Apparently neither of the four cases I gave you describes the phone sits on the Internet. In ERP, we allow two cases. If there is no local ER server in the visited network, the peer should communicate directly with home ER server through ER capable authenticator.
However if there is a local ER server in the visited network, we allow the peer initates normal EAP exchange with the home EAP server in the home network firstly. In the meanwhile the local ER server in the path between the peer and home EAP server ask for keying materials. In the subsequent procedure, the peer can communicate locally with the local ER server. Regards! -Qin ----- Original Message ----- From: "Yoav Nir" <[email protected]> To: "Yoav Nir" <[email protected]>; "'Qin Wu'" <[email protected]>; "'Yaron Sheffer'" <[email protected]> Cc: "'IPsecme WG'" <[email protected]>; <[email protected]> Sent: Wednesday, November 23, 2011 4:07 PM Subject: RE: [IPsec] IKEv2 and ERP [resending as plaintext] Thanks, Qin I wonder what the rationale is for this. Why would a phone that's already on the Internet connect to the visited network rather than the home network. Is that because of concerns about bandwidth and latency? Anyway, is there a use case for ERP in those cases? Yoav ________________________________ From: Qin Wu [mailto:[email protected]] Sent: 22 November 2011 10:07 To: Yoav Nir; Yaron Sheffer Cc: IPsecme WG; [email protected] Subject: Re: [IPsec] IKEv2 and ERP Hi,Yoav: yes,I am do aware of other cases where IKE is used beyond the home network. Here are two example use cases adopted by 3GPP.Thes two use cases only work for roaming scenario. In both use cases,IKE negotiation happens between WLAN UE and Packet Data Gateway(PDG) or Tunnel Termination Gateway (TTG). Both PDG and TTG are deployed in 3GPP visited Network. Also we have two cases where IKE is used with the home network belows. Both PDG and TTG are deployed in the 3GPP home netwrok. These two cases only work for non-roaming scenario. Regards! -Qin _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
