Re: CGA Use with HBA in Shim6 IETF Meeting July 10, 2006

[Pekka Savola <pekkas@netcore.fi>]

On Tue, 11 Jul 2006, Bound, Jim wrote:
> Recommendation: For now remove HBA and the use of ULID security
> specifying HBA and leave it as work to be completed that avoids this IPR
> problem with CGA.  Suggestion is to simply embed ULIDs within the data
> payload with new option and secure all communications at least for now
> for IP layer communcatiions with IPsec encryption based on locator pair.
> Separating the movement of Shim6 to proposed standard from the issue of
> ULID security using HBA.

How could this any-to-any IPsec (no prior relation to your peers can 
be assumed) be made to work?` Are you suggesting using BTNS, 
opportunistic IPsec, and/or something else?  What would be the impact 
on security of our solution?

I think this potential solution path was hinted at the security 
directorate review we got some time ago, but as Jari Arkko said, it 
wasn't clear whether secdir fully understood the implications what 
using for example IPsec might mean for the solution.

--
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings