[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
FW: Possible preauth BOF Request
For your possible comment.
Pls mote that Margaret wants this to be known:
Please make it clear that we understand that this overlaps with
other work that has been proposed in the IETF, and that there will be
some discussions about what to do about that.
From: email@example.com [mailto:firstname.lastname@example.org]On Behalf Of
Sent: Sunday, January 29, 2006 07:56
To: email@example.com; firstname.lastname@example.org
Subject: Heads Up: Possible preauth BOF Request
The INT area is expecting to receive a BOF request to consider the
preauth work that was started in the PANA WG (see below).
The following is the work description of preauth. Alper Yegin and I
are thinking of having a BoF in the next IETF meeting on this subject.
The problem statement and architecture work was initially presented in
MOBOPTS RG in the previous three IETF meetings, but after discussion
with several people, I feeled that this kind of work is not a long
term research item any more but can be a standardization item.
Your comments are very much appreciated.
Pre-authentication and Heterogeneous Handover (preauth)
There has been no solution for seamlessly performing handover across
heterogeneous networks which may belong to different administrative
domains and/or may support different link-layer technologies. For
example, IEEE 802.16e deals with mobility, but it does not support
seamless handover across different operators. 3GPP2 is currently
defining a new mode of operation in which PPP encapsulation is not
used for carrying IP datagrams. It would be preferable if the new
mode is designed to support seamless handover across different
operators. In the IETF, there are several IP mobility optimization
protocols defined including FMIPv6 and HMIPv6, and possibly NETLMM,
however, overall handover performance including authentication and
authorization delay has not been considered. In fact, authentication
and authorization can be the most time consuming procedure especially
for heterogeneous handover in which authorization by a central
authority such as a AAA server would be required.
The purpose of this work is to improve the overall performance of
heterogeneous handover by allowing authentication and authorization
required for a target network to be performed prior to handover. Note
that IEEE 802.11i defines pre-authentication at link-layer, but it is
not applicable to inter-subnet handover.
- Developing problem statement and an architecture that are centered
around pre-authentication for seamlessly performing heterogeneous
handovers including inter-domain and/or inter-technology handovers.
The architecture may discuss, in addition to pre-authentication,
optimization technologies related to pre-authentication. The
architecture also addresses AAA related issues for pre-authentication,
including the issues of distinguishing
pre-authentication/pre-authorization sessions from normal
- Developing a light-weight pre-authentication protocol that does not
carry EAP itself but takes advantage of EMSK created as a result of
EAP-based network access authentication.
- Defining mechanisms for bootstrapping security from
pre-authentication for several mobility optimization protocols such as
FMIPv6. Specifically, key derivation mechanisms and algorithms for
the mobility optimization protocols will be defined. The scope also
includes bootstrapping link-layer security mechanisms from
PANA WG: PANA defines EAP transport over UDP (draft-ietf-pana-pana)
and a pre-authentication extension which is EAP-based
(draft-ietf-pana-preauth). The non-EAP based light-weight
pre-authentication protocol mentioned above may or may not re-use
PANA. There may be some overlapping scope between PANA and preauth in
terms of protocol work, but the entire scope of preauth may not be
fully covered by the work of PANA.
MOBOPTS RG: MOBOPTS does not define a protocol and it deals with many
different research issues in parallel, and a separate group might be
suitable if the industry thinks that the work needs to be done in a
short time range.
MIPSHOP WG: MIPSHOP is centered around mobility optimization for
Mobile IPv6, but it does do not deal with seamlessly performing
heterogeneous handover. Instead, pre-authentication related work
should be applicable to any mobility optimization mechanism. Also, a
new mobility optimization mechanism other than FMIPv6 and HMIPv6 may
be needed for seamless heterogeneous handover.