MPA using IKEv2 and MOBIKE
draft-yacine-preauth-ipsec-01
| Document | Type |
Expired Internet-Draft
(individual)
Expired & archived
|
|
|---|---|---|---|
| Author | Yacine El Mghazli | ||
| Last updated | 2006-06-23 | ||
| RFC stream | (None) | ||
| Intended RFC status | (None) | ||
| Formats | |||
| Stream | Stream state | (No stream defined) | |
| Consensus boilerplate | Unknown | ||
| RFC Editor Note | (None) | ||
| IESG | IESG state | Expired | |
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
This document describes how to achieve media-independent pre- authentication (MPA) in the context of network accesses protected by IPsec. In such environments, access is protected by an IPsec tunnel mode security association (SA) established between a client of the network and an access gateway. This SA normally needs to be established by running an IKE exchange between the two SA endpoints. The duration of this IKE exchange make it impractical to use when the node is mobile and frequently change either its location or its access gateway during a handover. In most case it is expected that real time traffic will be impacted by the handover. This note describes a method that alleviate this issue by leveraging on the IKEv2 Mobility and Multihoming Protocol (MOBIKE). The described method supresses the need to run a full IKE exchange after each handover, thereby greatly reducing the impacts of handovers on real- time traffic.
Authors
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)