RE: New multi6 draft: WIMP

["Ayyasamy, Senthilkumar \(UMKC-Student\)" <saq66@umkc.edu>]

>> We have submitted a new multi6 draft to I-D directory. The draft 
>> defines a Weak Identifier Multihoming Protocol (WIMP), and 
>we wrote it 
>> in order to see how opportunistic/weak authentication 
>methods could be 
>> used to sove the multi6 problem.
>
>Ok. This is basically a secure negotiation mechanism.

This is basically a _weak_ secure negotiation mechanism. It would 
be better if the authors state explicitly the environments it will
be used. If I am running an enterprise internet service which is 
site-MHed for reliability, I won't prefer HIP or WIMP or PBK for 
secure negotiation. They are useful but only for certain limited 
scenarios. 

while HIP depends on a trusted model like DNSSEC, why it does extra 
work (crypto puzzles) to avoid third party infrastructure? what is 
the incentive to use such schemes? Although, crypto puzzles work 
against intruders, are we not penalizing a legitimate user by asking
him to waste his CPU cycle?

btw, is their any standardized RFC supporting weak authentication 
methods? RFC 1984 states explicitly that IETF won't knowingly make
the protocol weaker. But, it was wrote for a different purpose. 
anyway, I wish that authors of HIP/WIMP explicitly state the 
environment in which weak authentication is ok.