<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: red; FONT-FAMILY: Arial">I have add and change some words. see "add" and "change"</span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: red; FONT-FAMILY: Arial"></span> </div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: red; FONT-FAMILY: Arial">Thanks </span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: red; FONT-FAMILY: Arial">Zhen</span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: red; FONT-FAMILY: Arial"></span> </div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: red; FONT-FAMILY: Arial">Thanks for reading our draft and providing valuable feedbacks.</span></div>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="FONT-FAMILY: Arial"> </span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="FONT-FAMILY: Arial">I've read the I-D draft-deng-mipshop-hmip-hhokey-00.txt. Here is my<br>feedback.<br><br>Overall, I'm not sure we are talking about the same problem space. For
<br>example, sending keys to AR does not appear relevant to me if we are talking<br>about HMIP security.</span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="FONT-FAMILY: Arial"> </span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: red; FONT-FAMILY: Arial"><font color="#000000">Yes, we are not talking about the same problem space. What we want to do is put some insight on the handover problem in the scenario of mip, since a new working group has been chartered in the security area, there should be some place to discuss the applicability of their mechanisms.
</font> <br></span><span lang="EN-US" style="FONT-FAMILY: Arial"><br>There are many "keys" being passed around. But there are not enough details<br>to know what those keys are used for, let alone the formula to compute the
<br>keys.<br><br>There appears to be dependency on yet-to-be-designed protocols.<br style="mso-special-character: line-break"><br style="mso-special-character: line-break"><span style="COLOR: red"></span></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: red; FONT-FAMILY: Arial"> </span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: red; FONT-FAMILY: Arial">Yes, we will add some details of our mechanism if the experts in this WG feel that the handover key is really a problem in mipshop.
</span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: red; FONT-FAMILY: Arial"> </span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: red; FONT-FAMILY: Arial">Add: <span style="mso-spacerun: yes"> </span>Yes, many keys are used in our draft without detailed definition because we assume the readers are familiar with the handover key ps draft (draft-nakhjiri-aaa-hokey-ps-03)
</span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="FONT-FAMILY: Arial"><br>See below for more details.<br><br><br style="mso-special-character: line-break"><br style="mso-special-character: line-break">
</span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="FONT-FAMILY: Arial"> </span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="FONT-FAMILY: Arial">The handover within one MAP is described in Figure 1. The MN was<br> originally authenticated to AR1 with a full EAP exchange. Then the
<br> AAA server pushes the corresponding key to the MAP.<br><br>What's that "corresponding key?" MAP is not on-path with the AAA signaling.<br>Therefore, there needs to be additional protocol design to accommodate such
<br>an operation. This has impact on RADIUS/Diameter.</span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="FONT-FAMILY: Arial"> </span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: red; FONT-FAMILY: Arial">Add: The corresponding key refers to the key delivered from the AAA to the MAP (ADMSK in draft-nakhjiri-aaa-hokey-ps-03).
</span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: red; FONT-FAMILY: Arial"> </span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: red; FONT-FAMILY: Arial">We put some considerations in section 4. When the MAP is off-path with respect to EAP signaling, there needs to be additional protocol.
</span><span lang="EN-US" style="FONT-FAMILY: Arial"><br><br><br> According to its<br> configuration, the MAP pushes the keys to the ARs within its<br> administrative domain.<br><br>What are those keys? What are they used for? In the context of "HMIP6" where
<br>MAP is not on the AR, why do we need to deal with any keys going to the ARs?<br style="mso-special-character: line-break"><br style="mso-special-character: line-break"></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: red; FONT-FAMILY: Arial">Change: The MAP pushes the master keys (LSAP_MK) for the ARs, so that the MN can authenticate to the AR when it moves to the target AR.
</span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="FONT-FAMILY: Arial"><br> When the MN attaches to another AR (e.g. AR2<br> in Figure 1), the MN and AR2 assert their knowledge of the<br> corresponding LSAP_MK by exchanges of the Secure Association Protocol
<br> (SAP), after which they arrive at the consensus of the LSK.<br><br>What's LSAP_MK, LSK? Are they really relevant to "HMIP6 security?"</span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="FONT-FAMILY: Arial"><font color="#000000"> </font></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="COLOR: red; FONT-FAMILY: Arial"><font color="#000000">They are terminologies in the handover key hierarchy (draft-nakhjiri-aaa-hokey-ps-03). LSAP_MK is short for Link Secure Associate Protocol Master Key, and LSK is short for Link Session Key. They are used to authenticate the MN to the AR in a security association protocol. Actually they are not relevant to HMIPv6 security now, but may be in the future.
</font> </span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="FONT-FAMILY: Arial"> </span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-US" style="FONT-FAMILY: Arial"><br>So, this scheme relies on Ho* messages. Where are they defined?<br><span style="COLOR: red">we will define them in the later version of this draft.
</span><br><br><br>Alper</span></p>