I think importing text from the other one Stephen had suggested would be an improvement. Like this:
3. Security of Messages Sent between PRE and PAA PRE/PAA security is OPTIONAL since PANA messages are designed to be used in untrusted networks, but if cryptographic mechanism is supported, it SHOULD be IPsec. When the device characteristics preclude support for IPsec, an alternative mechanism such as DTLS [REF], or link-layer cryptographic security, etc. may be used instead. This section describes how IPsec [RFC4301] can be used for securing the PANA relay messages. Alper > -----Original Message----- > From: Jari Arkko [mailto:jari.ar...@piuha.net] > Sent: Thursday, June 23, 2011 8:41 PM > To: Yoshihiro Ohba; pana@ietf.org > Cc: Stephen Farrell; draft-ohba-pana-re...@tools.ietf.org > Subject: IESG discussions on draft-ohba-pana-relay > > We discussed this draft today. The remaining Discuss was about how > mandatory we should make IPsec. You had discussed about a SHOULD with > Stephen. I suggested that while interoperability is useful and > mandatory-to-implement mechanisms are good for it, we also have to talk > about how much value we bring with a security mechanism. In this case > there are some issues like MITMs able to block PANA packets. However, > some of these vulnerabilities are not helped by relay - PAA security, > as > the relay can still do bad things, and because ARP/ND vulnerabilities > between the client and relay in any case make it possible to become a > MITM. Stephen had some suggested text that I agree with: > > "PRE/PAA security is OPTIONAL since PANA messages are designed to be > used in untrusted networks, but if cryptographic mechanism is > supported, > it SHOULD be IPsec." > > Jari _______________________________________________ Pana mailing list Pana@ietf.org https://www.ietf.org/mailman/listinfo/pana
