[Mip4] Re: [Dime] RE: Issue 3: Diameter MIP4 Application vs. RADIUSArchitecture

To: Alper Yegin <alper.yegin at yegin.org>
Subject: [Mip4] Re: [Dime] RE: Issue 3: Diameter MIP4 Application vs. RADIUSArchitecture
From: Tom Taylor <tom.taylor at rogers.com>
Date: Wed, 15 Aug 2007 13:27:14 -0400
Cc: dime at ietf.org, mip4 at ietf.org, 'McCann Peter-A001034' <pete.mccann at motorola.com>, 'Ahmad Muhanna' <amuhanna at nortel.com>
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=rogers.com; h=Received:X-YMail-OSG:Message-ID:Date:From:User-Agent:MIME-Version:To:CC:Subject:References:In-Reply-To:Content-Type:Content-Transfer-Encoding; b=0iirQ9+dQ7/L+VkpWceo2fqUF+UVUoQPfJ9dzws7EH4H1RKOjIIp93y07T2sCGDKY6seahzeiZ6vGdsHk3haL8Wuw3ppW5DIsErHtpMNXoXxSPioODRvsNdWfOf6a9XVtkJNr8Xr4BB49X0OmEuTi5DvZMIVcy/C6j/zKpAwKdE= ;
In-reply-to: <0MKpCa-1IKirz3qBP-0006SO@mrelay.perfora.net>
List-help: <mailto:mip4-request@ietf.org?subject=help>
List-id: Mobility for IPv4 <mip4.ietf.org>
List-post: <mailto:mip4@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/mip4>, <mailto:mip4-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/mip4>, <mailto:mip4-request@ietf.org?subject=unsubscribe>
References: <0MKpCa-1IKirz3qBP-0006SO@mrelay.perfora.net>
User-agent: Thunderbird 2.0.0.6 (Windows/20070728)

Isn't this what HOKEY is all about?

Alper Yegin wrote:

MN is authenticated by the same entity (HAAA) whether requested by
the FA or the HA. If HA and FA has some trust relationship (e.g.,
using FA-HA AE, or IPsec), then I believe letting the HA authenticate
the MN is sufficient.

There is no scalable way to maintain trust relationships between
all pairs of (FA, HA).  One of the main purposes of the Diameter
MIPv4 application is to distribute keys for those (FA, HA)
relationships that are necessary based on the MNs that are
roaming to a given FA.  The FA needs to make sure that the
visited resources will be paid for, which is why it needs
authorization from the AAA infrastructure.

FA-HA security association can also be dynamically created during the network access authentication procedure.

Alper

_______________________________________________
DiME mailing list
DiME at ietf.org
https://www1.ietf.org/mailman/listinfo/dime

--
Mip4 mailing list: Mip4 at ietf.org
   Web interface: https://www1.ietf.org/mailman/listinfo/mip4
    Charter page: http://www.ietf.org/html.charters/mip4-charter.html
Supplemental site: http://www.mip4.org/

Follow-Ups:
- [Mip4] RE: [Dime] RE: Issue 3: Diameter MIP4 Application vs. RADIUSArchitecture
  - From: Alper Yegin

References:
- [Mip4] RE: [Dime] RE: Issue 3: Diameter MIP4 Application vs. RADIUSArchitecture
  - From: Alper Yegin

Prev by Date: RE: [Mip4] RE: [Dime] RE: Issue 3: Diameter MIP4 Application vs.RADIUSArchitecture
Next by Date: [Mip4] Document Action: 'Mobile IPv4 RADIUS requirements' to Informational RFC
Previous by thread: RE: [Mip4] RE: [Dime] RE: Issue 3: Diameter MIP4 Application vs.RADIUSArchitecture
Next by thread: [Mip4] RE: [Dime] RE: Issue 3: Diameter MIP4 Application vs. RADIUSArchitecture
Index(es):
- Date
- Thread

[Mip4] Re: [Dime] RE: Issue 3: Diameter MIP4 Application vs. RADIUSArchitecture

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.