The Handover Keying (HOKEY) Working Group seeks to minimize handover
delay due to authentication when a peer moves from one point of
attachment to another. Work has been progressed on two different
approaches to reduce handover delay: early authentication (so that
authentication does not need to be performed during handover), and
reuse of cryptographic material generated during an initial
authentication to save time during re-authentication. A starting
assumption is that the mobile host or "peer" is initially
authenticated using the Extensible Authentication Protocol (EAP),
executed between the peer and an EAP server as defined in RFC 3748.
This document specifies the HOKEY architecture. Specifically, it
describes design objectives, the functional environment within which
handover keying operates, the functions to be performed by the HOKEY
architecture itself, and the assignment of those functions to
architectural components. It goes on to illustrate the operation of
the architecture within various deployment scenarios that are
described more fully in other documents produced by the HOKEY Working
Working Group Summary
The document is a product of the Hokey working group. The document has
working group consensus.
The document provides the guideline for implementors to use different functions, components and protocol
summarized in this document to adapt to different usage scenarios
and situations and is therefore not subject to implementation.
Also this document has gotten sufficient review from people with both
OPS and Security background. The quality of the document is good.
Tina Tsou is the document shepherd
Stephen Farrell is the responsible AD.