Hi,
On 09/09/2013 07:50 AM, Henderson, Thomas R wrote:
Last week I published a new version of RFC5201-bis:
http://tools.ietf.org/html/draft-ietf-hip-rfc5201-bis-13
This was mainly to address ID-nits and prepare the draft for the next stage of
the review process. However, I also received a number of comments from Anders
Brandt (cc'ed) on the version-12 draft. The purely editorial ones were
included in version-13, but I decided to post a few for review on the list.
In the interest of expediency, I'd like to suggest that we aim for resolving
all of these within the next two weeks.
1) Section 4.1, the statement is made:
"As a result, it is believed that the HIP opportunistic mode is at least as secure
as current IP."
Anders questioned what this statement means. Further clarifications are needed
here.
I would just suggest combining this sentence with the previous
paragraph. Alternatively, this could perhaps be rephrased as:
As a result, opportunistic mode in HIP offers a "better than nothing"
security model. Initially, a base exchange authenticated in the
opportunistic mode involves a leap of faith subject man-in-the-middle
attacks, but subsequent datagrams related to the same HIP association
cannot be compromised by a new man-in-the-middle attack. Thus, it can be
stated that opportunistic mode in HIP is at least as secure as
unprotected IP-based communications.
_______________________________________________
Hipsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/hipsec
