Distributing a Symmetric FMIPv6 Handover Key using SEND

Document Type Replaced Internet-Draft (individual)
Authors James Kempf  , Rajeev Koodli 
Last updated 2008-03-03 (latest revision 2006-05-30)
Replaced by RFC 5269
Stream (None)
Intended RFC status (None)
Expired & archived
pdf htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Replaced by draft-ietf-mipshop-handover-key
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


Fast Mobile IPv6 requires that a Fast Binding Update is secured using a security association shared between an Access Router and a Mobile Node in order to avoid certain attacks. In this document, a method for distributing a shared key to secure this signaling is defined. The method utilizes the RSA public key that the Mobile Node used to generate its Cryptographically Generated Address in SEND. The RSA public key is used to encrypt a shared key sent from the Access Router to the Mobile Node prior to handover. The ability of the Mobile Node to decrypt the shared key verifies its possession of the private key corresponding to the CGA public key used to generate the address. This allows the Mobile Node to use the shared key to sign and authorize the routing changes triggered by the Fast Binding Update.


James Kempf (kempf@docomolabs-usa.com)
Rajeev Koodli (Rajeev.Koodli@gmail.com)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)