Re: [MEXT] [!! SPAM] Re: Well-known problem with authentication/etc. in wireless networks

["Charles E. Perkins" <charliep@computer.org>]

Hello Hesham,

On 8/27/2011 2:40 AM, Hesham Soliman wrote:

> First, access authentication and HA auth are two
> completely different issues for different purposes.

That is highly debatable, and I certainly disagree that
they are required to be completely separate.  Moreover,
the authentication often relies on access to the same
authentication server.  Doesn't sound completely separate
to me!  Why is it good to enforce multiple round trips
to bottleneck systems just to ask the same question
multiple times?  Actually, I know the answer:
"That's just how it's done".  Do you _really_ think
that ought to be good enough?

I think these serialized authentications are a major
impediment to good performance, and that proper design
would maintain robust security while enabling much
better performance.  And, to reiterate, I strongly
disagree that tunnel redirection is fundamentally
required to be separated from establishing access
to the wireless media.

Do you agree that we should give up on single-radio?

What about multi-radio devices with N interfaces?
Should we just run all the network interfaces?
Sounds bad to me.

>                   Second, I don't think MIPv6 is not deployed
> because it adds a one-off SA setup with the HA.

The above authentications are not "one-off".  They happen
at every new WiFi network, or more generally at every new
point of attachment to a different radio access technology.
I'm fine with setting up a SA with the home agent, but that's
not the problem.

> I wish that was the reason.

Well, in your opinion what _is_ the reason?

Regards,
Charlie P.