[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: CGA Use with HBA in Shim6 IETF Meeting July 10, 2006
On Wed, 19 Jul 2006, Bound, Jim wrote:
I don't think we can ever require that and nor have we in any spec.
Preshared keys work but the point is that is a market decision not
an IETF decision. We build the protocols with operational guidance
in some cases whether or how they are used in the market is a red
herring for our work to keep moving forward. We are more like
scientists not marketing and business people.
Exactly. Which is why we should move ahead without IPsec and PKI
This debate seems pretty much like a recap of MIPv6 route optimization
security discussions about 5 or so years ago. IPsec and PKI were
deemed insufficient _in practice_, for _the general solution_, and I
don't think the situation has changed in a significant way.
I don't think no one is disputing that IPsec and PKI could be useful
in some contexts where PKI has already been deployed. If folks think
this is a sufficiently useful scenario, maybe it would be worth
specifying in an optional shim6 extension.
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings