Sign in
Version 5.12.0, 2015-02-26
Report a bug

IKEv2 Configuration Payload Extension for Notarizing Femtocell in Mobile Core Network

Document type: Expired Internet-Draft (individual)
Document stream: No stream defined
Last updated: 2012-07-30 (latest revision 2012-01-18)
Intended RFC status: Unknown
Other versions: (expired, archived): plain text, pdf, html

Stream State:No stream defined
Document shepherd: No shepherd assigned

IESG State: Expired
Responsible AD: (None)
Send notices to: No addresses provided

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found here:


IPSec IKEv2, RFC 5996 [RFC5996], has been adopted by many standardized network solutions to provide the secure transport between network elements over third party's infrastructure. Today Femtocell deployment requires the mobile operator's Femtocell AP (FAP) to leverage the IPSec IKEv2 to support mutual authentication and data protection between the insecure Femtocell, which typically deployed in customer's premise, and its corresponding mobile core network. A known security threat exists in Femto architecture for failing to validate the FAP's identity and information provided by FAP at the mobile operator's core network. This document reviews this security threat and proposes a simple extension of the IKEv2 to resolve the issue.


Zaifeng Zong <>

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid)