[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Yes - blew it...

To: multi6 List <multi6@ops.ietf.org>
Subject: Yes - blew it...
From: Kurt Erik Lindqvist <kurtis@kurtis.pp.se>
Date: Mon, 14 Mar 2005 22:39:25 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



...but it is also changed :-)

- - kurtis -

Begin forwarded message:

> From: Kurtis Lindqvist <kurtis@kurtis.pp.se>
> Date: den 14 mars 2005 22.22.36 MET
> To: multi6@ops.ietf.org
> Subject: BOUNCE multi6@ops.ietf.org:     Admin request of type 
> /\bsubscribe\b/i at line 7 (fwd)
> Reply-To: Kurtis Lindqvist <kurtis@kurtis.pp.se>
>
> Appproved: tered0
> From iljitsch@muada.com Mon Mar 14 16:34:28 2005
> Received: from [83.149.65.1] (helo=sequoia.muada.com)
> 	by psg.com with esmtps (TLSv1:AES256-SHA:256)
> 	(Exim 4.44 (FreeBSD))
> 	id 1DAsWS-000DEd-6D
> 	for multi6@ops.ietf.org; Mon, 14 Mar 2005 16:34:28 +0000
> Received: from [IPv6:2001:1af8:6::20a:95ff:fecd:987a] 
> (alumange-giga.muada.com [IPv6:2001:1af8:6:0:20a:95ff:fecd:987a])
> 	(authenticated bits=0)
> 	by sequoia.muada.com (8.12.10/8.12.10) with ESMTP id j2EGYGvZ069403
> 	(version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NO)
> 	for <multi6@ops.ietf.org>; Mon, 14 Mar 2005 17:34:16 +0100 (CET)
> 	(envelope-from iljitsch@muada.com)
> Mime-Version: 1.0 (Apple Message framework v619.2)
> Content-Transfer-Encoding: 7bit
> Message-Id: <74db857d605d2c1b69e2f89f700d59e9@muada.com>
> Content-Type: text/plain; charset=US-ASCII; format=flowed
> To: Multi6 List <multi6@ops.ietf.org>
> From: Iljitsch van Beijnum <iljitsch@muada.com>
> Subject: Fwd: how mobile do we want to be
> Date: Mon, 14 Mar 2005 17:34:23 +0100
> X-Mailer: Apple Mail (2.619.2)
> X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on psg.com
> X-Spam-Level:
> X-Spam-Status: No, score=-2.6 required=5.0 tests=AWL,BAYES_00 
> autolearn=ham
> 	version=3.0.1
>
> Hi gang,
>
> I sent this message to the new shim6 list two days ago, but I didn't
> see any replies or any other messages for that matter, so I'm posting
> it here as well.
>
> If you want to subscribe to the shim6 list:
>
> Interim mailing list for pre-discussion: shim6@psg.com
>
> Join by sending "subscribe shim6" to majordomo@psg.com
>
> Note that you have to be very careful in copying back the auth info,
> any extra text or quote indicators will confuse majordomo. (Wasn't this
> easier before?)
>
>
> Begin forwarded message:
>
>> From: Iljitsch van Beijnum <iljitsch@muada.com>
>> Date: 12 maart 2005 16:44:58 GMT+01:00
>> To: shim6@psg.com
>> Subject: how mobile do we want to be
>
> In the discussion in the BOF yesterday there were different viewpoints
> on the relationship between mobility and multihoming in general and
> shim6 in particular.
>
> Apparently, some people are equating renumbering with mobility. Now
> obviously mobility mechanisms can be used to renumber without skipping
> a beat, but that doesn't mean mobility and renumbering are the same
> thing.
>
> I think the important difference is the timescale. In mobility, the
> assumption is that TCP sessions and other state are longer-lived than
> locator addresses. In site renumbering, I very much doubt that this is
> the case. At the very least, we're talking about the order of days
> here, and _very_ few sessions or associations last for days. So in
> nearly all cases, site renumbering can be addressed with regular
> stateless autoconfiguration address deprecation.
>
> Please don't forget: adding a new address in the middle of a session is
> a security nightmare. The only way this can be done reasonably is with
> the help of strong crypto (magic PKI dust) or a home agent that is
> impervious to on-path nastiness such as sniffing and MitM. Obviously,
> for a good number of applications strong crypto isn't a problem as they
> already use it today. But mandating strong crypto for *everything* is
> very problematic for reasons of performance, configuration and
> robustness. (Let the person who never clicked "accept" on an SSL
> warning cast the first stone here.)
>
> I think HBAs are a very good compromise between reasonable security and
> usability. It would be a shame to throw this out the window just so one
> or two applications are saved from reconnecting once in a blue moon. It
> takes a lot of reconnects to waste the same amount of time that it
> takes to obtain and install an X.509 certificate...
>
>
>

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQA/AwUBQjYEk6arNKXTPFCVEQJcPgCeLXCf2XolarTaPFfM3swl4lMCMpEAn0lu
qpru+WeUA51+pE+PmlqyBY95
=yhwi
-----END PGP SIGNATURE-----

Prev by Date: BOUNCE multi6@ops.ietf.org: Admin request of type /\bsubscribe\b/i at line 7 (fwd)
Next by Date: Re: BOUNCE multi6@ops.ietf.org: Admin request of type /\bsubscribe\b/i at line 7 (fwd)
Previous by thread: BOUNCE multi6@ops.ietf.org: Admin request of type /\bsubscribe\b/i at line 7 (fwd)
Next by thread: multi6 minutes
Index(es):
- Date
- Thread