[Dime] HA-to-AAAH draft/support of RFC 4285

To: dime at ietf.org
Subject: [Dime] HA-to-AAAH draft/support of RFC 4285
From: "Julien Bournelle" <julien.bournelle at gmail.com>
Date: Sat, 31 Mar 2007 14:09:57 +0200
Cc: Hannes Tschofenig <hannes.Tschofenig at gmx.net>
Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:mime-version:content-type:content-transfer-encoding:content-disposition; b=tjGHp3Nnktk4zhdHLko9kcwgpiVsXwBFa7IY6IoN7W8G1ZkcuUJTezO1gOTJZrp9eXoWRuM0oHIq9mzYWTFoJtJvcnpB/01jw8TOVzyL9xFyEcyY3eEnGA2VyVe4VshWLofWZzE7pYd3qENRa7V7DRaBY0oOr23/+fn9i+wkIFM=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:mime-version:content-type:content-transfer-encoding:content-disposition; b=h7tICBHyBWkkfceFC7wNnKyjDZNow4v3LuETJgM91jhFUEQMkz/1uXBpj7V+vr1SEH3ivIB8SoX/cqJwG/b1wkbbX81QtyuhfHureNScGLv1mhx9N1bN69ETe3Zt21FApg+3DsbTjKRl8asSOvg90V+Rv15PAa/cyU1fE0zKrus=
List-archive: <http://www1.ietf.org/pipermail/dime>
List-help: <mailto:dime-request@ietf.org?subject=help>
List-id: Diameter Maintanence and Extentions Working Group <dime.ietf.org>
List-post: <mailto:dime@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/dime>, <mailto:dime-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/dime>, <mailto:dime-request@ietf.org?subject=unsubscribe>

Hi all,

as discussed during the DiME WG meeting, we have to support the
RFC4285 in our Diameter Application for mip6.

Let me reexplain briefly the situation:

MN ----------- HA/AAAclient ----------------AAA server

Our application defines the protocol between the AAAclient located in
the HA and the AAA server.

Between, the MN and the HA, we use:

A/ either IKEv2 with EAP to setup IPsec SAs (to protect mip6 signalling).

B/ or RFC 4285 aka Mobile IPv6 Authentication Option (could be compared
to what is used in mip4).

In A/, EAP is used for authentication, our Diameter Application will carry
EAP packets and will deliver specific mip6 AVPs. At the end of the AAA process,
IPsec SAs are setup and the MN can send its mip6 Binding Update.

In B/, the MN has a pre-shared key with the AAA server. It sends its mip6
Binding Update signed using this pre-shared key to the HA. Our
Diameter Application
is then used to perform Authentication by the AAA server (owner of the
pre-shared
key).

So, to sum up, we have two different MN-HA interaction (IKEv2-EAP and RFC4285)
and one Diameter Application between HA and AAA. To solve this, we
have two options
in our Application:

Option 1: we define 2 different commands: one command to deal with EAP and
one command to deal with RFC 4285.

Option 2: we define one command and one generic Authentication AVP.

I'd like to hear your opinion on this.

My personal feeling is that I would prefer Option 1. The reason is
that I think it's cleaner
for the server to know from the command-code the associated
authentication method. More especially when we have EAP type
authentication.

Regards,

Julien

_______________________________________________
DiME mailing list
DiME at ietf.org
https://www1.ietf.org/mailman/listinfo/dime

Follow-Ups:
- [Dime] RE: HA-to-AAAH draft/support of RFC 4285
  - From: Madjid Nakhjiri

Prev by Date: RE: [Dime] RE: HA acting as a VPN
Next by Date: [Dime] I-D ACTION:draft-ietf-dime-rfc3588bis-03.txt
Previous by thread: [Dime] HA acting as a VPN
Next by thread: [Dime] RE: HA-to-AAAH draft/support of RFC 4285
Index(es):
- Date
- Thread

[Dime] HA-to-AAAH draft/support of RFC 4285

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.