IETF Logo Mail Archive

Re: [MEXT] Reviews of draft-korhonen-mext-mip6-altsec

marcelo bagnulo braun <marcelo@it.uc3m.es> Thu, 14 October 2010 17:57 UTC

Return-Path: <marcelo@it.uc3m.es>
X-Original-To: mext@core3.amsl.com
Delivered-To: mext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2F0A53A69DC for <mext@core3.amsl.com>; Thu, 14 Oct 2010 10:57:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.141
X-Spam-Level:
X-Spam-Status: No, score=-105.141 tagged_above=-999 required=5 tests=[AWL=-1.318, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, SARE_FWDLOOK=1.666, SARE_LWFORWARD=1.11, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 16qZFRpfax9o for <mext@core3.amsl.com>; Thu, 14 Oct 2010 10:57:00 -0700 (PDT)
Received: from smtp02.uc3m.es (smtp02.uc3m.es [163.117.176.132]) by core3.amsl.com (Postfix) with ESMTP id CCB7C3A699F for <mext@ietf.org>; Thu, 14 Oct 2010 10:56:59 -0700 (PDT)
X-uc3m-safe: yes
Received: from marcelo-bagnulos-macbook-pro.local (190.30.18.95.dynamic.jazztel.es [95.18.30.190]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp02.uc3m.es (Postfix) with ESMTP id 285FA7118F3; Thu, 14 Oct 2010 19:58:14 +0200 (CEST)
Message-ID: <4CB744B4.7070109@it.uc3m.es>
Date: Thu, 14 Oct 2010 19:58:12 +0200
From: marcelo bagnulo braun <marcelo@it.uc3m.es>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; es-ES; rv:1.9.2.8) Gecko/20100802 Thunderbird/3.1.2
MIME-Version: 1.0
To: "Laganier, Julien" <julienl@qualcomm.com>
References: <4CB69A0A.2030503@it.uc3m.es> <C8DC72CF.63CC%sgundave@cisco.com> <BF345F63074F8040B58C00A186FCA57F29F4468AFC@NALASEXMB04.na.qualcomm.com>
In-Reply-To: <BF345F63074F8040B58C00A186FCA57F29F4468AFC@NALASEXMB04.na.qualcomm.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 8bit
X-TM-AS-Product-Ver: IMSS-7.0.0.3116-6.0.0.1038-17702.006
Cc: "mext@ietf.org" <mext@ietf.org>, Jari Arkko <jari.arkko@piuha.net>
Subject: Re: [MEXT] Reviews of draft-korhonen-mext-mip6-altsec
X-BeenThere: mext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Mobile IPv6 EXTensions WG <mext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/mext>, <mailto:mext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mext>
List-Post: <mailto:mext@ietf.org>
List-Help: <mailto:mext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mext>, <mailto:mext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Oct 2010 17:57:01 -0000

  I agree with all Julien stated.
Just one more comment.

I personally would be interested to understand for each new proposed 
solution, what would be the interoperability plan with the current 
solutions. I mean, it could be as simple as: " we assume that all nodes 
in the network implement the new solution", but maybe there is something 
more into it (e.g. the HA will support multiple security mechanisms, and 
the MNs will support only one).
I think it would be worth doing the exercise.

Regards, marcelo

El 14/10/10 19:04, Laganier, Julien escribió:
> Sri,
>
> Sri Gundavelli wrote:
>> Marcelo/Julien:
>>
>> Clarifying question ?
> Sure.
>
>> Given that, this (Alternative Security Mechanisms for MIPv6) is now a
>> chartered work item under experimental category, wondering about the
>> future and the relation of the candidate solution with two existing security
>> mechanisms, before we spin one more.
> To be exact: we do not spin one more, we are spinning more experimental mechanisms, to experiment with security model alternatives. There might be one more, two more, etc. It all depends on what the WG think is worth experimenting with.
>
>> We have IPsec, a normative standard, Authentication Option, an
>> informative standard, and hopefully a perfect new solution as an experimental
>> standard.
> To be exact: RFC 4285 (Authentication option) does not specify an Internet standard of any kind.
>
>> So, what is the evolution plan, if we love this new experimental
>> standard and MIP deployments get adopted and phase out GTP in 3GPP, will this
>> get promoted to be an informational standard or a normative standard ? :)
> Any new experimental RFC that the WG publish will define an Experimental Protocol for the Internet community.  It will not specify an Internet standard of any kind.
>
> As a result of the experiment, if one of the proposals is considered successful we might consider progressing it on the standard track.
>
>> Secondly, for Auth-Opt to be considered an alternative security
>> mechanism, since that is some what black listed with that famous IESG note, will
>> it be a demotion or a promotion to get that under this Experimental standard,
>> from informational standard with a red dot. :)
> Since neither experimental RFCs not informational RFC defines Internet standard or any kind, there does not seem to be a huge difference. However from my perspective the experimental status highlights that an experiment is ongoing and thus that at some point the results can be evaluated by the community.
>
>> Just curious, we will surely have excellent interoperability between
>> vendors. Its better to put few forward looking statements around this
>> work, else it will confuse the hell out of every one.
> Standard wise there is no reason for anyone to be confused. IPsec remains the standard track, mandatory to implement security mechanism that guarantees interoperability.
>
> --julien
>

v2.23.0 | Report a Bug | By Email