[Mobopts] Re: [Mipshop] RE: Review of draft-vidya-mipshop-handover-keys-aaa -00.txt

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Mobopts] Re: [Mipshop] RE: Review of draft-vidya-mipshop-handover-keys-aaa -00.txt

To: "Narayanan Vidya-CVN065" <vidya at motorola.com>, "'Rajeev Koodli'" <rajeev at iprg.nokia.com>
Subject: [Mobopts] Re: [Mipshop] RE: Review of draft-vidya-mipshop-handover-keys-aaa -00.txt
From: "James Kempf" <Kempf at docomolabs-usa.com>
Date: Fri, 22 Jul 2005 08:03:10 -0700
Cc: Gerardo Giaretta <Gerardo.Giaretta at TILAB.COM>, Julien Bournelle <julien.bournelle at int-evry.fr>, mipshop at ietf.org, Venkitaraman Narayanan-CNV002 <Narayanan.Venkitaraman at motorola.com>, mobopts at irtf.org
List-help: <mailto:mobopts-request@irtf.org?subject=help>
List-id: IP Mobility Optimizations <mobopts.irtf.org>
List-post: <mailto:mobopts@irtf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/mobopts>, <mailto:mobopts-request@irtf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/mobopts>, <mailto:mobopts-request@irtf.org?subject=unsubscribe>
References: <1B631E11D496D711BB2800065BFCB6A11B7A7200@il02exm13>
Sender: mobopts-bounces at irtf.org

> I am confused by this. The L3 handover key I am referring to is the shared
secret between MN and AR. If we extended an EAP method to derive this key,
when the EAP authenticator is not the same as the AR, we have some issues in
getting the key to the AR without breaking some of the Housley criteria. It
is not that we need a new key as a result of a new L2 auth method, but it is
the process of deriving a key with the next AR may now need to be different,
due to the
>

Suppose that the AAA server pushes the key directly to the AR using some
protocol. That means the AAA server and the AR need to share an end-to-end
security association, that the key must be encrypted in transit, and only
the AR can decrypt.

Now, suppose that, instead of routing the key directly to the AR, it is
routed through the NAS instead. If the key is end-to-end encrypted, how does
that violate the Housley critera? The NAS is acting like a proxy AAA server
and doesn't ever get to look at the key.

Am I missing something?

            jak



_______________________________________________
Mobopts mailing list
Mobopts at irtf.org
https://www1.ietf.org/mailman/listinfo/mobopts

References:
- [Mobopts] RE: [Mipshop] RE: Review of draft-vidya-mipshop-handover-keys-aaa -00.txt
  - From: Narayanan Vidya-CVN065

Prev by Date: [Mobopts] Re: [Mipshop] RE: Review of draft-vidya-mipshop-handover-keys-aaa -00.txt
Next by Date: Re: [Mobopts] New topics for the RG
Previous by thread: Re: [Mobopts] RE: [Mipshop] RE: Review of draft-vidya-mipshop-handover-keys-aaa -00.txt
Next by thread: [Mobopts] RE: [Mipshop] RE: Review of draft-vidya-mipshop-handover-keys-aaa -00.txt
Index(es):
- Date
- Thread

[Mobopts] Re: [Mipshop] RE: Review of draft-vidya-mipshop-handover-keys-aaa -00.txt

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.