[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Multihoming by IP Layer Address Rewriting (MILAR)

To: multi6@ops.ietf.org
Subject: Re: Multihoming by IP Layer Address Rewriting (MILAR)
From: RJ Atkinson <rja@inet.org>
Date: Mon, 03 Sep 2001 21:25:57 -0400

At 20:57 03/09/01, Ramakrishna Gummadi wrote:
>>         So we don't have a security architecture or a security technology
>> problem [1] today in this regard.
>
>But my concern is that without a scalable key distribution and revocation
>mechanism, wouldn't we be converting the problem of scalable routing into
>scalable security?

        IKE works fine for now and can provide scalable key distribution.
Key revocation is a concept that applies to certificates, not really 
to session keys used with ESP/AH.  In short, we have technology today 
that suffices.  IKE could be better, but what we have is sufficient 
for now (until replaced with something else).

        Again, we do NOT have a security architecture or
a security technology problem today that prevents address
re-writing from being considered here.

Ran
rja@inet.org

Prev by Date: Re: Multihoming by IP Layer Address Rewriting (MILAR)
Next by Date: some more transport MH ideas...
Prev by thread: Re: Multihoming by IP Layer Address Rewriting (MILAR)
Next by thread: Re: Multihoming by IP Layer Address Rewriting (MILAR)
Index(es):
- Date
- Thread