On-link CoA testing A MAP is a local HA. It was assumed that the security requirements for a local BU are similar to a BU sent to the HA. No clear reason for treating a MAP differently from a HA, however, an LCoA test was added “just in case the MAP turns out to have stronger security requirements”. This method was recommended in Atlanta Uses existing IPsec SA between the MAP and the MN Protects against bombing another MN on another link. Tradeoff: Performance Vs stronger security The LCoA test must be implemented and is optional to use. |