into consideration the aspect of scalability as well as the fact that IPsec may not be the most suitable security mechanism for securing BUs between MNs and CNs. In Multi-Author [Page i] INTERNET-DRAFT Security for MIPv6 05 Nov. 2001 the course of discussing the requirements it became apparent that a threat model is needed in order to adequately specify the security requirements. Mobile IPv6 mandates that all binding updates be authenticated. The current approach taken to securing these BUs is via the use of IPsec. This approach for securing BUs has various problems, one of which is scalability. The I-D from a specification perspective does not have security vulnerabilities, but as specified, has serious limitations in its capability to be deployed on an Internet wide basis. The purpose of this I-D is to identify the scenarios and threats that Mobile IPv6 can possibly bring to the Internet. From these scenarios and threats are derived a set of requirements that Mobile IPv6 needs to address as part of the specification. Multi-Author [Page ii] INTERNET-DRAFT Security for MIPv6 05 Nov. 2001