[anonsec] mobility and btns

mcr at sandelman.ca (Michael Richardson) Thu, 26 July 2007 07:01 UTC

From: mcr at sandelman.ca (Michael Richardson)
Date: Thu, 26 Jul 2007 02:01:40 -0500
Subject: [anonsec] mobility and btns
In-Reply-To: <f89ecb$93j$1@sea.gmane.org>
References: <F222151D3323874393F83102D614E0550A4D23BD@CORPUSMX20A.corp.emc.com> <f89ecb$93j$1@sea.gmane.org>
Message-ID: <f89gsl$han$1@sea.gmane.org>

wrong subject. sorry.

Michael Richardson wrote:
> Black_David at emc.com wrote:
>> Taking the areas in reverse order, the current sections 6.1 and
>> 6.2 of the draft essentially say that NAT, mobility and multihoming
>> issues are out of scope.  Whether they are out of scope is a longer
> 
> I believe that we should make mobility out of scope.
> Actually, I am uncertain I know what it means to have mobility and BTNS.
> 
> Someone could comtemplate mixing MOBIKE and BTNS. I don't initially see
> a reason why this can't be done at the protocol level.
> The issue is that you can't construct a sane/safe security policy.
> The major concern is that I think that BTNS will mostly be used for 
> host/32<->host/32 connections, or in transport mode. I.e. BTNS will be 
> constrained to permit some remote host to assert it's own IP.
> 
> MOBIKE, however, deals with someip/32===changingip/32...host connections,
> and deals with how to change "changingip". I don't see how you can mix these
> things.  If you write a security policy that says that anyone out there can 
> assert any IP... well, it's not much of a policy.
> 
> The only other kind of mobility that I can see being mixed in with BTNS
> is stuff described in the IFARE stuff. Let's leave that out of scope for
> BTNS as well.
> 
> I don't think we can make mobility in scope.
> 
> 
> 
> 
> _______________________________________________
>