Handover Keying (HOKEY) Architecture Design

Document Type Replaced Internet-Draft (individual)
Last updated 2010-11-29 (latest revision 2010-07-12)
Replaced by draft-ietf-hokey-arch-design
Stream (None)
Intended RFC status (None)
Expired & archived
plain text pdf html
Stream Stream state (No stream defined)
Document shepherd No shepherd assigned
IESG IESG state Replaced by draft-ietf-hokey-arch-design
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


The Handover Keying (HOKEY) Working Group seeks to minimize handover delay due to authentication when a peer moves from one point of attachment to another. Work has progressed on two different approaches to reduce handover delay: early authentication (so that authentication does not need to be performed during handover), and reuse of cryptographic material generated during an initial authentication to save time during re-authentication. A starting assumption is that the mobile host or "peer" is initially authenticated using the Extensible Authentication Protocol (EAP), executed between the peer and an EAP server as defined in RFC 3748. This document documents the HOKEY architecture. Specifically, it describes design objectives, the functional environment within which handover keying operates, the functions to be performed by the HOKEY architecture itself, and the assignment of those functions to architectural components. It goes on to illustrate the operation of the architecture within various deployment scenarios that are described more fully in other documents produced by the HOKEY Working Group.


Katrin Hoeper (khoeper@motorola.com)
Sebastien Decugis (sdecugis@nict.go.jp)
Glen Zorn (gwz@net-zen.net)
Wenson Wu (sunseawq@huawei.com)
Tom Taylor (tom.taylor.stds@gmail.com)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)