Re: I-D ACTION:draft-ietf-multi6-hba-00.txt

["John Loughney" <john.loughney@nokia.com>]

Marcelo,

I agree with Brian. You should mention it explicitly.

John

-- original message --
Subject:	Re: I-D ACTION:draft-ietf-multi6-hba-00.txt
From:	"ext Brian E Carpenter" <brc@zurich.ibm.com>
Date:		01/12/2005 3:33 pm

marcelo bagnulo braun wrote:
> Hi Brian,
> 
> thanks for the comments.
> 
> El 05/01/2005, a las 13:44, Brian E Carpenter escribiÃ:
> 
>> Personal comments:
>>
>> I believe this is also ready to hand over to the future WG.
>>
>> Just a couple of remarks.
>>
>> 1. You don't discuss the DNS at all - it clearly isn't a requirement
>> for the HBA mechanism itself to have any DNS entries, but surely
>> in reality at least one of the addresses will have to go into DNS?
>>
> 
> i guess so, but i don't see any HBA specific issues w.r.t. to DNS, i 
> guess that they are just like any other global address.
> Do you think i should state it explicitly in the draft?

If you don't, I will bet other people will ask the same question

    Brian

> 
>> 2. A related point - in the discussion in 7.1 of MITM attacks, the
>> attack you describe only makes sense if the other end has no independent
>> check of *any* of the addresses in the address set. If even one of
>> them is (for example) in a trusted AAAA record, a MITM is excluded,
>> I think.
>>
> 
> good point, i will include this in the next version
> regards, marcelo
> 
>>     Brian
>>
> 
>