[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: addresses and IKEv2
In your previous mail you wrote:
=> thanks for your support Mike!
What happens with IKE is another discussion that
I'll bow out of for the time being...
=> there is something to do with IKE because SAs come by pairs,
i.e. for the mobile to correspondent way address agility is enough
(and is already in RFC 2401) but for the correspondent to mobile way
something is needed (readdressing exchange?).
Thanks
Francis.Dupont@enst-bretagne.fr
PS: more I think about SOI & mobility, more I believe SOI should have
an optional message header verification, something like a special ID
payload with the party transport parameters. My current idea is, for
IKEv2 for instance:
- optional ID payload of type address with the party transport
parameters (address, protocol (udp), port (500))
- this payload should be the first one (a way to mark it as special)
- if it is present it must be checked against the message header
- the policy should say if this is required to be sent or received
- the policy should say if this can overwrite previous used addresses:
* further IKE messages
* all established SAs with this peer
IMHO only the last point is arguable (i.e. I am still looking for
better solutions).