Apparently neither of the four cases I gave you  describes the phone sits on 
the Internet.
In ERP, we allow two cases.
If there is no local ER server in the visited network, the peer should 
communicate directly 
with home ER server through ER capable authenticator.

However if there is a local ER server in the visited network, we allow the peer 
 initates normal 
EAP exchange with the home EAP server in the home network firstly. In the 
meanwhile the 
local ER server in the path between the peer and home EAP server ask for keying 
materials. 
In the subsequent procedure, the peer can communicate locally with the local ER 
server.

Regards!
-Qin
----- Original Message ----- 
From: "Yoav Nir" <[email protected]>
To: "Yoav Nir" <[email protected]>; "'Qin Wu'" <[email protected]>; "'Yaron 
Sheffer'" <[email protected]>
Cc: "'IPsecme WG'" <[email protected]>; <[email protected]>
Sent: Wednesday, November 23, 2011 4:07 PM
Subject: RE: [IPsec] IKEv2 and ERP



[resending as plaintext]


Thanks, Qin
 
I wonder what the rationale is for this. Why would a phone that's already on 
the Internet connect to the visited network rather than the home network. Is 
that because of concerns about bandwidth and latency?
 
Anyway, is there a use case for ERP in those cases?
 
Yoav

________________________________

From: Qin Wu [mailto:[email protected]] 
Sent: 22 November 2011 10:07
To: Yoav Nir; Yaron Sheffer
Cc: IPsecme WG; [email protected]
Subject: Re: [IPsec] IKEv2 and ERP


Hi,Yoav:
yes,I am do aware of other cases where IKE is used beyond the home network. 
Here are two example use cases adopted by 3GPP.Thes two use cases only work for 
roaming scenario.


 
In both use cases,IKE negotiation happens between WLAN UE and Packet Data 
Gateway(PDG) or Tunnel
Termination Gateway (TTG). Both PDG and TTG are deployed in 3GPP visited 
Network.
 
Also we have two cases where IKE is used with the home network belows. Both PDG 
and TTG are deployed
in the 3GPP home netwrok. These two cases only work for non-roaming scenario.

 

 
 
Regards!
-Qin
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec

Reply via email to