[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: GSE

To: RJ Atkinson <rja@extremenetworks.com>
Subject: Re: GSE
From: Pekka Nikander <pekka.nikander@nomadiclab.com>
Date: Sat, 22 Feb 2003 20:35:52 +0200
Cc: Erik Nordmark <Erik.Nordmark@sun.com>, multi6@ops.ietf.org
In-reply-to: <AB92ADE2-45C7-11D7-A186-00039357A82A@extremenetworks.com>
References: <AB92ADE2-45C7-11D7-A186-00039357A82A@extremenetworks.com>
User-agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.3b) Gecko/20030220

RJ Atkinson wrote:

Note that the security issues due to the relaxation can be solved
by stuff like HIP.

See smb's comments at www.research.att.com, URL posted by someone else
a few days back.  HIP has no special magic in this regard.

HIP has no special magic, I agree.  It just uses public keys
as primary identifiers.  That is pretty similar to what SSH
does today.  HIP has both an opportunistic mode, more or less
similar to the way SSH hosts learn the keys of the other hosts,
and a DNS(sec) based mode where you learn the public key of
the intended recipient form the DNS.  That latter comes, of
course, with the usual problems with DNS(sec) or any other
PKI (like) system.

From my point of view, the ability to use public keys as
primary identifiers of end-hosts opens up some interesting
ways to deal with some security problems.

--Pekka

References:
- Re: GSE
  - From: RJ Atkinson <rja@extremenetworks.com>

Prev by Date: Re: GSE
Next by Date: Re: GSE
Previous by thread: Re: GSE
Next by thread: Re: GSE
Index(es):
- Date
- Thread