Re: how mobile do we want to be

[Julien Laganier <Julien.Laganier@Sun.COM>]

Hi Jari,

Jari Arkko wrote:
> Iljitsch,
> 
> 
>>Please don't forget: adding a new address in the middle of a session 
>>is a security nightmare. The only way this can be done reasonably is 
>>with the help of strong crypto (magic PKI dust) or a home agent that 
>>is impervious to
>>
> 
> I'm getting a bit frustrated on this thread. I sympathize on the need
> to have a constrained problem to work on. But obviously we are in any
> case using strong crypto, or would you not call HBAs strong crypto? And as
> I have explained in a previous e-mail, PKI means infrastructure
> and we have a number of known techniques (some even implemented
> by several teams) that can do mobility with public keys, but without
> any need for infrastructure.

FWIW, I agree with this, and I also support the charter proposal you
posted earlier.

Furthermore, I think that, because a negotiation would be needed anyway
to detect if the remote end is shim-enabled, this negotiation is an
opportunity to negotiate between CGA/public key crypto/"mobile
multihoming" and HBA/hash functions/"static multihoming".

Hence, all shim-enabled nodes would be required to implement the later
(which is suitable to constrained devices) without preventing stronger
nodes to implement the former if they benefits from it. In case a
constrained device communicates with an unconstrained one, both would
only benefit from the HBA-based readressing, which is still better than
nothing.

Thanks,

--julien