[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Authentication Mechanism Matrix (was L2TP vs IPSEC)

To: Jan Vilhuber <vilhuber@xxxxxxxxx>
Subject: Re: Authentication Mechanism Matrix (was L2TP vs IPSEC)
From: "Bernard D. Aboba" <aboba@xxxxxxxxxxxxx>
Date: Thu, 22 Jun 2000 00:36:19 -0800 (GMT-0800)
Cc: Ben McCann <bmccann@xxxxxxxxxxxxxx>, "CHINNA N.R. PELLACURU" <pcn@xxxxxxxxx>, Hugo Krawczyk <hugo@xxxxxxxxxxxxxxxxx>, "'IPSRA list'" <ietf-ipsra@xxxxxxxx>
In-reply-to: <>
List-archive: <http://www.vpnc.org/ietf-ipsra/mail-archive/>
List-id: <ietf-ipsra.vpnc.org>
List-unsubscribe: <mailto:ietf-ipsra-request@vpnc.org?body=unsubscribe>
Sender: owner-ietf-ipsra@xxxxxxxxxxxxx

> That part you're right about, although I've heard rumblings in the AAA group
> for distributing keys in some fashion already. I was more than surprised when
> I heard this, and asked someone: "So what are you planning on using to
> distribute these keys?" I know radius won't do it. The radius group would
> have a cow. Maybe diameter. Maybe a new protocol, I was told.

Actually, all that the AAA WG signed up for was to provide end-to-end
security for attributes, so that it would be possible for them to pass 
through untrusted proxies while remaining confidential, or avoiding 
tampering. The exact nature or determination of those attributes (which 
could be anything, including keys) is outside the scope of AAA, but 
presumably  relevant to the services that will utilize it (such as Mobile IP 
or IPSRA). Thus, key management is not within the scope of the AAA
protocol.

References:
- Re: Authentication Mechanism Matrix (was L2TP vs IPSEC)
  - From: Jan Vilhuber

Prev by Date: RE: Authentication Mechanism Matrix (was L2TP vs IPSEC)
Next by Date: Raising the level ... was RE: Authentication Mechanism Matrix
Previous by thread: Re: Authentication Mechanism Matrix (was L2TP vs IPSEC)
Next by thread: RE: Authentication Mechanism Matrix (was L2TP vs IPSEC)
Index(es):
- Date
- Thread