Re: Reasonable to use crypto in all communications? (Re: Fwd: Minutes/ Notes)

[Pekka Nikander <pekka.nikander@nomadiclab.com>]

Ohta-san,

As so many times before, I am getting tired, since
this discussion is getting more or less ridiculous.
But that may be my fault, of course.

> > > > The id/loc mapping itself needs some kind of protection,
> > > For most mapping, cookie is the protection.
> > > For mobility mapping, the protection should use shared secret.
> > Depending on the definition of cookie, I may agree.
> > Depending on how you get the shared secret, I may agree.
> >
> > Hence, please be more specific.  And please explain in
> > detail how you *bootstrap* the system.
> It is of course that cookie is exchanged with three way handshake
> and the shared secret is shared OOB.
It is good that you think that we need a 3-way handshake
for a cookie.  There we may agree.

Assuming a shared secret, exchanged OOB, between any two
arbitrary hosts in the Internet, is, well, interesting.
But apparently you are not claiming that.

> Note that the shared secret is necessary only between HA and
> MH (rest is done by cookie) that the secret is shared when
> MH owner asks HA service to the administrator of the HA and
> configured to MH when a HA address is configured.
What is a HA in a multi-homing situation?  Are you assuming
some kind of infrastructure at the Internet, i.e. outside
of the multi-homed network?  If so, you open up the space
for zillions of interesting solutions, most of which have
very interesting single-point-of-failures or bottlenecks.
And even in the simple case bootstrapping the shared secret
between the multi-homed host and the infrastructure may
turn out much more challenging than what you seem to assume.

--Pekka