RE: [Mip4] dynamic keys
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Mip4] dynamic keys
So, it doesn't make the initial deployment any easier (if there's one
HA), just ongoing use more secure. Each MN needs to be manually
configured in some manually intensive secure manner and/or use a
proprietary mechanism.
I guess I was looking more for a standardized server-side-only (aaa)
configuration solution. More like the web, using server-side cert and
client-side username/pw (over ssl).
Jeremy
-----Original Message-----
From: Henrik Levkowetz [mailto:henrik@levkowetz.com]
Sent: Tuesday, February 10, 2004 7:00 PM
To: Jeremy A. Greene
Cc: mip4@ietf.org; aaa-wg@merit.edu
Subject: Re: [Mip4] dynamic keys
Hi Jeremy,
Tuesday 10 February 2004, Jeremy A. Greene wrote:
> In the mip4-aaa-key-03 draft (and aaa-diameter-mobileip-16) it
requires
> the use of a single, widely used (by all MNs??), long term pre-shared
> key between the MN and AAAH. Since this key is directly used to
> calculate dynamic keys, this does not seem terrible secure.
I see no reason why the preshared key between MN and AAAH should be the
same for all MNs, rather than individual per-MN? Or is it I who have
missed something?
Henrik
--
Mip4 mailing list
Mip4@ietf.org
https://www.ietf.org/mailman/listinfo/mip4
Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.
