IKEv2 Mobility and Multihoming BOF (mobike)
Tuesday, November 11 at 1700-1800
=================================
CHAIRS: Jari Arkko <
[email protected]>
Tero Kivinen <
[email protected]>
AGENDA:
Agenda Bashing 5 min
Introduction to the topic 10 min
Proposals
- Explicit address update 10 min
- Multihoming support 10 min
Discussion 25 min
DESCRIPTION:
There has been some interest in the IPsec working group to add
features to IKEv2 to support mobility, and multihoming. The IPsec
working group decided that those issues are not included as part of
the current IKEv2 core protocol, but instead they are handled in
separate documents and/or working group.
The mobility features are need to support Mobile IP efficiently, and
are also used in the cases where devices perform roaming (move around
and the IP address changes), and they do want to keep the existing IKE
and IPsec SAs in place even when the IP address changes without full
rekeying.
The features needed include way to update the IKEv2 SA and IPsec SA
endpoint addresses without need of the rekeying the SAs, and also
authenticating those changes (return routability or similar).
Another feature needed is to support multihoming and support having
multiple IP addresses tied to one IKEv2 SA and IPsec SA. This support
is needed by routers having multiple interfaces, when using SCTP, and
in cases where for example mobile device might have multiple different
connections to the internet (i.e for example WLAN and GPRS). Some way
to authenticate those multiple IP address is also needed.
The MOBIKE working groups goal is to produce one or two standard track
documents extending IKEv2 protocol to support those features.
--
[email protected]
SSH Communications Security
http://www.ssh.fi/
SSH IPSEC Toolkit
http://www.ssh.fi/ipsec/
