Re: security requirement for multi6

[Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>]

marcelo;

> > > If it weren't we could just use MIPv6 and end of the story
> >
> > At Vienna, I gave three reasons on why MIPv6 is hopeless
> > and can not be used for M6.

> Sorry i remeber the following ones:
> 1) timing in mip is not compatible with multi-homing

No, it is not. It, instead, is a reason on why MIPv6 mechanism can
not be used for M6. But, let's continue.

> My answer to this is that the idea is not to use mip as is, but use the
> packet format and the CN route optimization capabilities. So mip timing is
> not really being used, so i think this should not be an issue.

With MIPv6, CN is expected to use a new locator. With M6, a host is free
to choose any locator, which, in most cases, the host has from the
beginning.

> the next one would be security as you mention, right?

Yup.

> > Difference of security model requirement makes security mechanism
> > different.

> Well if you don't care about tmeporary MITM attacks, mip provides all the
> security that you need, so i don't see a problem here

I don't care about MITM between CN and HA. MITM between CN and MN,
local environment of which is foreign, is a different matter.

> Well as i mention above, not only packet format but CN route optimization
> capabilities, which IMHO is the main benefit of using mip, (i.e. you don't
> need to deploy new mechanisms in external hosts)

No new mechanism even if timing and security are completely different?

> I agree that PMTU is an issue

That is a reason on why MIPv6 is hopeless, though it has less
relevence to this WG. Other reasons are DAD and unnecessary
complexities.

					Masataka Ohta