From: Giaretta Gerardo
[mailto:gerardo.giaretta at telecomitalia.it]
Sent: Wednesday, August 16, 2006
6:46 PM
To: Alper Yegin
Cc: mipshop at ietf.org; Lakshminath
Dondeti
Subject: RE: [Mipshop] RE: Review
of draft-yegin-hmip-sa-00
Hi Alper,
plerase find below one question about the approach suggested by the draft.
> > I don't think the NAS should be involved in the
> > key delivery. My (limited) understanding of 4140
> > tells me that the MAP is deeper in the network
> > than a typical NAS
>
> In my understanding, MAP is part of the "access network", not
> the "home
> network." For that, putting aside the physical and
> topological aspects, from
> "administrative domain" aspect NAS and MAP are the part of
> the same network.
>
> > I am fine with the notion of using a key from the
> > EAP keying hierarchy for IKEv2
> > authentication. However, I don't think we should
> > use the MSK for the key derivation. Instead a
> > key from the EMSK hierarchy might be used. We
> > can discuss the specifics in detail if you want.
>
> Why do you think so?
>
As you know, there were some proposals for MIP6 bootstrapping similar to this,
deriving keys from network access authentication for MIPv6 bootstrapping. These
proposals have not been accepted because there were strong suggestions to keep
authentication procedures for network access services and mobility services
separate. In his review of the MIP6 bootstrapping PS document, Sam mentioned
again that these two authentications must be fully separated.
Since I originally proposed this approach for MIP6, I am wondering why you
think this should be acceptable for HMIP. Is there any real difference in the
scenario in your opinion?
--Gerardo
> We proposed use of MSK because we assume MAP and NAS are part
> of the same
> administrative domain. NAS can generate the HMIP-SA and pass
> it to the MAP.
> Use of EMSK would have been more appropriate if MAP were part
> of the home
> network along with the HAAA server.
>
> Alper
>
>
>
>
> _______________________________________________
> Mipshop mailing list
> Mipshop at ietf.org
> https://www1.ietf.org/mailman/listinfo/mipshop
>
--------------------------------------------------------------------
CONFIDENTIALITY NOTICE
This message and its attachments are addressed solely to the persons
above and may contain confidential information. If you have received
the message in error, be informed that any use of the content hereof
is prohibited. Please return it immediately to the sender and delete
the message. Should you have any questions, please contact us by
replying to webmaster at telecomitalia.it.
Thank you
www.telecomitalia.it
--------------------------------------------------------------------
