[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: IPsec !?, was: Re: CGA Use with HBA in Shim6 IETF Meeting July 10, 2006

To: "Iljitsch van Beijnum" <iljitsch@muada.com>
Subject: RE: IPsec !?, was: Re: CGA Use with HBA in Shim6 IETF Meeting July 10, 2006
From: "Christian Huitema" <huitema@windows.microsoft.com>
Date: Thu, 27 Jul 2006 21:18:53 -0700
Cc: "Francis Dupont" <Francis.Dupont@point6.net>, "shim6-wg" <shim6@psg.com>
In-reply-to: <235CBF81-9A46-4512-9DAB-1E83202C2B74@muada.com>
References: <200607240802.k6O82hbS057364@givry.rennes.enst-bretagne.fr> <67BF1360-6341-4553-8E5D-38B36AF1218D@muada.com> <70C6EFCDFC8AAD418EF7063CD132D064016A182F@WIN-MSG-21.wingroup.windeploy.ntdev.microsoft.com> <235CBF81-9A46-4512-9DAB-1E83202C2B74@muada.com>

> > Of course, we would have a very simple way out of this debate by
> > mandating IPSEC, or more precisely only solving the "session
> > continuity"
> > problem if IPSEC is used.
> 
> IPsec keeps coming up but so far, nobody has been able to explain how
> to make IPsec work between random hosts connected to the internet that
> don't have any shared state yet.

And how exactly is that harder than convincing random hosts that have no
shared state to trust HBA or CGA information? In theory, one can use the
same validation for IKE that one is ready to use for SHIM6, and reuse
IKEv2, MOBIKE and the like.

-- Christian Huitema

Follow-Ups:
- Re: IPsec !?, was: Re: CGA Use with HBA in Shim6 IETF Meeting July 10, 2006
  - From: Francis Dupont <Francis.Dupont@point6.net>

References:
- Re: CGA Use with HBA in Shim6 IETF Meeting July 10, 2006
  - From: Iljitsch van Beijnum <iljitsch@muada.com>
- RE: CGA Use with HBA in Shim6 IETF Meeting July 10, 2006
  - From: "Christian Huitema" <huitema@windows.microsoft.com>
- IPsec !?, was: Re: CGA Use with HBA in Shim6 IETF Meeting July 10, 2006
  - From: Iljitsch van Beijnum <iljitsch@muada.com>

Prev by Date: IPsec !?, was: Re: CGA Use with HBA in Shim6 IETF Meeting July 10, 2006
Next by Date: Re: IPsec !?, was: Re: CGA Use with HBA in Shim6 IETF Meeting July 10, 2006
Previous by thread: IPsec !?, was: Re: CGA Use with HBA in Shim6 IETF Meeting July 10, 2006
Next by thread: Re: IPsec !?, was: Re: CGA Use with HBA in Shim6 IETF Meeting July 10, 2006
Index(es):
- Date
- Thread