[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: question on IKE between HA & FA in 3GPP standard...
Steve,
Our implementation currently supports signatures.
But this standard for Mobile IP requires that the IKE between
the Home Agent & Foreign agent use "revised public key encryption" scheme
when public key authentication is used.
I want to know if anybody else has read this standard and if my
understanding
of the text is correct.
Suresh
# -----Original Message-----
# From: Stephen Kent [mailto:kent@bbn.com]
# Sent: Thursday, December 05, 2002 11:13 AM
# To: Suresh Iyer
# Cc: ipsec@lists.tislabs.com
# Subject: Re: question on IKE between HA & FA in 3GPP standard...
#
#
# At 10:29 AM -0500 12/5/02, Suresh Iyer wrote:
# >Hi,
# > I am trying to identify the requirements for IKE between Foreign
# >Agent & Home Agent.
# >In the Annex A to the 3GPP2 Wireless IP network standard,
# 3GPP2 P.S0001-B,
# >it is specified that
# >aggressive mode be used with preshared keys and main mode
# be used with
# >Certificate authentication.
# >
# >It also specifies that "Signature payload" will not be sent
# by PDSN (FA) and
# >HA.
# >
# >Does this mean that the certificate authentication is to be
# done with
# >"public key encryption" and not "signatures"?
# >
#
# I'm not familiar with the 3GPP2 spec you cite above, bit in
# general I
# advise against using the encryption (vs. signature) option
# in IKE v1.
# Note that in IKE v2 we have cleanly separated the key generation and
# authentication features of the protocol, using public keys
# from certs
# only for signatures. I also think that in practice IKE v1
# implementation usually opt for the signature (vs. encryption)
# approach to authentication when public keys are employed.
#
# Steve
#