[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: WG next steps

To: Peter Tattam <peter@jazz-1.trumpet.com.au>
Subject: Re: WG next steps
From: Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
Date: Fri, 15 Nov 2002 10:13:05 +0859 ()
Cc: "Hesham Soliman (EAB)" <hesham.soliman@era.ericsson.se>, Tony Li <Tony.Li@procket.com>, Michel Py <michel@arneill-py.sacramento.ca.us>, Shane Kerr <shane@ripe.net>, Brian Carpenter <brian@hursley.ibm.com>, multi6@ops.ietf.org
In-reply-to: <Pine.BSF.3.96.1021115111519.21572L-100000@jazz-1.trumpet.com.au>from Peter Tattam at "Nov 15, 2002 11:21:39 am"

Peter;

> >   > This is intuitively correct, but I have a hunch that 
> >   > pushing the intellegence
> >   > into the end points raises a whole bunch of security 
> >   > problems.  Traditionally
> >   > we believe routers have been secure (this may not be case 
> >   > in reality), and this
> >   > has been the motivation to find a solution that does not 
> >   > entail end point
> >   > intelligence to solve the MH problem.

I have never seen any router based solution claiming better security
than host based ones.

Are there really any?

> I will repeat what I said before that I think that any solution that involves
> crypto of any kind needs to be carefully thought through from the point of view
> of CPU resources on end hosts.  While the traditional mobile host end points
> probably don't care too much, for a general solution that would involve large
> servers with thousands of connections, the MH solution must be low cost in such
> an environment.

Combination of cookies, a hash function and reverse/forward DNS
is just fine to make mobile and multihomed hosts weakly secure.

							Masataka Ohta

References:
- RE: WG next steps
  - From: Peter Tattam <peter@jazz-1.trumpet.com.au>

Prev by Date: Re: WG next steps
Next by Date: Re: WG next steps
Previous by thread: RE: WG next steps
Next by thread: RE: WG next steps
Index(es):
- Date
- Thread