[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Identifiers

To: mbagnulo@ing.uc3m.es
Subject: Re: Identifiers
From: Eliot Lear <lear@cisco.com>
Date: Fri, 26 Mar 2004 14:05:01 -0800
Cc: Brian E Carpenter <brc@zurich.ibm.com>, Francis Dupont <Francis.Dupont@enst-bretagne.fr>, Iljitsch van Beijnum <iljitsch@muada.com>, Multi6 List <multi6@ops.ietf.org>
In-reply-to: <LIEEJBCNFDJHFFKJJDPAEECPDOAA.mbagnulo@ing.uc3m.es>
References: <LIEEJBCNFDJHFFKJJDPAEECPDOAA.mbagnulo@ing.uc3m.es>
User-agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7b) Gecko/20040316

Marcelo & all,

It sounds like Brian started pretty darn close to where I would be:

> My assumption is certainly that we can trust the first address pair,
> to exactly the extent that we can trust it in a non-multihomed case.
> Is that a wrong assumption?

I think a good solution in this space would not weaken the authenticity of any existing identifiers. And this is why I liked NOID. You want strong security? The claim is that it will work with DNSSEC for verification.

Beyond that, if you have an existing line of communication between you and a host, wouldn't PBKs provide a secure means by which one could privately pass additional information? If it does, it provides some really nice generality for the above. For instance, if you use some very secure mechanism to establish connectivity then PBKs could provide continued assurance. And if you were out in the open, PBKs provide less assurance (e.g., you still end up with potential MITM attacks).

Regards,

Eliot

Follow-Ups:
- RE: Identifiers
  - From: "marcelo bagnulo" <mbagnulo@ing.uc3m.es>

References:
- RE: Identifiers
  - From: "marcelo bagnulo" <mbagnulo@ing.uc3m.es>

Prev by Date: Change of plan [Re: Proposed dates and place for multi6 interim meeting]
Next by Date: Weekly posting summary for multi6@ops.ietf.org
Previous by thread: RE: Identifiers
Next by thread: RE: Identifiers
Index(es):
- Date
- Thread