[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Fwd: Minutes / Notes



Hi Masataka, Pekka,

> -----Mensaje original-----
> De: Masataka Ohta [mailto:mohta@necom830.hpcl.titech.ac.jp]
> Enviado el: jueves, 24 de julio de 2003 5:21
> Para: Pekka Nikander
> CC: marcelo bagnulo; multi6@ops.ietf.org
> Asunto: Re: Fwd: Minutes / Notes
>
>
> Pekka;
>
> > > For the source endpoint information, i am not sure
> > > I think that carrying the source identifier would make more
> sense, since it
> > > identifies the other endd of the communication.
> >
> > Carrying a source identifier is harmful.  For our argument, see
> >
> > Catharina Candolin and Pekka Nikander, "IPv6 Source Addresses
> Considered
> > Harmful," in Hanne Riis Nielson (ed.), Proceedings of NordSec 2001,
> > Sixth Nordoc Workshop on Secure IT Systems,  November 1-2, Lyngby,
> > Denmark, Technical Report IMM-TR-2001-14, pp. 54-68, Technical
> > University of Denmark, November 2001.
> >
> > http://www.tml.hut.fi/~pnr/publications/nordsec2001.pdf
>
> You forgot the fact that the Internet is a public network.
>

So? What do you mean?, could you be a bit more explicit?.

Actually, IMHO it is the oposite, this article assumes that packets are not
trusted by default. I mean, most of the time, the information carried in
packets such as the source address, has not been modified. (this is
essentially due to the fact that nobody is interested in spoofing most of
web surfing packets or my email exchange with my friends, since there is no
point to do so).
So i do not think that we need high crypto security by deafault...

So i guess that my question would be: is it a reasonable approach to use
crypto in all comunications? (such as HIP)

Perhaps this is the most simple way to safely decouple loc and ids (so we do
it for simplicity and not because it is the only way to achiev the required
security level)

Regards, marcelo

> 							Masataka Ohta
>