[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: I-D ACTION:draft-ietf-multi6-hba-00.txt

To: Multi6 <multi6@ops.ietf.org>
Subject: Re: I-D ACTION:draft-ietf-multi6-hba-00.txt
From: Brian E Carpenter <brc@zurich.ibm.com>
Date: Wed, 05 Jan 2005 13:44:33 +0100
In-reply-to: <200412272038.PAA20042@ietf.org>
Organization: IBM
References: <200412272038.PAA20042@ietf.org>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040113

Personal comments:

I believe this is also ready to hand over to the future WG.

Just a couple of remarks.

1. You don't discuss the DNS at all - it clearly isn't a requirement
for the HBA mechanism itself to have any DNS entries, but surely
in reality at least one of the addresses will have to go into DNS?

2. A related point - in the discussion in 7.1 of MITM attacks, the
attack you describe only makes sense if the other end has no independent
check of *any* of the addresses in the address set. If even one of
them is (for example) in a trusted AAAA record, a MITM is excluded,
I think.

    Brian

Follow-Ups:
- Re: I-D ACTION:draft-ietf-multi6-hba-00.txt
  - From: marcelo bagnulo braun <marcelo@it.uc3m.es>

Prev by Date: Re: I-D ACTION:draft-ietf-multi6-functional-dec-00.txt
Next by Date: Re: Multi6 WG Last Call (2 of 3) draft-ietf-multi6-things-to-think-about-00.txt
Previous by thread: Re: I-D ACTION:draft-ietf-multi6-functional-dec-00.txt
Next by thread: Re: I-D ACTION:draft-ietf-multi6-hba-00.txt
Index(es):
- Date
- Thread