Thread Links Date Links
Thread Prev Thread Next Thread Index Date Prev Date Next Date Index

RE: [802.21] Security SG: Scope issues



Hi Yoshi, sorry for the delayed response. It's been a very busy Christmas weekend.

What I mean is that the MIH service should be able to trigger pre-authentication for network access at both layer 2 and layer 3. The whole point of pre-authentication is for seamless roaming, and it would not be seamless if the user/device still needs to do full authentication at one of the layers. 

Regards,
Ron


> -----Original Message-----
> From: Yoshihiro Ohba [mailto:yohba@tari.toshiba.com]
> Sent: Friday, December 14, 2007 3:43 PM
> To: Pon, Ron (CAR:0S03)
> Cc: STDS-802-21@LISTSERV.IEEE.ORG
> Subject: Re: [802.21] Security SG: Scope issues
> 
> Hi Ron,
> 
> Can you elaborate on the concept of "an integrated or common
> pre-authentication mechanism for both layer 2 and layer 3 network
> access"?
> 
> Yoshihiro Ohba
> 
> On Fri, Dec 14, 2007 at 03:19:16PM -0500, Ron Pon wrote:
> > Pre-authentication does not have much value if it can not provide full
> network access. 802.16 and most cellular networks use Mobile IP for layer
> 3 mobility. An integrated or common pre-authentication mechanism for both
> layer 2 and layer 3 network access is required for seamless roaming.
> >
> > Regards,
> > Ron
> >
> > > -----Original Message-----
> > > From: Yoshihiro Ohba [mailto:yohba@TARI.TOSHIBA.COM]
> > > Sent: Wednesday, December 12, 2007 1:43 PM
> > > To: STDS-802-21@LISTSERV.IEEE.ORG
> > > Subject: Re: [802.21] Security SG: Scope issues
> > >
> > > On Wed, Dec 12, 2007 at 11:55:41AM -0500, Ron Pon wrote:
> > > > I have a related scope question. Does the definition of "Handover"
> here
> > > restricted to layer 2 mobility or does it also include layer 3? Do we
> need
> > > to consider Mobile IP or IPsec gateways?
> > >
> > > It's related to optimizing signaling for network access authentication
> > > required for handover to a target technology.  IMO, security signaling
> > > optimization for Mobile IP or IPsec gateways should be out of scope
> > > (if needed, it should be done in IETF).
> > >
> > > Regards,
> > > Yoshihiro Ohba
> >
> >