[Mobopts] Re: [Mipshop] RE: Review of draft-vidya-mipshop-handover-keys-aaa -00.txt

["James Kempf" <Kempf at docomolabs-usa.com>]

> I am not sure what it really means to support an additional protocol on
the host. We are talking about support for the same functionality regardless
of whether it is an extension of an existing protocol or a new one. The fact
that it is running on a different UDP port should not be a factor in my
mind. Now, if there is replication of functionality between two protocols
running on a host, I see your point of re-use. But, in this case, I don't
see replication of functionality. I don't see an incentive to align the
signaling for handover key exchange with network access - if anything it
seems to be complicating the design due to its dependence on different types
of L2 protocols. If there is a way to avoid having the AAA-AR SA, I can see
that being an incentive - but, that seems impossible - so, I am still not
seeing the point.
>

Well, we disagree here. The whole point of this work is to leverage existing
AAA infrastructure, so the more you can leverage, the better things become.
Making up a whole new protocol just to do key distribution reduces the
attraction, since it must be deployed. Of course, mods to AAA protocols must
be deployed too, but it seems less of a delta.

> Certainly, we can come up with a way of pushing the key from the NAS to
the AR - the thing I am struggling with is that this seems more complex to
me than the AR itself getting the key in the first place. We now require
different NAS-es - APs, 802.16 BSs, PAAs, etc. to support this
functionality. There is not much difference in what the MN does - instead of
requesting a handover key through the NAS, it requests it from the AR with
which it intends to share it. Also, why should we require a L2 entity to
cache the HKs for an MN? 802.11 and 802.16 seem to be having enough key
caching problems on their own for pre-authentication and predictive
handoffs, etc. So, I don't think it makes sense to say that the NAS needs to
store the key until the AR asks for it. Also, the NAS probably doesn't know
anything about the lifetime of the key (nor should it) - so, how long does
it cache it if the AR doesn't ask for the key for a long time?
>
>

Seems like you're convinced on having a new protocol, no sense in continuing
the discussion.

            jak




_______________________________________________
Mobopts mailing list
Mobopts at irtf.org
https://www1.ietf.org/mailman/listinfo/mobopts