MIPv6%20bootstrapping%20in%20split%20scenario - PowerPoint PPT Presentation

About This Presentation
Title:

MIPv6%20bootstrapping%20in%20split%20scenario

Description:

G1.1 The AAAH server and the HA MUST be able to authenticate each other (mutual authentication) ... G1.2 The AAA-HA interface MUST provide integrity protection ... – PowerPoint PPT presentation

Number of Views:16
Avg rating:3.0/5.0
Slides: 7
Provided by: gerardog
Learn more at: https://www.ietf.org
Category:

less

Transcript and Presenter's Notes

Title: MIPv6%20bootstrapping%20in%20split%20scenario


1
Dallas, March 2006
IETF 65th mip6 WG
Goals for AAA-HA interface (draft-ietf-mip6-aaa-ha
-goals-01)
Gerardo Giaretta Ivano Guardini Elena
Demaria Julien Bournelle Rafa Lopez
2
Draft update
  • The draft has been fully reviewed based on the
    solutions defined by Bootstrapping Design Team
  • draft-ietf-mip6-bootstrapping-split-02 for split
    scenario
  • draft-ietf-mip6-bootstrapping-integrated-dhc-00
    for integrated scenario
  • All goals have been revised
  • Thanks to Hannes Tschofenig for his deep review

3
Goals
  • G1.1 The AAAH server and the HA MUST be able to
    authenticate each other (mutual authentication)
  • G1.2 The AAA-HA interface MUST provide integrity
    protection in order to prevent any alteration of
    exchanged data
  • G1.3 The AAA-HA interface MUST provide replay
    protection
  • G1.4 The AAA-HA interface SHOULD provide
    confidentiality since it may be used to transfer
    keying material
  • e.g. shared key generated during EAP
    authentication
  • G1.5 The AAA-HA interface should support inactive
    peer detection
  • this functionality can be used by the AAAH server
    to maintain a list of active HAs (e.g. useful for
    HA selection)

4
Goals (cont.)
  • G2.1 The AAA-HA interface SHOULD allow the use of
    Network Access Identifier (NAI) to identify the
    mobile node
  • G2.2 The HA SHOULD be able to query the AAAH
    server to verify Mobile IPv6 service
    authorization for the mobile node
  • G2.3 The AAAH server MAY enforce explicit
    operational limitations and authorization
    restrictions on the HA
  • e.g. packet filters, QoS parameters
  • G2.4 The AAAH server MUST be able to send an
    authorization lifetime to the HA to limit Mobile
    IPv6 session duration for the MN
  • G2.5 The HA MUST be able to request to the AAAH
    server an extension of the authorization lifetime
    granted to the MN
  • G2.6 The AAAH server MUST be able to force the HA
    to terminate an active Mobile IPv6 session for
    authorization policy reasons
  • e.g. credit exhaustion

5
Goals (cont.)
  • G3.1 The AAA-HA interface must support the
    transfer of accounting records
  • time of binding cache entry creation and deletion
  • octets sent and received by the mobile node in
    Bi-directional Tunneling
  • G4.1 The AAA-HA interface MUST support
    pass-through EAP authentication with the HA
    working as EAP authenticator operating in
    pass-through mode and the AAAH server working as
    back-end authentication server
  • G5.1 The HA should be able to communicate to the
    AAAH server the Home Address allocated to the MN
  • e.g. for allowing the AAAH server to perform DNS
    update on behalf of the MN

6
Main issue scope of the draft
  • Currently the draft lists the requirements for
    AAA-HA interface
  • this is complete for split scenario
  • the integrated scenario implies some MIP6
    attributes exchange from AAA server to NAS
  • Should we broaden the scope of the draft to
    encompass all AAA requirements for MIPv6?
Write a Comment
User Comments (0)
About PowerShow.com