[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Status of IPSEC Key Management

To: perry@piermont.com
Subject: Re: Status of IPSEC Key Management
From: Stephen Kent <kent@bbn.com>
Date: Mon, 9 Sep 1996 10:42:28 -0400
Cc: ipsec@TIS.COM
Sender: ipsec-approval@neptune.tis.com

Perry,

        In the Mobile IP case, the communication being authenticated (as
per the current specs) is between a mobile node and it's home agent, so
there is plenty of time to pre-load and pre-compute the D-H value.  In
later instances one may wish to autnenticate communication between the
mobile node and foreign agents, and between home and foreign agents.  Even
there, caching ought to enable one to avoid fetches on many (most?)
communications.  I admit that there are other ways to reduce traffic key
generation time once you have communicated with the corresponding parties,
but staying within the mobile IP protocol specs, there is no easy way to do
the initial exchange.  However, the fetch of a certificate from some
database is outside the mobile IP protocol, and thus fits within the spec
(once you make appropriate provisions for routing cert/CRL fetches, e.g.,
via a foreign agent proxy).

Steve

Prev by Date: Re: Status of IPSEC Key Management
Next by Date: Re: Status of IPSEC Key Management
Prev by thread: Re: Status of IPSEC Key Management
Next by thread: Re: Status of IPSEC Key Management
Index(es):
- Main
- Thread