[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 64-bit identifiers

To: Francis Dupont <Francis.Dupont@enst-bretagne.fr>
Subject: Re: 64-bit identifiers
From: Shane Kerr <shane@ripe.net>
Date: Wed, 15 Aug 2001 17:32:30 +0200
Cc: multi6@ops.ietf.org
User-Agent: Mutt/1.2.5i

On 2001-08-15 17:17:38 +0200, Francis Dupont wrote:
>    
> => low overhead (i.e. BAKE, SUCV) proposals won't apply (no home
> agent), higher overhead (i.e. IKE, HIP) proposals provide the required
> security level but rely on a global PKI... I really don't know what is
> the worst: to accept MITM attacks or to wait for DNSSEC?

MITM seems like a problem that multi6 doesn't have to solve.  If a
"gang-of-IP's" protocol is used, as long as it doesn't preclude host
authentication for users/admins/hosts/protocols that care about it, then
solving the problems of redundacy and load sharing seem like the thing
to worry about.

I think most businesses today would be happy with an anonymous
end-to-end connection since they rely on web certs for their only
authentication in the current Internet.  I'm not saying this is a good
thing, but again, not one that multi6 needs to address.

-- 
Shane

Prev by Date: Re: 64-bit identifiers
Next by Date: Re: 64-bit identifiers
Prev by thread: Re: 64-bit identifiers
Next by thread: Re: 64-bit identifiers
Index(es):
- Date
- Thread