[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Mobile IPv6 - IPsec interaction.

To: kivinen@ssh.fi, Mohan.Parthasarathy@Eng.Sun.COM
Subject: RE: Mobile IPv6 - IPsec interaction.
From: Franck.Le@nokia.com
Date: Thu, 4 Jan 2001 12:02:36 -0600
Cc: ipsec@lists.tislabs.com, Francis.Dupont@enst-bretagne.fr
Sender: owner-ipsec@lists.tislabs.com



Mohan Parthasarathy writes:
> 1) In Main Mode, it uses the Care of Address as the source address (
>     it can't use the Home Address yet as the other end either has
>     a stale binding or no bindings and hence we can't get the reply
>     back) and uses an appropriate authentication mechanism
>     to establish the Phase I SA.

>It cannot use care of address as its identity in phase I. The care of
>address does not have any meaning to the home agent. It needs to use
>something in the phase I that will identify the mobile node to the
>home agent.

>This could be username@host.name (user@fqdn),
>fixed.domain.name.at.home (fqdn) or distinguished name. Using of those
>also rules out using of main mode with pre-shared keys, thus the best
>would be using certificates (signatures).

Why using user@fqdn,fixed.domain.name.at.home (fqdn) or distinguished name
rules out using main mode with pre-shared keys ?
Thank you.

Follow-Ups:

RE: Mobile IPv6 - IPsec interaction.

From: Tero Kivinen <kivinen@ssh.fi>

Prev by Date: Re: Mobile IPv6 - IPsec interaction.
Next by Date: Re: Mobile IPv6 - IPsec interaction.
Prev by thread: Re: Mobile IPv6 - IPsec interaction.
Next by thread: RE: Mobile IPv6 - IPsec interaction.
Index(es):
- Main
- Thread