Hi This is about my presentation from the IPsecME meeting today (which for some reason is not on the website)
Anyways, RFC 5266 mentions that "RFC 4306 must be updated to carry ERP messages". This caused some controversy a year ago, but regardless, I did think of a use case, so I partnered with Qin Wu and wrote the draft. The use case is being able to seamlessly move between two networks were network access is granted or denied based on EAP. Examples are 802.1x and IKEv2. IEEE has already revised 802.1x so that moving between two 802.1x access points can use ERP to be seamless, but IKEv2 has not. a mobile device could use 802.1x within the corporate network and move to IPsec as soon as it leaves the building. MCR has called this the "Elvis" use case, but it actually should work seamlessly in the other direction, when the mobile node enters the building, detects the 802.1x network, establishes an association, and deletes the no-longer-needed IKE and child SAs. My first priority is for this to become a WG item. It probably needs some work, and there is an open question about whether there is any use case for multiple AAA domains. If not, I'm also fine with taking this directly to Sean. Yoav _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
