Certificate-Based roaming

Document Type Expired Internet-Draft (roamops WG)
Author Bernard Aboba 
Last updated 1999-04-01
Stream Internet Engineering Task Force (IETF)
Intended RFC status (None)
Expired & archived
plain text pdf htmlized bibtex
Stream WG state WG Document
Document shepherd No shepherd assigned
IESG IESG state Expired
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


To date, roaming implementations have been based on the concept of proxy chaining, where packets are routed between the NAS and home server through a series of proxies. While commonly used, proxy chaining introduces difficult security problems that have prevented its implementation on a wide scale. This document describes a new approach to roaming based on certificates that eliminates the need for proxy chaining. As described, this approach provides improved security as well as scalability.


Bernard Aboba (Bernard_Aboba@hotmail.com)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)