Mobile IP background data

[Ran Atkinson <rja@cisco.com>]

	I was one of several people directly involved with the addition
of cryptographic authentication to the Mobile IP specification.  So
perhaps I can provide some additional background context and perspective.
 
Historical Background:
        The reason that Mobile IP talks concretely about the Mobile Node
(MN) to Home Agent (HA) control messages being authenticated is that it
is _entirely_ practical to preconfigure the Mobile-IP SA before the MN
goes mobile.

        The reason that the other Mobile IP control messages are indicated
as items that might be authenticated is that it was much less clear that
preconfiguring a Mobile-IP SA with the Foreign Agent (FA) would be
practical for either the MN or the HA.

        During the time period when this authentication mechanism was
added to Mobile IP, there was active discussion of future use of
an application-layer authenticated D-H exchange protocol to establish
the Mobile-IP SAs to/from the FA.  At that time, this technical approach
was generally believed to be reasonable and feasible to deploy and use.

Commentary:
	I believe that most folks still believe that it is reasonable and
feasible to deploy and use such a technology approach for establishing and
maintaining Mobile-IP SAs, in part because most folks seem to believe that
Mobile-IP sessions in the near term are not likely to have extremely short
IP-layer location lifetimes.

        In many cases that I'm familiar with, mobility support can be provided
at the link-layer or through a combination of link-layer and Mobile-IP
mechanisms.  The use of link-layer mechanisms (e.g.  cellular telephones,
CDPD, PCS, Iridium, INMARSAT) can significantly increase the lifetime of a
location as perceived by the IP-layer.

Ran
rja@cisco.com


--