[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HOKEY] WGLC: draft-ietf-hokey-preauth-ps-02

To: Preetida.Vinayakray-Jani at nokia.com
Subject: Re: [HOKEY] WGLC: draft-ietf-hokey-preauth-ps-02
From: Yoshihiro Ohba <yohba at tari.toshiba.com>
Date: Tue, 1 Apr 2008 16:16:24 -0400
Cc: hokey at ietf.org
Delivered-to: ietfarch-hokey-web-archive at core3.amsl.com
Delivered-to: hokey at core3.amsl.com
In-reply-to: <83CD3A5F85DE7D43B6A5CC37CCBAEECE0544EF7F at esebe104.NOE.Nokia.com>
List-archive: <http://www.ietf.org/pipermail/hokey>
List-help: <mailto:hokey-request@ietf.org?subject=help>
List-id: HOKEY WG Mailing List <hokey.ietf.org>
List-post: <mailto:hokey@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/hokey>, <mailto:hokey-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/hokey>, <mailto:hokey-request@ietf.org?subject=unsubscribe>
References: <47E5A685.4010706 at cs.umd.edu> <83CD3A5F85DE7D43B6A5CC37CCBAEECE053CB6FF at esebe104.NOE.Nokia.com> <47EE275F.9050504 at research.telcordia.com> <83CD3A5F85DE7D43B6A5CC37CCBAEECE0544EF7F at esebe104.NOE.Nokia.com>
Sender: hokey-bounces at ietf.org
User-agent: Mutt/1.5.17+20080114 (2008-01-14)

Hi Preetida,

Thank you for reviewing the draft.  I have a comment on your comment #2.

On Mon, Mar 31, 2008 at 08:48:06AM +0300, Preetida.Vinayakray-Jani at nokia.com wrote:
> >> 
> >> 2. In indirect pre-autnetication, it is asusmed that there will be
> >> pre-exisitng trust between SA and CA. To me this scenario is 
> >analogus to
> >> fast handover in MIP, with proxy-solicitation msg. However 
> >keeping MIP
> >> aside, even if MN receives IP level details of CA through SA, the
> >> performed pre-authentication can be partial as MN still needs to
> >> associate CA first before using IP level security. Any comments?   
> >
> >AD. The draft does not make any assumption regarding 
> >pre-established  SA 
> >between SA and CA, as SA (Serving Authenticator) acts like a proxy and 
> >forwards the packets to CA (Candidate Authenticator). MN does not 
> >directly communicate with CA, but SA does communicate with CA 
> >in case of 
> >indirect pre-authentication. So the role of CA and SA are little 
> >different than PAR and NAR that you have mentioned for FMIPv6.
> >
> >I do not understand quite well about the partial pre-authentication of 
> >MN. Could you please clarify it little more?
> >
> 
> [Preeti] Parital authentication -> In above scenrio, Preauthentication
> involves direct IP level communication between SA and CA, Although
> resulted pre-authentication is for MN, it does not include MN's layer 2
> authentication. Hence it is partial. If layer 2 authentication fails
> then success of layer 3 may not bring any value or underutilization of
> reserved resources. 

Direct pre-authentication and indirect pre-authentication are the same
in that both happen before MN performs L2 secure association to CA.
Context Binding, described in Section 5.2, will create binding between
link-layer independent context and link-layer specific context, so
that L2 secure association can succeed when L2 handover happens.

Yoshihiro Ohba

_______________________________________________
HOKEY mailing list
HOKEY at ietf.org
https://www.ietf.org/mailman/listinfo/hokey

Follow-Ups:
- Re: [HOKEY] WGLC: draft-ietf-hokey-preauth-ps-02
  - From: Preetida.Vinayakray-Jani

References:
- [HOKEY] WGLC: draft-ietf-hokey-preauth-ps-02
  - From: Charles Clancy
- Re: [HOKEY] WGLC: draft-ietf-hokey-preauth-ps-02
  - From: Preetida.Vinayakray-Jani
- Re: [HOKEY] WGLC: draft-ietf-hokey-preauth-ps-02
  - From: Ashutosh Dutta
- Re: [HOKEY] WGLC: draft-ietf-hokey-preauth-ps-02
  - From: Preetida.Vinayakray-Jani

Prev by Date: Re: [HOKEY] WGLC: draft-ietf-hokey-preauth-ps-02
Next by Date: Re: [HOKEY] WGLC: draft-ietf-hokey-preauth-ps-02
Previous by thread: Re: [HOKEY] WGLC: draft-ietf-hokey-preauth-ps-02
Next by thread: Re: [HOKEY] WGLC: draft-ietf-hokey-preauth-ps-02
Index(es):
- Date
- Thread