For people not to get wrong impression, there is nothing unsolvable in the remaining issues on the table in mobileip wg for Mobile IPv6. All issues raised have so far been analyzed in concerns drafts, and sets of solutions proposed. The question currently is more to conclude the selection process among the proposed solutions.
One issue on the table is the scalability of key distribution in infrastructureless case. Changing tunneling format is an orthogonal issue to this and I have not understood what so far unsolvable would such a change achieve. Proposals by people working in security providing "weak authentication" e.g. based on return routability, have appeared and been under scrutiny. Mobileip wg has done a big job analyzing security concerns in Mobile IPv6, and like Brian has requested below, the work to solve these issues has taken place in the actual working group in question. Solutions independent of work done elsewhere, ipsec included, have emerged allowing among other things, decoupling of binding security association maintenance and message authentication code placement from the inflexibilities of ipsec, where no mobility concerns are addressed, e.g. support of IPv6 extension header protection policies in SA database access, or support for weak authentication. A lot of implementation experience already exists for most features in the current design, and much ongoing work has happened to show feasibility of the remaining issues. IMHO, the issue of a full redesign for Mobile IPv6 is moot and existence of Mobile IPv6 in the draft in the topic line is well founded. BR, -Jari Michael Thomas wrote: > > Vijay Devarapalli writes: > > Brian E Carpenter wrote: > > > I'm not quite sure what you are getting at here, but it's the > > > responsibility of every WG to solve all the security issues > > > associated with its own work; security is not a kind of > > > icing added afterwards to the cake. And if a security problem > > > is discovered late, it still has to be solved, even if that > > > means starting again. Security isn't optional in the IETF. > > > > For one, it has been asked to solve key distribution between > > two hosts in the Internet without using any infrastructure > > (dont assume PKI, AAA, etc...). Mobile IP WG has been told > > that MIPv6 will not move ahead without solving this. and > > everyone knows it is a very hard problem. > > > > There are many more, but it will sound like a rant. I will > > stop with this. My only intention was to put a statement into > > a certain perspective. > > This is akin to wanting to design a 200 story > building, but not wanting to be held accountable > for its structural integrity. Any-any tunneling is > a hard problem, and anything that wants to propose > its use needs to deal with *all* of its > complexities. The alternative is to not take on > the task if it's too hard. There is nowhere else > where this will or should be solved. > > Mike > -------------------------------------------------------------------- > IETF IPng Working Group Mailing List > IPng Home Page: http://playground.sun.com/ipng > FTP archive: ftp://playground.sun.com/pub/ipng > Direct all administrative requests to [EMAIL PROTECTED] > -------------------------------------------------------------------- -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
