IETF Logo Mail Archive

[ipwave] draft-ietf-ipwave-ipv6-over-80211ocb-00 certs req, IPsec

Alexandre Petrescu <alexandre.petrescu@gmail.com> Sun, 12 February 2017 18:50 UTC

Return-Path: <alexandre.petrescu@cea.fr>
X-Original-To: its@ietfa.amsl.com
Delivered-To: its@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E325C1299BC for <its@ietfa.amsl.com>; Sun, 12 Feb 2017 10:50:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.017
X-Spam-Level:
X-Spam-Status: No, score=-6.017 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_CUSTOM_MED=0.001, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, NML_ADSP_CUSTOM_MED=0.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EwDohewMgxEM for <its@ietfa.amsl.com>; Sun, 12 Feb 2017 10:50:21 -0800 (PST)
Received: from oxalide-out.extra.cea.fr (oxalide-out.extra.cea.fr [132.168.224.8]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7B8DB129658 for <its@ietf.org>; Sun, 12 Feb 2017 10:50:20 -0800 (PST)
Received: from pisaure.intra.cea.fr (pisaure.intra.cea.fr [132.166.88.21]) by oxalide.extra.cea.fr (8.15.2/8.15.2/CEAnet-Internet-out-2.4) with ESMTP id v1CIoIis003693 for <its@ietf.org>; Sun, 12 Feb 2017 19:50:18 +0100
Received: from pisaure.intra.cea.fr (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id 1A913205B17 for <its@ietf.org>; Sun, 12 Feb 2017 19:50:18 +0100 (CET)
Received: from muguet2.intra.cea.fr (muguet2.intra.cea.fr [132.166.192.7]) by pisaure.intra.cea.fr (Postfix) with ESMTP id 102F8203A19 for <its@ietf.org>; Sun, 12 Feb 2017 19:50:18 +0100 (CET)
Received: from [132.166.84.15] ([132.166.84.15]) by muguet2.intra.cea.fr (8.15.2/8.15.2/CEAnet-Intranet-out-1.4) with ESMTP id v1CIoHXD031509 for <its@ietf.org>; Sun, 12 Feb 2017 19:50:17 +0100
From: Alexandre Petrescu <alexandre.petrescu@gmail.com>
To: "its@ietf.org" <its@ietf.org>
References: <148052970170.9607.12043916621198119260.idtracker@ietfa.amsl.com>
Organization: CEA
Message-ID: <5937cad9-b1e6-1bf4-c02b-e9e173dd329a@cea.fr>
Date: Sun, 12 Feb 2017 19:49:46 +0100
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.7.1
MIME-Version: 1.0
In-Reply-To: <148052970170.9607.12043916621198119260.idtracker@ietfa.amsl.com>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="------------ms060408080903070709000407"
Archived-At: <https://mailarchive.ietf.org/arch/msg/its/uGeWUESdfwTOrBpuC5EpIIOE310>
Subject: [ipwave] draft-ietf-ipwave-ipv6-over-80211ocb-00 certs req, IPsec
X-BeenThere: its@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IPWAVE - IP Wireless Access in Vehicular Environments WG at IETF <its.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/its>, <mailto:its-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/its/>
List-Post: <mailto:its@ietf.org>
List-Help: <mailto:its-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/its>, <mailto:its-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 12 Feb 2017 18:50:22 -0000

draft-ietf-ipwave-ipv6-over-80211ocb-00
certs req, IPsec

A somewhat less clear comment I received about text requiring the use of 
certificates.  The comment mentions IPsec and authentication too.

old text:
> Similarly to Non IP safety-critical communications, IPv6 over
> 802.11-OCB packets must contain a certificate, including at least the
> public key of the sender, that will allow the receiver to
> authenticate the packet, and guarantee its legitimacy.

IMHO it would be little advantageous to require each IP/OCB packet to 
contain a certificate.  It would make them too big.

IMHO too IPsec can work without certs, too.

But since this is potentially a subject of much debate, I would remove 
that old text, and delegate to another security-specific document.

At this time I remove that old text.

Alex

v2.23.0 | Report a Bug | By Email