Re: Revised Mobile IPv6 draft available

["Aaron Griggs" <agriggs@east.isi.edu>]

> Again, the SA triple uses the destination address and not the source
address
> so the home address option isn't an issue.  For the inbound SP
verification,
> make the remote IP address wildcarded so the home address option affect
> (source address changed from mobile to home) doesn't make the verification
> fail.

I messed up on this statement.  The SP address that can be wildcarded is the
local address.  I usually specify an SP as bidirectional with a remote and
local address.  The local address is the source address for outbound traffic
and the destination address for inbound traffic.

The result of a bidirectional SP is two SAs: one for inbound and one for
outbound.  The outbound SA has the destination address of the remote machine
and the inbound SA has the destination address of the local machine.  My
implementation only supports manual keys so I require the user to enter a
local address.

Itojun wrote:
>Source address (whether it is ip6_src or home address option)
>is still very important.  When you negotiate the key
>with the peer, IKE runs between (src, dst) pair.

Couldn't the source just be selected by the sender?  For multiple address on
an interface, the best address is selected.  My statements above handles
specifying a source for the SA.  Since I am not implementing IKE, I might be
missing something.

Aaron

---

Follow-Ups:

• Re: Revised Mobile IPv6 draft available
• From: itojun@iijlab.net
• Re: Revised Mobile IPv6 draft available
• From: itojun@iijlab.net

References:

• Re: Revised Mobile IPv6 draft available
• From: "A.Le_Rouzic" <Aime.Le-Rouzic@bull.net>
• Re: Revised Mobile IPv6 draft available
• From: "Aaron Griggs" <agriggs@east.isi.edu>

---

• Prev by Date: Re: Revised Mobile IPv6 draft available
• Next by Date: draft-ietf-ipsec-notifymsg-00.txt (long again)
• Prev by thread: Re: Revised Mobile IPv6 draft available
• Next by thread: Re: Revised Mobile IPv6 draft available
• Index(es):
  • Main
  • Thread