[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: draft-nordmark-multi6-threats-01.txt

To: Multi6 List <multi6@ops.ietf.org>
Subject: Re: draft-nordmark-multi6-threats-01.txt
From: Brian E Carpenter <brc@zurich.ibm.com>
Date: Sun, 04 Jul 2004 10:01:28 +0200
In-reply-to: <Roam.SIMC.2.0.6.1088602595.25816.nordmark@bebop.france>
Organization: IBM
References: <Roam.SIMC.2.0.6.1088602595.25816.nordmark@bebop.france>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.6) Gecko/20040113

Erik Nordmark wrote:
...

I guess that different apps will have different security requirements. However, i am considering the default scenario here. I mean the multi6 solution will provide some default level of security based on some security tools used by the solution. If a particular communication requires additional security, it will obtain it by special means (TLS for instance)
But TLS wouldn't by itself prevent a weakness in the multihoming layer
being used to redirect the packets to a black hole; neither would IPsec
when IPsec is layer above the multihoming layer.


Yes, let's focus on multi6 not making things worse at the network
layer, now that we have decided to focus on network layer solutions.
As long as we meet that goal, and allow IPSEC and TLS to work as
normal, we haven't made things worse for apps, and that all we
should aim at.

Brian

References:
- Re: draft-nordmark-multi6-threats-01.txt
  - From: Erik Nordmark <Erik.Nordmark@sun.com>

Prev by Date: Is 80 bits enough? [Re: Advantages and disadvantages of using CB64 type of identifiers]
Next by Date: Re: how secure mh should be? Re: identifiers and security
Previous by thread: Re: draft-nordmark-multi6-threats-01.txt
Next by thread: Sunday's multi6 bar BOF, and Monday's jabbering
Index(es):
- Date
- Thread