[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPsec !?, was: Re: CGA Use with HBA in Shim6 IETF Meeting July 10, 2006

To: marcelo bagnulo braun <marcelo@it.uc3m.es>
Subject: Re: IPsec !?, was: Re: CGA Use with HBA in Shim6 IETF Meeting July 10, 2006
From: Francis Dupont <Francis.Dupont@point6.net>
Date: Mon, 31 Jul 2006 00:13:56 +0200
Cc: "Christian Huitema" <huitema@windows.microsoft.com>, "shim6-wg" <shim6@psg.com>, "Iljitsch van Beijnum" <iljitsch@muada.com>
In-reply-to: Your message of Sun, 30 Jul 2006 21:09:54 +0300. <c762679ea7731c5122e2c84bf4cd3324@it.uc3m.es>

 In your previous mail you wrote:
   
   there is no general any-to-any mechanism to prove address ownership
   using IPsec which is what is provided by CGA/HBA,

=> I strongly disagree: we don't need such a mechanism because IPsec
is based on mutual authentication which is a stronger property than
what is provided by CGA/HBA.

   this is why IPSec is not a possible substitute to HBA/CGA in shim

=> I have exactly the opposite conclusion: we need a proof the alternate
address belongs to the same node, with a proper use of IPsec we have
a proof the traffic (including signaling) comes from the node we believe
it comes from, and than nobody can have modified it. And we can even have
more like confidentiality...
   
Regards
   
Francis.Dupont@point6.net

Follow-Ups:
- Re: IPsec !?, was: Re: CGA Use with HBA in Shim6 IETF Meeting July 10, 2006
  - From: marcelo bagnulo braun <marcelo@it.uc3m.es>

References:
- Re: IPsec !?, was: Re: CGA Use with HBA in Shim6 IETF Meeting July 10, 2006
  - From: marcelo bagnulo braun <marcelo@it.uc3m.es>

Prev by Date: Re: CGA Use with HBA in Shim6 IETF Meeting July 10, 2006
Next by Date: Re: CGA Use with HBA in Shim6 IETF Meeting July 10, 2006
Previous by thread: Re: IPsec !?, was: Re: CGA Use with HBA in Shim6 IETF Meeting July 10, 2006
Next by thread: Re: IPsec !?, was: Re: CGA Use with HBA in Shim6 IETF Meeting July 10, 2006
Index(es):
- Date
- Thread