[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: I-D ACTION:draft-ietf-multi6-hba-00.txt

To: Brian E Carpenter <brc@zurich.ibm.com>
Subject: Re: I-D ACTION:draft-ietf-multi6-hba-00.txt
From: marcelo bagnulo braun <marcelo@it.uc3m.es>
Date: Tue, 11 Jan 2005 17:15:00 +0100
Cc: Multi6 <multi6@ops.ietf.org>
In-reply-to: <41DBE131.9030501@zurich.ibm.com>
References: <200412272038.PAA20042@ietf.org> <41DBE131.9030501@zurich.ibm.com>

Hi Brian,

thanks for the comments.

El 05/01/2005, a las 13:44, Brian E Carpenter escribió:

Personal comments:

I believe this is also ready to hand over to the future WG.

Just a couple of remarks.

1. You don't discuss the DNS at all - it clearly isn't a requirement
for the HBA mechanism itself to have any DNS entries, but surely
in reality at least one of the addresses will have to go into DNS?

i guess so, but i don't see any HBA specific issues w.r.t. to DNS, i guess that they are just like any other global address. Do you think i should state it explicitly in the draft?

2. A related point - in the discussion in 7.1 of MITM attacks, the attack you describe only makes sense if the other end has no independent check of *any* of the addresses in the address set. If even one of them is (for example) in a trusted AAAA record, a MITM is excluded, I think.


good point, i will include this in the next version
regards, marcelo

    Brian

Follow-Ups:
- Re: I-D ACTION:draft-ietf-multi6-hba-00.txt
  - From: Brian E Carpenter <brc@zurich.ibm.com>

References:
- Re: I-D ACTION:draft-ietf-multi6-hba-00.txt
  - From: Brian E Carpenter <brc@zurich.ibm.com>

Prev by Date: Mailing list and draft charter for new multihoming BOF/WG
Next by Date: Re: I-D ACTION:draft-ietf-multi6-functional-dec-00.txt
Previous by thread: Re: I-D ACTION:draft-ietf-multi6-hba-00.txt
Next by thread: Re: I-D ACTION:draft-ietf-multi6-hba-00.txt
Index(es):
- Date
- Thread