[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Minutes / Notes



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

>>>> I guess Iljitsch was talking about stateless autoconfig RFC 2462
>>>
>>> RFC2462 does not give any useful definition of autoconfiguration.
>>>
>>> For example, in DNSOP WG, people, including those of IPv6 ones,
>>> are discussing autoconfiguration with DHCP.
>>
>> Yes. But in the meeting it was pointed out after your question that
>> this was referring to the features described in 2462.
>
> And, then, it was pointed out that RFC 2462 is useless to define
> autoconfiguration.

Noone said that 2462 gives the definition of autoconfiguration. We 
where talking about the technology described in 2462.

>
>>> It is as secure as the Internet today with an address binded both to
>>> an ID and an locator.
>>
>> a) I don't think that maintaining the security level of todays 
>> Internet
>> is a goal
>
> I have never seen such requirement nor proposal.

I think that anything that can improve the security of todays Internet, 
tomorrows Internet and yesterdays Internet will be looked upon 
favorably.


>> b) Introducing loc / id separation will require mapping, one way or 
>> the
>> other.
>
> Wrong. The separation requires that a host know id and locators of
> its peer with reasonable security.

That is a mapping state in it self.

>> This introduces new bindings that needs to be secured.
>
> The separation requires that a host know id and locators of its
> peer with reasonable security. An initial packet of a connection
> containing all of them is just secure.

That is as secure as the trust relationship of the creator of the 
packet.

>
>
- - kurtis -

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2

iQA/AwUBPyZMP6arNKXTPFCVEQJpUQCgtT/x4a8+T+GLdMfk1vcOx+9Co/kAn0np
FSL6wFllcSejkkXXqFoO97eT
=b2qd
-----END PGP SIGNATURE-----