Vijay, On 3/4/10 3:26 PM, "ext Devarapalli, Vijay" <vi...@wichorus.com> wrote:
> Anybody for transporting EAP over MIPv6 messages? We could define a new EAP > transport mobility header message and use a key from the EAP exchange with > the MN-HA authentication option. :) If you go down the path of attempting to define MIP6 as a transport for EAP messages, you will face the question of why not use PANA instead? Hence I do not want to even broach this subject or suggest such an approach. IMO it is better to separate the user authentication and key exchange from the MIP6 signaling itself. As long as the MN and HA are able to obtain session keys securely, MIP6 signaling can be secured with the same. -Raj > > On 3/3/10 7:55 AM, "basavaraj.pa...@nokia.com" <basavaraj.pa...@nokia.com> > wrote: > >> While there are many reasons that can be attributed to the lack of >> implementations and use, one that I would like to raise is the the >> concern with the overly complex security model that MIP6/DSMIP6 relies >> on today. MIP6/DSMIP6 requires IPsec and IKE/IKEv2 (RFC3776/4877) to >> secure the signaling between the MN and HA. The fundamental purpose of >> MIP6/DSMIP6 is to provide mobility to hosts. At a very high level the >> MIP6/DSMIP6 protocol boils down to the ability to setup a tunnel >> between the MN and HA and update the MN tunnel end-point whenever >> there is a change in the associated IP address (CoA). The signaling to >> establish the tunnel needs to be secure. But using a protocol like >> IKEv2 and IPsec to achieve this security is just an overkill. > > Well, it has its advantages too. Being able to connect to the home agent > from an unsecure WiFi access is one of them. > > Vijay _______________________________________________ Int-area mailing list Int-area@ietf.org https://www.ietf.org/mailman/listinfo/int-area
