Re: [mif] draft-mglt-mif-security-requirements-01
"Hampel, K Georg (K Georg)" <georg.hampel@alcatel-lucent.com> Thu, 05 April 2012 14:47 UTC
Return-Path: <georg.hampel@alcatel-lucent.com>
X-Original-To: mif@ietfa.amsl.com
Delivered-To: mif@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1B89621F86C2 for <mif@ietfa.amsl.com>; Thu, 5 Apr 2012 07:47:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.39
X-Spam-Level:
X-Spam-Status: No, score=-7.39 tagged_above=-999 required=5 tests=[AWL=-0.792, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 41BiBxDA60VF for <mif@ietfa.amsl.com>; Thu, 5 Apr 2012 07:47:02 -0700 (PDT)
Received: from ihemail4.lucent.com (ihemail4.lucent.com [135.245.0.39]) by ietfa.amsl.com (Postfix) with ESMTP id 1057421F86BD for <mif@ietf.org>; Thu, 5 Apr 2012 07:47:01 -0700 (PDT)
Received: from usnavsmail4.ndc.alcatel-lucent.com (usnavsmail4.ndc.alcatel-lucent.com [135.3.39.12]) by ihemail4.lucent.com (8.13.8/IER-o) with ESMTP id q35Ekwba002538 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Thu, 5 Apr 2012 09:46:58 -0500 (CDT)
Received: from USNAVSXCHHUB03.ndc.alcatel-lucent.com (usnavsxchhub03.ndc.alcatel-lucent.com [135.3.39.112]) by usnavsmail4.ndc.alcatel-lucent.com (8.14.3/8.14.3/GMO) with ESMTP id q35Ekwog005480 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NOT); Thu, 5 Apr 2012 09:46:58 -0500
Received: from USNAVSXCHMBSA2.ndc.alcatel-lucent.com ([135.3.39.124]) by USNAVSXCHHUB03.ndc.alcatel-lucent.com ([135.3.39.112]) with mapi; Thu, 5 Apr 2012 09:46:58 -0500
From: "Hampel, K Georg (K Georg)" <georg.hampel@alcatel-lucent.com>
To: Daniel Migault <mglt.ietf@gmail.com>
Date: Thu, 05 Apr 2012 09:46:56 -0500
Thread-Topic: [mif] draft-mglt-mif-security-requirements-01
Thread-Index: Ac0TOHgI019Bwf5eQqG+XboM6bwMNgAAirGw
Message-ID: <154773479ED2314980CB638A48FC4434893D3C1A@USNAVSXCHMBSA2.ndc.alcatel-lucent.com>
References: <154773479ED2314980CB638A48FC4434893D3BCA@USNAVSXCHMBSA2.ndc.alcatel-lucent.com> <CADZyTk=n8pBSuB1duJshmJXf=h-mPvapK3T_=PAtCwqMvOqLwg@mail.gmail.com>
In-Reply-To: <CADZyTk=n8pBSuB1duJshmJXf=h-mPvapK3T_=PAtCwqMvOqLwg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/alternative; boundary="_000_154773479ED2314980CB638A48FC4434893D3C1AUSNAVSXCHMBSA2n_"
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.57 on 135.245.2.39
X-Scanned-By: MIMEDefang 2.64 on 135.3.39.12
Cc: "mif@ietf.org" <mif@ietf.org>
Subject: Re: [mif] draft-mglt-mif-security-requirements-01
X-BeenThere: mif@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Multiple Interface Discussion List <mif.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mif>, <mailto:mif-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mif>
List-Post: <mailto:mif@ietf.org>
List-Help: <mailto:mif-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mif>, <mailto:mif-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Apr 2012 14:47:03 -0000
Daniel, In principle, the same could be accomplished via separate SA on each path, even if the paths pertain to the same SCTP or MPTCP connection. Correct? This obviously adds cost to SA establishment. Georg ________________________________ From: Daniel Migault [mailto:mglt.ietf@gmail.com] Sent: Thursday, April 05, 2012 10:29 AM To: Hampel, K Georg (K Georg) Cc: mif@ietf.org Subject: Re: [mif] draft-mglt-mif-security-requirements-01 That's correct. It provides IPsec the Multiple Interfaces features of SCTP or MPTCP. The goal is that MIF Nodes can deal with IPsec protected communications. BR Daniel On Thu, Apr 5, 2012 at 4:04 PM, Hampel, K Georg (K Georg) <georg.hampel@alcatel-lucent.com<mailto:georg.hampel@alcatel-lucent.com>> wrote: Daniel, all, I read draft-mglt-mif-security-requirements-01. Just to make sure I got the essence: The draft proposes to extend IPsec/MobIKE so that a multihomed host can simultaneously sustain multiple paths to the same security gateway or app server using the *same* SA. MobIKE would have to be upgraded to dynamically add/delete such paths. Purpose: Such an extension would avoid the need to establish separate SAs for each path. Is that correct? Regards, Georg _______________________________________________ mif mailing list mif@ietf.org<mailto:mif@ietf.org> https://www.ietf.org/mailman/listinfo/mif -- Daniel Migault Orange Labs -- Security +33 6 70 72 69 58
- Re: [mif] draft-mglt-mif-security-requirements-01 Hampel, K Georg (K Georg)
- [mif] draft-mglt-mif-security-requirements-01 Hampel, K Georg (K Georg)
- Re: [mif] draft-mglt-mif-security-requirements-01 Daniel Migault
- Re: [mif] draft-mglt-mif-security-requirements-01 Daniel Migault