aside: IPsec tunnels for carrying options/headers end-to-end
RJ Atkinson <rja.lists@gmail.com> Mon, 10 February 2014 20:17 UTC
Return-Path: <rja.lists@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 350BD1A0450 for <ipv6@ietfa.amsl.com>; Mon, 10 Feb 2014 12:17:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AN1PPt5JBNM8 for <ipv6@ietfa.amsl.com>; Mon, 10 Feb 2014 12:17:41 -0800 (PST)
Received: from mail-qc0-x236.google.com (mail-qc0-x236.google.com [IPv6:2607:f8b0:400d:c01::236]) by ietfa.amsl.com (Postfix) with ESMTP id 0AA251A01FD for <ipv6@ietf.org>; Mon, 10 Feb 2014 12:17:40 -0800 (PST)
Received: by mail-qc0-f182.google.com with SMTP id c9so11298584qcz.41 for <ipv6@ietf.org>; Mon, 10 Feb 2014 12:17:40 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:content-type:content-transfer-encoding:subject:date:message-id :to:mime-version; bh=7A3tUzxs/N5KGDNaWRyvEgQ89yz3yig823QLPgluMRk=; b=rXJrwOU3hFyVC5lUkbBjsk5X0o1koILC6ormOCG3FTC/a7oW49iz4ie3IM0f+hwM3U RdEi6SF5fsaLg4NIHWKzzJOXNBixse7ZgCn8xT+lQzgXhXg7Iimyr3p5XTvwhzG/NyJg qr9rudXsNyg1iDYRrpxlFvn9jKalNSlCbvAMChctqcD0h2juzFTytTUpWndLMJhgqvlw 7ZqpTULjWWoQx9AOfekd64ytYOOIQlpKcyqHRbHvBFNHiIE4L4FUUvSaV/alXA7ERVIN kcDF541+1jcpprjo/QPnx3qUwSnfQhV3xtL/+edK5VYTry5w7xlh+6ve407RyR3DJSsU NncA==
X-Received: by 10.140.43.3 with SMTP id d3mr47487250qga.70.1392063460568; Mon, 10 Feb 2014 12:17:40 -0800 (PST)
Received: from [10.30.20.14] (pool-173-79-6-58.washdc.fios.verizon.net. [173.79.6.58]) by mx.google.com with ESMTPSA id v33sm25328622qgd.10.2014.02.10.12.17.40 for <ipv6@ietf.org> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 10 Feb 2014 12:17:40 -0800 (PST)
From: RJ Atkinson <rja.lists@gmail.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Subject: aside: IPsec tunnels for carrying options/headers end-to-end
Date: Mon, 10 Feb 2014 15:17:39 -0500
Message-Id: <D62E725B-1685-4609-84FD-0683B125D654@gmail.com>
To: ipv6@ietf.org
Mime-Version: 1.0 (Apple Message framework v1283)
X-Mailer: Apple Mail (2.1283)
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Feb 2014 20:17:43 -0000
On 2/10/14, Fernando Gont wrote, in part: > On 02/07/2014 09:06 PM, Mark ZZZ Smith wrote: > > End-to-end crypto might the backup plan. > > Depends on what you mean by end-to-end crypto, and in what context. > > SSL/TLS for say, web servers and mailservers, fine. > > IPsec for the general case...mmm.. unlikely. > > Is there any plan for solving the authentication of nodes? The IETF DANE WG. Their initial focus seems to be TLS, but the same approach ought to work fine for IPsec (and was always what I expected to happen, although I thought it would have happened sooner. :-) > Is everyone expected to get/buy a certificate? No. See above. Folks are expected to have DNS, which is already an expectation. To Mark's point at the very top, tunnelling is indeed one method to permit options/headers/new-protocols to be deployed, but it assumes cooperating endpoints who can encapsulate/decapsulate as appropriate. Yours, Ran