Re: [netlmm] Issue: Auth Option support

Alper Yegin wrote:
> Hi Alex, Sri,
> 
> - The highlight of my suggestion is not to mandate auth option, but
> to simply relax the current language that states "must use IPsec".
> 
> - Auth option is an example of another security mechanism that we
> shall not prevent from being used.

Auth option is now little appropriate for recommendation to
implementation of a MIP6 stack.  As I said already, authopt is silent
about other MIP6 messages than BU/BAck.  And one surely doesn't want
BU/BAck auth'ed with authopt and BErr with IPsec.

It will probably evolve more than its current state.

When would you like to discuss technically authopt document?  BEfore we
recommend it in PMIP or after?

> - "default" does not mean much. We shall speak in terms of
> "must/should/may implement", and "must/should/may use."

I agree, it's more understandable.

> - Leaving that to other specs, and the "must use IPsec" language in
> RFC 3775 despite RFC4285 do not make sense to me.

Sorry, it does make a lot of sense to me.  3775 is stds track.  Authopt
is informational.  The new authopt-bis draft is apparently intended as
informational as well, correct me if I'm wrong.  It's normal for a stds
track document to recommend another stds track document and be silent
about the informationals.

> My recommendation is to state "should implement IPsec, may use IPsec"
> in the PMIP6 spec.

Should and should is ok with me by now (not should and may).

Alex

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

_______________________________________________
netlmm mailing list
netlmm@ietf.org
https://www1.ietf.org/mailman/listinfo/netlmm