[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: CGA Use with HBA in Shim6 IETF Meeting July 10, 2006
Very few who use IPSec also use PKI. Most use a pre-shared key. I hope that no one is requiring that a PKI be in place in order to use shim6.
Senior Network Engineer
IP Core Infrastructure
From: firstname.lastname@example.org [mailto:email@example.com] On Behalf Of Bound, Jim
Sent: Wednesday, July 19, 2006 9:55 AM
To: marcelo bagnulo braun; Francis Dupont
Cc: firstname.lastname@example.org; Pekka Savola; Iljitsch van Beijnum
Subject: RE: CGA Use with HBA in Shim6 IETF Meeting July 10, 2006
I was assuming the node regardless will use IPsec as required. Thus it really is not shime6 concern. But I do not believe no one will not deploy IPsec because of PKI that is simply not true. IPsec is deployed today with PKI.
> -----Original Message-----
> From: marcelo bagnulo braun [mailto:email@example.com]
> Sent: Wednesday, July 19, 2006 8:04 AM
> To: Francis Dupont
> Cc: firstname.lastname@example.org; Bound, Jim; Pekka Savola; Iljitsch van Beijnum
> Subject: Re: CGA Use with HBA in Shim6 IETF Meeting July 10, 2006
> El 19/07/2006, a las 14:38, Francis Dupont escribió:
> > I can't see where Jim proposed to base the Shim6 security
> on IPsec...
> in message http://ops.ietf.org/lists/shim6/msg01511.html
> it is stated that:
> Suggestion is to simply embed ULIDs within the data payload
> with new option and secure all communications at least for
> now for IP layer communcatiions with IPsec encryption based
> on locator pair.
> meaning to use IPSec as an alternative to HBA security
> > (something which is known to require the impossible and even not
> > desirable global PKI :-)
> Regards, marcelo
> > Regards
> > Francis.Dupont@point6.net