{"draft":"draft-ietf-mipshop-handover-key-03","doc_id":"RFC5269","title":"Distributing a Symmetric Fast Mobile IPv6 (FMIPv6) Handover Key Using SEcure Neighbor Discovery (SEND)","authors":["J. Kempf","R. Koodli"],"format":["ASCII","HTML"],"page_count":"14","pub_status":"PROPOSED STANDARD","status":"PROPOSED STANDARD","source":"Mobility for IP: Performance, Signaling and Handoff Optimization","abstract":"Fast Mobile IPv6 requires that a Fast Binding Update is secured\r\nusing a security association shared between an Access Router and a\r\nMobile Node in order to avoid certain attacks.  In this document, a\r\nmethod for provisioning a shared key from the Access Router to the\r\nMobile Node is defined to protect this signaling.  The Mobile Node\r\ngenerates a public\/private key pair using the same public key\r\nalgorithm as for SEND (RFC 3971).  The Mobile Node sends the public\r\nkey to the Access Router.  The Access Router encrypts a shared\r\nhandover key using the public key and sends it back to the Mobile\r\nNode.  The Mobile Node decrypts the shared handover key using the\r\nmatching private key, and the handover key is then available for\r\ngenerating an authenticator on a Fast Binding Update.  The Mobile\r\nNode and Access Router use the Router Solicitation for Proxy\r\nAdvertisement and Proxy Router Advertisement from Fast Mobile IPv6\r\nfor the key exchange.  The key exchange messages are required to\r\nhave SEND security; that is, the source address is a\r\nCryptographically Generated Address (CGA) and the messages are signed\r\nusing the CGA private key of the sending node.  This allows the\r\nAccess Router, prior to providing the shared handover key, to\r\nverify the authorization of the Mobile Node to claim the address\r\nso that the previous care-of CGA in the Fast Binding Update can\r\nact as the name of the key.  [STANDARDS-TRACK]","pub_date":"June 2008","keywords":["[--------]","fast binding update"],"obsoletes":[],"obsoleted_by":[],"updates":[],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC5269","errata_url":null}