[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: addition of TLV to locator ID or locator ID set
On Mon, 3 Oct 2005, Jari Arkko wrote:
The answer to this question relates to how much dynamism we want in
the address sets. Also, there may be some feature interactions with
sites that want to employ both SEND and SHIM6.
Indeed. SeND and CGA seems very interesting for on-link
authentication.
Both need an exchange to assure the other party that things are OK,
e.g., we need to communicate the values (not just the key) used in
the hashing process.
Right, and the protocol we have for key data exchange is IKE.
At which point you may possibly just want to use IPSec AH to secure
the traffic. Would I be correct in thinking that only advantage CGA
for such off-link authentication would be saving packet-data overhead
of the AH header?
RFC 3971 is an example of a protocol that does this. This isn't
IKE. (But a lot of people confuse the use of public keys with
certified public keys, PKIs, and configured security. This isn't
the case for here, however.)
Right, even if you used CGA, you could still use CGA and use IKE for
key data/parameters exchange.
regards,
--
Paul Jakma paul@clubi.ie paul@jakma.org Key ID: 64A2FF6A
Fortune:
When you have to kill a man it costs nothing to be polite.
-- Winston Churchill, on formal declarations of war