All, We are trying to have a discussion in Montreal on the problem of IP address authorization and how this relates to proxy neighbor discovery and IP mobility protocols, in the context of AAA-based systems. SEND solves the problem on the local link that a node resides in. However, IP mobility protocols like Mobile IP and NETLMM require an entity (e.g., Home Agent) to defend the IP address of a node in proxy mode. There is also the issue in NETLMM that when an AR needs to perform mobility for a given node, it must have a means of authorizing the IP address of the node before it does that. Protocols like FMIPv6 require address authorization prior to binding a key for a given MN with its CoA. CGAs don't really solve the problem in such cases. In AAA-based systems, we can achieve this type of IP address authorization using addresses generated with symmetric keys.
Towards such an approach, we have an initial draft on Symmetric-key Based Addresses (http://www.ietf.org/internet-drafts/draft-narayanan-pba-01.txt). The draft does not provide the complete solution or architecture, but is seen as a starting point for discussion. We are hoping to have a discussion in the INT area meeting on this topic. However, it may turn out due to lack of time at that meeting that we end up having this presentation and discussion at the MIPSHOP meeting. A pointer to an early version of the slides can be found at http://www.geocities.com/hellovidya/SBA_IETF-66.pdf. We invite reviews and thoughts on the problem space - our goal is to get a discussion on the problems and guage interest in solving this. Thanks, Vidya _______________________________________________ Int-area mailing list [email protected] https://www1.ietf.org/mailman/listinfo/int-area
