[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

kickstart and SSPP



Hi,

First one question for the public and then a few for the authors
of kickstart draft.

General question first, why did RADIUS madated the use
of source IP address from the UDP packet as a way of shared
secret look up in the first place. Can't that requirement
be changed, seems like a solution of comparable complexity, no?
This proposal is creating new messages (access boot, access booted)
already (if I understand it correctly) and that is a comparable
change...

Second, why SSPP and not IKE, I am not a cryptographer, but from
what I can see there are several round trips involved here and 
then SSPP throws the confusing SSPP client=RADIUS server... thing
in there and there are plenty of computations.
Also I know I need to read the SSPP and kickstart drafts one more 
time to understand the issues, but according to the author it does not
prevent the case there can be wireless and unprotected route between
client and server, doesn't IKE provision for this?

It seems like there was a BoF in Minneapolis on IKEv2 for Mobile IP
seems like that work would be more generic.

I am sorry if I am blunt, I just heard my 11-month old daughter has
started walking so I am rushing home to see it:)

Thanks and Regards,

Madjid

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>