[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Status of IPSEC Key Management

To: Stephen Kent <kent@bbn.com>
Subject: Re: Status of IPSEC Key Management
From: Dave Johnson <dbj@cs.cmu.edu>
Date: Fri, 13 Sep 96 12:47:29 -0400
Cc: Stuart Jacobs <sjj0@gte.com>, perry@piermont.com, ipsec@TIS.COM
In-Reply-To: Your message of "Fri, 13 Sep 96 01:44:45 CDT" <v02130506ae5da436347b@[128.89.30.4]>
Sender: ipsec-approval@neptune.tis.com

Steve Kent said:

>        I believe that the current mobile IP specs talk only about shared
>secrets between the mobile nodes (MNs) and home agents (HAs), but are
>silent on how these values are established and maintained.

This is mostly correct.  Mobile IP does not say where the security
association comes from, but we do require that a security association
must exist between a mobile node and its home agent, and that it must
be used for authentication on all Registration Request and Registration
Reply messages.  Mobile IP also allows for a security association between
a mobile node and its foreign agent and/or between a foreign agent
and the home agent, but we do not require these to exist.  If they do
exist, though, we require that they be used for authentication on
the registration messages, along with the authentication between the
mobile node and its home agent that always must be there.

We assume (and hope) that IPsec key management and key management from
research like that you mentioned at BBN will help provide the necessary
keys and security associations in the future, but for deployment now,
manual configuration of security associations can be used.

					Dave

References:

Re: Status of IPSEC Key Management

From: Stephen Kent <kent@bbn.com>

Prev by Date: Re: Status of IPSEC Key Management
Next by Date: Re: bandwidth in the Internet
Prev by thread: Re: Status of IPSEC Key Management
Next by thread: Replay protection with Manual keying
Index(es):
- Main
- Thread