[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: IPsec !?, was: Re: CGA Use with HBA in Shim6 IETF Meeting July 10, 2006
> > Of course, we would have a very simple way out of this debate by
> > mandating IPSEC, or more precisely only solving the "session
> > continuity"
> > problem if IPSEC is used.
>
> IPsec keeps coming up but so far, nobody has been able to explain how
> to make IPsec work between random hosts connected to the internet that
> don't have any shared state yet.
And how exactly is that harder than convincing random hosts that have no
shared state to trust HBA or CGA information? In theory, one can use the
same validation for IKE that one is ready to use for SHIM6, and reuse
IKEv2, MOBIKE and the like.
-- Christian Huitema