[anonsec] btns at ietf66

Nicolas.Williams at sun.com (Nicolas Williams) Thu, 29 June 2006 02:26 UTC

From: "Nicolas.Williams at sun.com"
Date: Wed, 28 Jun 2006 21:26:11 -0500
Subject: [anonsec] btns at ietf66
In-Reply-To: <v0zmfxkk7w.fsf@marajade.sandelman.ca>
References: <D24177EF-3A6B-4A23-BDD5-52A67C485D1E@it.su.se> <v0zmfxkk7w.fsf@marajade.sandelman.ca>
Message-ID: <20060629022611.GK5688@binky.Central.Sun.COM>

On Wed, Jun 28, 2006 at 06:07:31PM -0400, Michael Richardson wrote:
> Nico and I have formulated a clearer statement of a problem that BTNS
> will introduce to gateways that think that they have a workable global PKI.

More specifically, in the process of fleshing out detailed examples
including detailed PADs and SPDs we figured out how to describe the
IPsec wildcard PAD entry problem, and that multiple wildcard PAD entries
have more security considerations than a single wildcard PAD entry at
the end of a PAD.

The problem can be addressed in several ways, though it isn't fully
explored in the draft we submitted.

> It needs perhaps 15 minutes to explain, and I will try to write an email to
> the list outline the issue, and maybe some diagrams ahead of time.

Yes, we'll have some materials to present on this.

Nico
--

[anonsec] btns at ietf66 Love Hörnquist Åstrand
[anonsec] btns at ietf66 Love Hörnquist Åstrand
[anonsec] btns at ietf66 Michael Richardson
[anonsec] btns at ietf66 Michael Richardson
[anonsec] btns at ietf66 Nicolas Williams