[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: 64-bit identifiers
On 2001-08-15 17:17:38 +0200, Francis Dupont wrote:
> => low overhead (i.e. BAKE, SUCV) proposals won't apply (no home
> agent), higher overhead (i.e. IKE, HIP) proposals provide the required
> security level but rely on a global PKI... I really don't know what is
> the worst: to accept MITM attacks or to wait for DNSSEC?
MITM seems like a problem that multi6 doesn't have to solve. If a
"gang-of-IP's" protocol is used, as long as it doesn't preclude host
authentication for users/admins/hosts/protocols that care about it, then
solving the problems of redundacy and load sharing seem like the thing
to worry about.
I think most businesses today would be happy with an anonymous
end-to-end connection since they rely on web certs for their only
authentication in the current Internet. I'm not saying this is a good
thing, but again, not one that multi6 needs to address.