Re: does mobike support end-to-end use of tunnel mode?

 In your previous mail you wrote:

   > Well... if you have host-to-host tunnel mode IPsec working in a 
   > secure manner, MOBIKE could work as well. But this situation 
   > is pretty rare.

   Clarifying question: for this case are you assuming that the inner and 
   outer IP addresses for the tunnel must be different?

=> they may be different only. To use the two-space system terms,
the inner address is an identifier and the outer is a locator.
MOBIKE can only change the outer address because the inner one is
a traffic selector. BTW MOBIKE can be extended to transport mode
when handoffs don't imply a traffic selector change (I know at least
two common cases of this).
To come back to authorization: IPsec assumes an authorization about
the content of traffic selectors, so about inner addresses. It is
used in the MIPv6/NEMO context.

Regards

Francis.Dupont <at> point6.net

PS: I'll see further messages of this thread.