[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: CGA Use with HBA in Shim6 IETF Meeting July 10, 2006
Very few who use IPSec also use PKI. Most use a pre-shared key. I hope that no one is requiring that a PKI be in place in order to use shim6.
Michael Fiumano
Senior Network Engineer
IP Core Infrastructure
703-689-5875 Wk
703-598-2434 Cel
michael.f.fiumano@sprint.com
-----Original Message-----
From: owner-shim6@psg.com [mailto:owner-shim6@psg.com] On Behalf Of Bound, Jim
Sent: Wednesday, July 19, 2006 9:55 AM
To: marcelo bagnulo braun; Francis Dupont
Cc: shim6@psg.com; Pekka Savola; Iljitsch van Beijnum
Subject: RE: CGA Use with HBA in Shim6 IETF Meeting July 10, 2006
I was assuming the node regardless will use IPsec as required. Thus it really is not shime6 concern. But I do not believe no one will not deploy IPsec because of PKI that is simply not true. IPsec is deployed today with PKI.
/jim
> -----Original Message-----
> From: marcelo bagnulo braun [mailto:marcelo@it.uc3m.es]
> Sent: Wednesday, July 19, 2006 8:04 AM
> To: Francis Dupont
> Cc: shim6@psg.com; Bound, Jim; Pekka Savola; Iljitsch van Beijnum
> Subject: Re: CGA Use with HBA in Shim6 IETF Meeting July 10, 2006
>
>
> El 19/07/2006, a las 14:38, Francis Dupont escribió:
>
> > I can't see where Jim proposed to base the Shim6 security
> on IPsec...
>
> in message http://ops.ietf.org/lists/shim6/msg01511.html
>
> it is stated that:
>
> Suggestion is to simply embed ULIDs within the data payload
> with new option and secure all communications at least for
> now for IP layer communcatiions with IPsec encryption based
> on locator pair.
>
> meaning to use IPSec as an alternative to HBA security
>
> > (something which is known to require the impossible and even not
> > desirable global PKI :-)
> >
>
> exactly
>
> Regards, marcelo
>
>
> > Regards
> >
> > Francis.Dupont@point6.net
> >
>
>