[anonsec] multihoming and btns

mcr at sandelman.ca (Michael Richardson) Thu, 26 July 2007 06:18 UTC

From: mcr at sandelman.ca (Michael Richardson)
Date: Thu, 26 Jul 2007 01:18:38 -0500
Subject: [anonsec] multihoming and btns
In-Reply-To: <F222151D3323874393F83102D614E0550A4D23BD@CORPUSMX20A.corp.emc.com>
References: <F222151D3323874393F83102D614E0550A4D23BD@CORPUSMX20A.corp.emc.com>
Message-ID: <f89ecb$93j$1@sea.gmane.org>

Black_David at emc.com wrote:
> Taking the areas in reverse order, the current sections 6.1 and
> 6.2 of the draft essentially say that NAT, mobility and multihoming
> issues are out of scope.  Whether they are out of scope is a longer

I believe that we should make mobility out of scope.
Actually, I am uncertain I know what it means to have mobility and BTNS.

Someone could comtemplate mixing MOBIKE and BTNS. I don't initially see
a reason why this can't be done at the protocol level.
The issue is that you can't construct a sane/safe security policy.
The major concern is that I think that BTNS will mostly be used for 
host/32<->host/32 connections, or in transport mode. I.e. BTNS will be 
constrained to permit some remote host to assert it's own IP.

MOBIKE, however, deals with someip/32===changingip/32...host connections,
and deals with how to change "changingip". I don't see how you can mix these
things.  If you write a security policy that says that anyone out there can 
assert any IP... well, it's not much of a policy.

The only other kind of mobility that I can see being mixed in with BTNS
is stuff described in the IFARE stuff. Let's leave that out of scope for
BTNS as well.

I don't think we can make mobility in scope.