IKEv2 Mobility and Multihoming BOF (mobike) Tuesday, November 11 at 1700-1800 ================================= CHAIRS: Jari Arkko Tero Kivinen AGENDA: Agenda Bashing 5 min Introduction to the topic 10 min Proposals - Explicit address update 10 min - Multihoming support 10 min Discussion 25 min DESCRIPTION: There has been some interest in the IPsec working group to add features to IKEv2 to support mobility, and multihoming. The IPsec working group decided that those issues are not included as part of the current IKEv2 core protocol, but instead they are handled in separate documents and/or working group. The mobility features are need to support Mobile IP efficiently, and are also used in the cases where devices perform roaming (move around and the IP address changes), and they do want to keep the existing IKE and IPsec SAs in place even when the IP address changes without full rekeying. The features needed include way to update the IKEv2 SA and IPsec SA endpoint addresses without need of the rekeying the SAs, and also authenticating those changes (return routability or similar). Another feature needed is to support multihoming and support having multiple IP addresses tied to one IKEv2 SA and IPsec SA. This support is needed by routers having multiple interfaces, when using SCTP, and in cases where for example mobile device might have multiple different connections to the internet (i.e for example WLAN and GPRS). Some way to authenticate those multiple IP address is also needed. The MOBIKE working groups goal is to produce one or two standard track documents extending IKEv2 protocol to support those features. -- kivinen@ssh.fi SSH Communications Security http://www.ssh.fi/ SSH IPSEC Toolkit http://www.ssh.fi/ipsec/