During the last 3GPP SA3 meeting, such requirement about HNB has also been approved as well.
thanks -Hui 2009/12/1 Yoav Nir <y...@checkpoint.com>: > There were several motivations listed for childless IKE SAs. > - remote access, where you create an IKE SA when the user wants to connect, > and only create child SAs in response to traffic > - authentication only over a physically secure network (not necessarily EAP, > but I think this is the use case you referred to) > - Location awareness (as in the SecureBeacon draft) > - Some "weird" uses such as liveness checks without IPsec, NAT detection, > etc. > > > On Dec 1, 2009, at 2:29 PM, Alper Yegin wrote: > >> One of the (or main?) motivations of this proposal is to turn IKEv2 into >> "EAP-based network access authentication protocol". RFC 5191 is designed >> for that purpose, and I'm not sure if we need to twist a protocol for the >> same purpose. >> >> >> >>> -----Original Message----- >>> From: ipsec-boun...@ietf.org [mailto:ipsec-boun...@ietf.org] On Behalf >>> Of Yaron Sheffer >>> Sent: Sunday, November 29, 2009 7:21 PM >>> To: ipsec@ietf.org >>> Subject: [IPsec] Proposed work item: Childless IKE SA >>> >>> This draft proposes an IKEv2 extension to allow the setup of an IKE SA >>> with no Child SA, a situation which is currently disallowed by the >>> protocol. >>> >>> Proposed starting point: http://tools.ietf.org/id/draft-nir-ipsecme- >>> childless-01.txt. >>> >>> Please reply to the list: >>> >>> - If this proposal is accepted as a WG work item, are you committing to >>> review multiple versions of the draft? >>> - Are you willing to contribute text to the draft? >>> - Would you like to co-author it? >>> >>> Please also reply to the list if: >>> >>> - You believe this is NOT a reasonable activity for the WG to spend >>> time on. >>> >>> If this is the case, please explain your position. Do not explore the >>> fine technical details (which will change anyway, once the WG gets hold >>> of the draft); instead explain why this is uninteresting for the WG or >>> for the industry at large. Also, please mark the title clearly (e.g. >>> "DES40-export in IPsec - NO!"). >>> _______________________________________________ >>> IPsec mailing list >>> IPsec@ietf.org >>> https://www.ietf.org/mailman/listinfo/ipsec >> >> _______________________________________________ >> IPsec mailing list >> IPsec@ietf.org >> https://www.ietf.org/mailman/listinfo/ipsec >> >> Scanned by Check Point Total Security Gateway. > > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec > _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec