mobopts-1----Page:10
1 2 3 4 5 6 7 8 9 10 11 12 13 14
|
Options for SA establishment 1/2 IKE? Issue 1: Shared key provisioning between MN and an arbitrary visited network router Issue 2: Authorization? Key derivation as side effect of network access AAA For instance, branch off new key hierarchy from EAP reserved keys Can be defined for network access purposes, needs a new system-level security design draft in EAP WG Issue 1: may require a new node to be involved in addition to the AAA and AP -- how to send keys to that? Issue 2: theoretical vs. practical availability of an underlying AAA run -- e.g. likelihood of UAM vs. 802.1X authentication -- though maybe not an issue if you are doing fast movements (?) |