[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Mobile IPv6 - IPsec interaction.
Indeed, in this case you would have an IPSec association between your
mobile host (using your Home Address) and the web server. Since your
home address never changes, you don't need to rebuild the connection
to the web server when you move.
You only need to rebuild IPSec SAs between the mobile host and the
home agent.
-derek
Tero Kivinen <kivinen@ssh.fi> writes:
> > Assume i am using this to connect to some web site. As i keep
> > moving, i keep sending binding updates to the server that
> > i am connected to. Is it practical to assume that any
> > arbitrary server that i connect to, will be able to get to
> > these certificates and do these policy checks ? How
> > does the server get to this policy information ?
>
> If I understand correctly you send those binding updates to your home
> agent, not to each web server.
>
> If you really need to have SA between two random hosts in the
> internet, then you need global PKI. We do not have such yet. DNSsec
> might provide one, or we might end up having some kind of global X.509
> PKI. Anyways that is completely different problem than protecting the
> connection between two know hosts, mobile user and home agent.
> --
> kivinen@ssh.fi Work : +358 303 9870
> SSH Communications Security http://www.ssh.fi/
> SSH IPSEC Toolkit http://www.ssh.fi/ipsec/
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord@MIT.EDU PGP key available
References: