[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: CGA Use with HBA in Shim6 IETF Meeting July 10, 2006

To: "Fiumano, Michael F [NTK]" <Michael.F.Fiumano@sprint.com>, "marcelo bagnulo braun" <marcelo@it.uc3m.es>, "Francis Dupont" <Francis.Dupont@point6.net>
Subject: RE: CGA Use with HBA in Shim6 IETF Meeting July 10, 2006
From: "Bound, Jim" <Jim.Bound@hp.com>
Date: Wed, 19 Jul 2006 10:37:36 -0400
Cc: <shim6@psg.com>, "Pekka Savola" <pekkas@netcore.fi>, "Iljitsch van Beijnum" <iljitsch@muada.com>
In-reply-to: <6B1FF00C9F2BFD4EB894C686C440C23303D23E78@PLSWB02C.ad.sprint.com>

I don't think we can ever require that and nor have we in any spec.  Preshared keys work but the point is that is a market decision not an IETF decision.  We build the protocols with operational guidance in some cases whether or how they are used in the market is a red herring for our work to keep moving forward.  We are more like scientists not marketing and business people.
/jim 

> -----Original Message-----
> From: Fiumano, Michael F [NTK] [mailto:Michael.F.Fiumano@sprint.com] 
> Sent: Wednesday, July 19, 2006 10:25 AM
> To: Bound, Jim; marcelo bagnulo braun; Francis Dupont
> Cc: shim6@psg.com; Pekka Savola; Iljitsch van Beijnum
> Subject: RE: CGA Use with HBA in Shim6 IETF Meeting July 10, 2006 
> 
> Very few who use IPSec also use PKI.  Most use a pre-shared 
> key.  I hope that no one is requiring that a PKI be in place 
> in order to use shim6.
> 
> Michael Fiumano
> Senior Network Engineer
> IP Core Infrastructure
> 703-689-5875 Wk
> 703-598-2434 Cel
> michael.f.fiumano@sprint.com
> 
> 
> 
> 
> -----Original Message-----
> From: owner-shim6@psg.com [mailto:owner-shim6@psg.com] On 
> Behalf Of Bound, Jim
> Sent: Wednesday, July 19, 2006 9:55 AM
> To: marcelo bagnulo braun; Francis Dupont
> Cc: shim6@psg.com; Pekka Savola; Iljitsch van Beijnum
> Subject: RE: CGA Use with HBA in Shim6 IETF Meeting July 10, 2006 
> 
> I was assuming the node regardless will use IPsec as 
> required.  Thus it really is not shime6 concern.  But I do 
> not believe no one will not deploy IPsec because of PKI that 
> is simply not true.  IPsec is deployed today with PKI.
> 
> /jim 
> 
> > -----Original Message-----
> > From: marcelo bagnulo braun [mailto:marcelo@it.uc3m.es]
> > Sent: Wednesday, July 19, 2006 8:04 AM
> > To: Francis Dupont
> > Cc: shim6@psg.com; Bound, Jim; Pekka Savola; Iljitsch van Beijnum
> > Subject: Re: CGA Use with HBA in Shim6 IETF Meeting July 10, 2006
> > 
> > 
> > El 19/07/2006, a las 14:38, Francis Dupont escribió:
> > 
> > > I can't see where Jim proposed to base the Shim6 security
> > on IPsec...
> > 
> > in message http://ops.ietf.org/lists/shim6/msg01511.html
> > 
> > it is stated that:
> > 
> > Suggestion is to simply embed ULIDs within the data payload 
> with new 
> > option and secure all communications at least for now for IP layer 
> > communcatiions with IPsec encryption based on locator pair.
> > 
> > meaning to use IPSec as an alternative to HBA security
> > 
> > > (something which is known to require the impossible and even not 
> > > desirable global PKI :-)
> > >
> > 
> > exactly
> > 
> > Regards, marcelo
> > 
> > 
> > > Regards
> > >
> > > Francis.Dupont@point6.net
> > >
> > 
> > 
> 
> 
> 
>

Follow-Ups:
- RE: CGA Use with HBA in Shim6 IETF Meeting July 10, 2006
  - From: Pekka Savola <pekkas@netcore.fi>
- Re: CGA Use with HBA in Shim6 IETF Meeting July 10, 2006
  - From: marcelo bagnulo braun <marcelo@it.uc3m.es>

References:
- RE: CGA Use with HBA in Shim6 IETF Meeting July 10, 2006
  - From: "Fiumano, Michael F [NTK]" <Michael.F.Fiumano@sprint.com>

Prev by Date: RE: CGA Use with HBA in Shim6 IETF Meeting July 10, 2006
Next by Date: Re: IPsec Issue Discussed for Shim6 at IETF Meeting July 10, 2006
Previous by thread: RE: CGA Use with HBA in Shim6 IETF Meeting July 10, 2006
Next by thread: Re: CGA Use with HBA in Shim6 IETF Meeting July 10, 2006
Index(es):
- Date
- Thread