Re: [MEXT] Well-known problem with authentication/etc. in wirelessnetworks

Hello Alper,

Here is a diagram that might help.

AS == Authentication server  (AAA server)
AR == AAA relay
EA == EAP authenticator
UE == User Equipment == mobile node
                      == access terminal == ...

Then,

UE --- EA --- AS         is a schematic diagram for 802.1x

We can have AAA relays:

UE --- EA --- AR --- AS

I can't think of any reason not to allow
HA as AR in this protocol exchange.  And
then as part of the protocol operation the
home agent should be very simply able to
update its binding cache.

But this is just one example, using 802.1x.
Of course others are possible and important
in various circumstances.  Why aren't we
there in all of those circumstances?

In the above diagram, we might also design EAP
signaling for mutual authentication in a single
round trip.  Why not?  If EAP is the magic
incantation that makes operators comfortable,
why not use it?

Regards,
Charlie P.

On 8/25/2011 1:48 AM, Alper Yegin wrote:
> Hi Charlie,
>
> On Aug 24, 2011, at 10:06 PM, Charles E. Perkins wrote:
>
>> If the Home Agent were recognized as a robust security
>> appliance, then it could naturally sit on the network
>> boundary as an IP-addressable device. Mobile IP
>> authentication could become the primary means of
>> validating user access, instead of an afterthought
>> to enable IP-address preservation after all the heavy
>> lifting has been done a lower levels.
>
> Do you mean using Mobile IP protocol for (local area) network access
> authentication? Or, something else?
>
> Alper
>
>
>
>
> _______________________________________________
> MEXT mailing list
> MEXT@ietf.org
> https://www.ietf.org/mailman/listinfo/mext