[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: CGA Use with HBA in Shim6 IETF Meeting July 10, 2006



To throw 2-cents into this conversation, the SIDR WG seems to be
considering a global PKI, albeit for BGP routers and not end hosts.
(http://www3.ietf.org/proceedings/06mar/slides/sidr-1.pdf)

-Jeff

> As i understand it, the only way to make the shim6 security based on 
> IPSec is to assume that a global PKI is deployed, including client 
> certificates (i.e. not only server certificates) so that it 
> is possible to secure any-to-any communication.
> 
>  From what i understand such global pki is not in place yet and it 
> doesn't looks like it will be anytime soon if ever.