[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: WG next steps

To: "Hesham Soliman (EAB)" <hesham.soliman@era.ericsson.se>
Subject: RE: WG next steps
From: Peter Tattam <peter@jazz-1.trumpet.com.au>
Date: Fri, 15 Nov 2002 11:21:39 +1100 (EST)
Cc: Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>, Tony Li <Tony.Li@procket.com>, Michel Py <michel@arneill-py.sacramento.ca.us>, Shane Kerr <shane@ripe.net>, Brian Carpenter <brian@hursley.ibm.com>, multi6@ops.ietf.org
In-reply-to: <4DA6EA82906FD511BE2F00508BCF0538044F0D08@Esealnt861.al.sw.ericsson.se>

On Fri, 15 Nov 2002, Hesham Soliman (EAB) wrote:

> 
> 
>   > This is intuitively correct, but I have a hunch that 
>   > pushing the intellegence
>   > into the end points raises a whole bunch of security 
>   > problems.  Traditionally
>   > we believe routers have been secure (this may not be case 
>   > in reality), and this
>   > has been the motivation to find a solution that does not 
>   > entail end point
>   > intelligence to solve the MH problem.
> 
> => I don't think pushing the intelligence to the 
> end points will introduce additional security threats
> to those introduced by allowing routers to do the job. 
> The problem is the same: change address from A to B.
> Solving it using routers or end hosts will not change the
> problem (ok PI is a different case). 
> 
> The obvious reason for doing it in end hosts is scalability. 
> Another advantage with using the end host is that the
> security issues are well understood, for example if 
> MIPv6 is used, we will have a pretty good idea of the 
> level of security required to do the job.

I will repeat what I said before that I think that any solution that involves
crypto of any kind needs to be carefully thought through from the point of view
of CPU resources on end hosts.  While the traditional mobile host end points
probably don't care too much, for a general solution that would involve large
servers with thousands of connections, the MH solution must be low cost in such
an environment.

The edge router solution is not a complete solution either as has been alluded
to.  There will be instances where an end host may be connected to two paths,
neither knowing much about each other (e.g. cable, dsl and modem in a home
network).

Sounds to me like the only solution that will fly will be an E2E solution.

> 
> Hesham
> 
> 

Peter

--
Peter R. Tattam                            peter@trumpet.com
Managing Director,    Trumpet Software International Pty Ltd
Hobart, Australia,  Ph. +61-3-6245-0220,  Fax +61-3-62450210

Follow-Ups:
- Re: WG next steps
  - From: Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>

References:
- RE: WG next steps
  - From: "Hesham Soliman (EAB)" <hesham.soliman@era.ericsson.se>

Prev by Date: RE: WG next steps
Next by Date: RE: WG next steps
Previous by thread: RE: WG next steps
Next by thread: Re: WG next steps
Index(es):
- Date
- Thread