On 05/08/2012 05:13 AM, Michael Richardson wrote:
"Dan" == Dan Wing<[email protected]> writes:Dan> If the subscriber's IP address really is static, the subscriber Dan> can avoid DNS entirely, and just put their static IPv6 (or Dan> IPv4) address into their portable computing device (tablet, PC, Dan> whatever) and they're done. That way, the user doesn't need to Dan> know how to edit a zone file or beg their ISP for a FQDN.Dan> That leaves the user with the complication of configuring a VPN Dan> on their consumer-grade router and on their portable computing Dan> device (table, PC, whatever). Still pretty hard. Is the goal communications with the home(net), or is the goal to appear to still be at home ("MobileIP")? If the former, then given end-to-end addressing and routing, transport-mode or /128-tunnel-mode IPsec may be more appropriate. And one may be able to leverage application layer authentication to do channel binding of BTNS-IPsec. Secondly, half the time I've heard people want "remote access/VPN", it's not a security issue, it's a reachability and addressing issue.
As I said in my original post, the problem I have is that I don't want to give access to my traffic to unknown and possibly malicious wifi providers. There may be many ways to get around this, but there is nothing in widespread use today, modulo piggybacking on corpro vpn's. I don't want or can't be dependent on corpro vpn's, so now what? One thing seems pretty certain from the mobile ip experience: ISP's aren't going to be stepping up to providing HA's anytime soon. Same goes for VPN termination. So assuming that I want a secure way to get my bits past $EVILCO coffee shop, what's at the other end of my bits? Mike, and pervasive TLS is not a viable answer either since traffic analysis is still pretty incrim^H^H^H^H^Hvaluable _______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
