[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: CGA Use with HBA in Shim6 IETF Meeting July 10, 2006
On Tue, 11 Jul 2006, Bound, Jim wrote:
Recommendation: For now remove HBA and the use of ULID security
specifying HBA and leave it as work to be completed that avoids this IPR
problem with CGA. Suggestion is to simply embed ULIDs within the data
payload with new option and secure all communications at least for now
for IP layer communcatiions with IPsec encryption based on locator pair.
Separating the movement of Shim6 to proposed standard from the issue of
ULID security using HBA.
How could this any-to-any IPsec (no prior relation to your peers can
be assumed) be made to work?` Are you suggesting using BTNS,
opportunistic IPsec, and/or something else? What would be the impact
on security of our solution?
I think this potential solution path was hinted at the security
directorate review we got some time ago, but as Jari Arkko said, it
wasn't clear whether secdir fully understood the implications what
using for example IPsec might mean for the solution.
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings