[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: CGA Use with HBA in Shim6 IETF Meeting July 10, 2006



Very few who use IPSec also use PKI.  Most use a pre-shared key.  I hope that no one is requiring that a PKI be in place in order to use shim6.

Michael Fiumano
Senior Network Engineer
IP Core Infrastructure
703-689-5875 Wk
703-598-2434 Cel
michael.f.fiumano@sprint.com




-----Original Message-----
From: owner-shim6@psg.com [mailto:owner-shim6@psg.com] On Behalf Of Bound, Jim
Sent: Wednesday, July 19, 2006 9:55 AM
To: marcelo bagnulo braun; Francis Dupont
Cc: shim6@psg.com; Pekka Savola; Iljitsch van Beijnum
Subject: RE: CGA Use with HBA in Shim6 IETF Meeting July 10, 2006 

I was assuming the node regardless will use IPsec as required.  Thus it really is not shime6 concern.  But I do not believe no one will not deploy IPsec because of PKI that is simply not true.  IPsec is deployed today with PKI.

/jim 

> -----Original Message-----
> From: marcelo bagnulo braun [mailto:marcelo@it.uc3m.es] 
> Sent: Wednesday, July 19, 2006 8:04 AM
> To: Francis Dupont
> Cc: shim6@psg.com; Bound, Jim; Pekka Savola; Iljitsch van Beijnum
> Subject: Re: CGA Use with HBA in Shim6 IETF Meeting July 10, 2006 
> 
> 
> El 19/07/2006, a las 14:38, Francis Dupont escribió:
> 
> > I can't see where Jim proposed to base the Shim6 security 
> on IPsec...
> 
> in message http://ops.ietf.org/lists/shim6/msg01511.html
> 
> it is stated that:
> 
> Suggestion is to simply embed ULIDs within the data payload 
> with new option and secure all communications at least for 
> now for IP layer communcatiions with IPsec encryption based 
> on locator pair.
> 
> meaning to use IPSec as an alternative to HBA security
> 
> > (something which is known to require the impossible and even not 
> > desirable global PKI :-)
> >
> 
> exactly
> 
> Regards, marcelo
> 
> 
> > Regards
> >
> > Francis.Dupont@point6.net
> >
> 
>