 |
 |
 |
 |
|
 |
|
 |
|
 |
|
 |
|
|
|
|
|
|
|
|
|
|
|
|
James Kempf wrote:
The problem that I can see is after IP handover, how do the MN get a new key ? If we continue to rely on EAP, it will imply a reauthentication from scratch.
One of two ways:
1) The MN has actually reauthenticated for network access from scratch in order to establish its session key with the new AR/AP, and in the process obtained a handover key. In 802.1x, that is, in fact, currently the only way I believe, though the 802.11r WG is looking to change this.
2) The MN has performed preauthentication with a collection of AR/APs around the current one, and so has a key already available.
There are two separate issues here.
1. Securing the FMIP signaling via key derivation.
2. Reducing the re-authentication latency.
I believe we are mostly referring to 1) in this thread (so far at least).
What is the scope of 2) for us? Is it an L2-specific problem that other bodies such as .11r are considering? I believe understanding the scope of 2) is important before we engineer the solution.
-Rajeev
jak
_______________________________________________ Mipshop mailing list Mipshop at ietf.org https://www1.ietf.org/mailman/listinfo/mipshop
_______________________________________________ Mobopts mailing list Mobopts at irtf.org https://www1.ietf.org/mailman/listinfo/mobopts