[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Mobile IPv6 - IPsec interaction.
Mohan Parthasarathy writes:
> 1) In Main Mode, it uses the Care of Address as the source address (
> it can't use the Home Address yet as the other end either has
> a stale binding or no bindings and hence we can't get the reply
> back) and uses an appropriate authentication mechanism
> to establish the Phase I SA.
>It cannot use care of address as its identity in phase I. The care of
>address does not have any meaning to the home agent. It needs to use
>something in the phase I that will identify the mobile node to the
>home agent.
>This could be username@host.name (user@fqdn),
>fixed.domain.name.at.home (fqdn) or distinguished name. Using of those
>also rules out using of main mode with pre-shared keys, thus the best
>would be using certificates (signatures).
Why using user@fqdn,fixed.domain.name.at.home (fqdn) or distinguished name
rules out using main mode with pre-shared keys ?
Thank you.
Follow-Ups: