Re: [Mip6] Before BU..
Francis Dupont <Francis.Dupont@enst-bretagne.fr> Mon, 27 September 2004 10:05 UTC
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA16747 for <mip6-web-archive@ietf.org>; Mon, 27 Sep 2004 06:05:44 -0400 (EDT)
Received: from megatron.ietf.org ([132.151.6.71]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1CBsVm-0002Fk-B8 for mip6-web-archive@ietf.org; Mon, 27 Sep 2004 06:13:38 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CBsLA-0002XX-3b; Mon, 27 Sep 2004 06:02:40 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CBsG6-0002KG-TE for mip6@megatron.ietf.org; Mon, 27 Sep 2004 05:57:26 -0400
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id FAA16481 for <mip6@ietf.org>; Mon, 27 Sep 2004 05:57:24 -0400 (EDT)
Received: from laposte.rennes.enst-bretagne.fr ([192.44.77.17]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1CBsNg-000291-Ok for mip6@ietf.org; Mon, 27 Sep 2004 06:05:18 -0400
Received: from givry.rennes.enst-bretagne.fr (givry.rennes.enst-bretagne.fr [193.52.74.194]) by laposte.rennes.enst-bretagne.fr (8.11.6p2/8.11.6/2003.04.01) with ESMTP id i8R9ub004356; Mon, 27 Sep 2004 11:56:37 +0200
Received: from givry.rennes.enst-bretagne.fr (localhost.rennes.enst-bretagne.fr [127.0.0.1]) by givry.rennes.enst-bretagne.fr (8.12.3/8.12.3) with ESMTP id i8R9ubSj080164; Mon, 27 Sep 2004 11:56:37 +0200 (CEST) (envelope-from dupont@givry.rennes.enst-bretagne.fr)
Message-Id: <200409270956.i8R9ubSj080164@givry.rennes.enst-bretagne.fr>
From: Francis Dupont <Francis.Dupont@enst-bretagne.fr>
To: Warodom Werapun <ple@graduate.kmitl.ac.th>
Subject: Re: [Mip6] Before BU..
In-reply-to: Your message of Mon, 27 Sep 2004 16:23:51 +0700. <4157DC27.2030108@graduate.kmitl.ac.th>
Date: Mon, 27 Sep 2004 11:56:37 +0200
X-Virus-Scanned: by amavisd-milter (http://amavis.org/) at enst-bretagne.fr
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 69a74e02bbee44ab4f8eafdbcedd94a1
Cc: mip6@ietf.org
X-BeenThere: mip6@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: mip6.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/mip6>, <mailto:mip6-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:mip6@ietf.org>
List-Help: <mailto:mip6-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/mip6>, <mailto:mip6-request@ietf.org?subject=subscribe>
Sender: mip6-bounces@ietf.org
Errors-To: mip6-bounces@ietf.org
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 9ed51c9d1356100bce94f1ae4ec616a9
In your previous mail you wrote:
Before MIPv6 process Binding update, I saw that there are RR, IPsec
, IKE.
=> do you speak about the MN-HA case, the MN-CN case or both?
Currently:
- IPsec is mandatory and IKE recommended in the MN-HA case
- RR is mandatory in the MN-CN case but there are some proposals
for stronger but dedicated schemes in this case:
* preconfigured Kbm (draft-ietf-mip6-precfgKbm-00.txt)
* IPsec (draft-dupont-mipv6-cn-ipsec-01.txt)
* CGA (draft-haddad-mip6-cga-omipv6-02.txt)
...
I heard that IPsec make RR securely (protect man-in-the middle all paths).
=> yes, RR security relies on IPsec between MN-HA.
And before we use IPsec, we need to setup SA via IKE.
=> currently one has the choice between manual keying, automatic keying
using IKE and automatic keying using something else than IKE.
Obviously the last solution is dedicated, i.e., it relies on a
preagreement but this constraint is not a real problem as there should
be some kind of preagreements in any case.
So, if we used IKE (may be SKIP (diffie-cert) ) to generate Kbu (Kbm)
and take out IPsec and RR. I think, it may decrease packet delay time
significantly, isn't it?
=> if I understand well you propose to create a DOI for IKE in order
to build directly a Kbm? I can't see major advantages vs preconf Kbm
or IPsec...
Thanks
Francis.Dupont@enst-bretagne.fr
_______________________________________________
Mip6 mailing list
Mip6@ietf.org
https://www1.ietf.org/mailman/listinfo/mip6
- [Mip6] Before BU.. Warodom Werapun
- Re: [Mip6] Before BU.. Francis Dupont