[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: how mobile do we want to be



Iljitsch van Beijnum wrote:

No, but it does need a home address, so you don't get multihoming with existing mobility. If you want multihoming AND mobility you need strong crypto to authenticate adding addresses to existing sessions. You are right that CGAs could at least avoid the need for a PKI, but they're still relatively heavy-weight.

You need strong security in either static or dynamic multihoming case; I think
we agree that HBAs are strong. My point was that there is no infrastructure
involved either way. What you are saying does not relate to the need for
infrastructure but rather the computational effort. Well, things change
over time. My cell phone has had TLS and PK crypto operations for ages,
and some phones do VPNs with Diffie-Hellman. My take is that this type
of computation is cheap enough now.


For those of you who weren't there: there has been discussion in multi6 and its various design teams about whether a single solution would be usable for all multihoming needs. Such a solution would then have to cater to the highest performance, most restricted devices, least secure environments and highest security requirements at the same time. Dropping one or two of these extremes makes everything _much_ easier.

I tend to think that it doesn't have a very big impact. And I'm not saying this just because I have an opinion... we've actually done the design.

Actually, I don't think we should be debating the mobility issue so
heavily, because my belief is that the technical solution is going to be
the same no matter what we decide. Also, there'd be other, more
significant fights to fight if we want to look at issues like that. For
instance, can you multihome when you are GPRS connected on one
IPv6 interface and simultaneously doing NATted IPv4 WLAN on
another? This is in fact a pretty likely scenario -- and known to be
solvable. Anyway, the group has since long time decided to focus
on IPv6, for better or worse.

What about the patent situation?

Well, I have no news about that. Are you saying that there'd be a difference wrt HBA and CGA? Anyway, patents were not an issue in SEND, because free licenses were granted. Not to mention some other IETF technologies where even RAND has been acceptable.

--Jari