RE: [Mip6] comments on draft-le-aaa-mipv6-requirements-03.txt

Hi Jari and Franck,

> 
> Technically, this is not exactly the case. There is no reason 
> why you'd
> have to bind network access and mobility service together. In fact,
> doing so may limit the deployment of mobility to only those locations
> which offer a sufficiently updated network service, AAA 
> infrastructure,
> and are willing to provide this service.
> 
> Don't get me wrong -- I think AAA support for MIPv6 would be a good
> thing. Just that I think the stated reason is not as you write above.
> I believe the reason has more to do with the ease at which you can
> enroll yourself to a "Mobile IPv6" service. Here AAA can help, in
> different ways, not all necessarily binding access and mobility to
> each other.
> 

This is exactly what I would say in my previous post (maybe I have been less clear). 	
I think that network access authorization and "Mobile IPv6 service" authorization should not be bound together; indeed I think it is desirable to authorize the use of "Mobile IPv6" service separately from the network access authorization.

>
> To give you a practical example, the use of EAP authentication is
> currently popular in many planned networks and protocols, such as
> 802.11 or PANA. Now, if you mobile node is doing EAP FOO 
> authentication
> to get access, would we really need anything else than a way to
> do EAP FOO with your home agent as well? Both the access network
> and the home agent could then, independently, contact the user's
> authentication server using AAA protocols such as RADIUS or Diameter.

I think this could be a very good approach... 

> >    The Diameter Mobile IPv6 Application is a new 
> application extension
> 
> Does this mean that a network which currently offers e.g. 802.11i +
> RADIUS + IPv6 would be unable to support Mobile IPv6 until the network
> has been upgraded to use Diameter? I would really like to promote
> Diameter usage, but realistically, I think we need assume 
> that existing
> AAA networks are used too, and we should try to place as little new
> requirements on them as possible.
> 
> For instance, is there a way where we could accommodate MIPv6 AAA
> requirements without requiring more than RADIUS EAP or Diameter EAP
> support at the AAA infrastructure? Or can we make some parts of the
> AAA exchange optional, so that you get *some* functionality even
> if you just do basic 802.1X + RADIUS.
>

Well, I know we are talking about requirements and not about solutions, but we have proposed (see http://www.ietf.org/internet-drafts/draft-giaretta-mip6-authorization-eap-00.txt) a way to authorize and configure Mobile IPv6 based on EAP. MIPv6 information are carried by EAP-TLV and for this reason the solution requires only RADIUS EAP or Diameter EAP. Only AAAH - HA communication needs a new Diameter Application. Moreover, also this new application could be avoided if, as you said, we have a way to do EAP between MN and HA.

Regards,

--Gerardo

====================================================================
CONFIDENTIALITY NOTICE
This message and its attachments are addressed solely to the persons
above and may contain confidential information. If you have received
the message in error, be informed that any use of the content hereof
is prohibited. Please return it immediately to the sender and delete
the message. Should you have any questions, please contact us by
replying to MailAdmin@tilab.com. Thank you
====================================================================

_______________________________________________
Mip6 mailing list
Mip6@ietf.org
https://www.ietf.org/mailman/listinfo/mip6