Martin Thomson <martin.thom...@gmail.com> wrote:
> I remain deeply concerned about the security parts. At a minimum, the
> protocol needs a clear definition of how authentication and
> confidentiality mechanisms are used, even if the process by which keys
> and so forth are established is left to other work. In part, that's
> easy, all the unicast stuff can use TLS and you can wave your hands
> about how trust anchors get around. However, given that this
I've argued strongly against doing this.
"Use TLS" with hand-waving is akin to rfc5406 "Use IPsec": it gets us nowhere.
We are doing quite a lot of work to get trust anchors in the right place
(BRSKI), to describe how to bring up IP (or maybe GRE) over IPsec in the ACP
document.
GRASP does not stand alone.
> traverses the Internet, I am going to suggest that not having
> confidentiality for the general discovery case is unwise and not
> having authentication for the same seems like a real deal-breaker.
--
Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ Anima mailing list Anima@ietf.org https://www.ietf.org/mailman/listinfo/anima
