+1. Yoshihiro Ohba
(2011/06/24 3:11), Robert Cragie wrote: > I have no objection to either the text below or what was agreed with > Stephen earlier. On balance, I think the text below is preferable. > > Robert > > On 23/06/2011 6:47 PM, Samita Chakrabarti wrote: >> As a co-author of the document, I am fine with the suggested text >> below. >> >> -Samita >> >> -----Original Message----- >> From: Jari Arkko [mailto:jari.ar...@piuha.net] >> Sent: Thursday, June 23, 2011 10:41 AM >> To: Yoshihiro Ohba; pana@ietf.org >> Cc: Stephen Farrell; draft-ohba-pana-re...@tools.ietf.org >> Subject: IESG discussions on draft-ohba-pana-relay >> >> We discussed this draft today. The remaining Discuss was about how >> mandatory we should make IPsec. You had discussed about a SHOULD >> with Stephen. I suggested that while interoperability is useful and >> mandatory-to-implement mechanisms are good for it, we also have to >> talk about how much value we bring with a security mechanism. In >> this case there are some issues like MITMs able to block PANA >> packets. However, some of these vulnerabilities are not helped by >> relay - PAA security, as the relay can still do bad things, and >> because ARP/ND vulnerabilities between the client and relay in any >> case make it possible to become a MITM. Stephen had some suggested >> text that I agree with: >> >> "PRE/PAA security is OPTIONAL since PANA messages are designed to be >> used in untrusted networks, but if cryptographic mechanism is >> supported, it SHOULD be IPsec." >> >> Jari >> >> > _______________________________________________ Pana mailing list Pana@ietf.org https://www.ietf.org/mailman/listinfo/pana