RE: [SPAM: Sexually Explicit] RE: RADIUS-Mobile IP support??: RAD EXT WG Charter

["Kuntal Chowdhury" <chowdury@nortelnetworks.com>]

I will not loose my peach of mind if people want to spend time on
MIP4-RADIUS work. However, I don't see the need for it. 

If it is so important, then a generic (dynamic) key distribution mechanism
with RADIUS may be of some interest to me.

-Kuntal

>-----Original Message-----
>From: Nakhjiri Madjid-MNAKHJI1 [mailto:Madjid.Nakhjiri@motorola.com] 
>Sent: Thursday, May 20, 2004 9:47 AM
>To: 'Charles E. Perkins'; Chowdhury, Kuntal [RICH1:2H18:EXCH]
>Cc: Lila Madour (QA/EMC); Nakhjiri Madjid-MNAKHJI1; 
>radiusext@ops.ietf.org; Pete McCann; tom.hiller@lucent.com
>Subject: RE: [SPAM: Sexually Explicit] RE: RADIUS-Mobile IP 
>support??: RAD EXT WG Charter
>
>
>Hi Kuntal
>
>I agree what Charlie. The problems of RADIUS supporting Mobile 
>IP extensions and RADIUS hop by hop security are different. 
>Although solutions to both is required for some scenarios, 
>that is not always the case. Lets remember I am not asking 
>radext to solve all MIP security problems (if they exist). 
>If I had issues with security of MIP, I would go to MIP 
>mailing list, not this list. And for folks interested in those 
>issues, please lets meet over at MIP list! 
>I am saying MIPv4 and its key mgmt drafts as protocols being 
>standardized by IETF need support for RADIUS, which also is an 
>IETF protocol.  For folks that argue 3GPP2 has done it this 
>way or the other, I should say: 
>The interoperability problems for IETF protocols "Must" be 
>resolved in IETF, not in other SDOs. What would you tell IEEE 
>folks, or APCO folks? Please go to 3GPP32 for the second half 
>of the solution?
>
>IETF AAA community has acknowledged RADIUS problems and solved 
>many of those in Diameter, but Diameter has a small deployment 
>base, please show me a Diameter vendor that supports all IETF 
>specs and I may just go buy from them. 
>The problem is people are stuck with RADIUS for a while and if 
>you are using Mobile IP, problems needs to be solved.
>
>I can understand the group might be having a pressing charter, 
>but I don't buy the argument of "there is no need because 
>3GPP2 has done it since 2000". Technology grows!
>
>Regards,
>
>Madjid
>
>
>-----Original Message-----
>From: Charles E. Perkins [mailto:charliep@iprg.nokia.com]
>Sent: Wednesday, May 19, 2004 7:50 PM
>To: Kuntal Chowdhury
>Cc: Lila Madour (QA/EMC); Nakhjiri Madjid-MNAKHJI1; 
>radiusext@ops.ietf.org; Pete McCann; tom.hiller@lucent.com
>Subject: Re: [SPAM: Sexually Explicit] RE: RADIUS-Mobile IP 
>support??: RADEXT WG Charter
>
>
>Hello Kuntal,
>
>> Kuntal Chowdhury wrote:
>>
>>We cannot assume that the HA and the HAAA server SHALL always 
>be in the 
>>same administrative domain.
>>
>That means another solution is required for expanded 
>applicability. It doesn't mean that the offered solution is 
>inappropriate for its domain of applicability.
>
>> Moreover, for RADIUS, every proxy in the PATH will
>>see the MN-HA shared secret.
>>  
>>
>Well, since the secret didn't exist at all anyway until the 
>AAAH created it, I don't see the big deal here. If there is 
>some worry, then:
>(a) use a shorter lifetime and/or
>(b) use another key when moving to another domain
>
>>Again, this issue should be discussed with security area folks.
>>  
>>
>They've looked at it pretty close a few dozen
>times by now I reckon.
>
>Regards,
>Charlie P.
>

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>