Re: Node Requirements: Issue 13 - CGA/SeND support

To: Rémi Denis-Courmont <remi at remlab.net>
Subject: Re: Node Requirements: Issue 13 - CGA/SeND support
From: Hesham Soliman <hesham at elevatemobile.com>
Date: Sat, 25 Jul 2009 00:18:36 +1000
Cc: Thomas Narten <narten at us.ibm.com>, john.loughney at nokia.com, julienl at qualcomm.com, ipv6 at ietf.org, "\(Arnaud Ebalard\)" <arno at natisbad.org>, Brian E Carpenter <brian.e.carpenter at gmail.com>
Delivered-to: ipv6 at core3.amsl.com
In-reply-to: <9301e71aa3206a7394f4374308b1c704 at chewa.net>
List-archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-help: <mailto:ipv6-request@ietf.org?subject=help>
List-id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-post: <mailto:ipv6@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
Thread-index: AcoMaaHa2PR4/3qwXEyrBHI3Z5mzug==
Thread-topic: Node Requirements: Issue 13 - CGA/SeND support
User-agent: Microsoft-Entourage/12.19.0.090515

On 25/07/09 12:07 AM, "Rémi Denis-Courmont" <remi at remlab.net> wrote:

>
On Fri, 24 Jul 2009 23:40:14 +1000, Hesham Soliman
<hesham at elevatemobile.com>
> wrote:
>> SeND is theoretically not easy to deploy - you need to provision
>>
> cryptography material on all nodes.

>


> => Why? You only need to provision
> routers if you want them to support

> proof of prefix ownership, but you
> certainly don't need to provision
> all nodes, that's the advantage of
> CGAs.



> First, you need a trust anchor to verify. Trust cannot be bootstrapped
> out
of nothing, or I missed something?

=> I'm clearly not talking about routers. You said that you need to
configure "all nodes" that's simply not true for proving address ownership,
that's why we use CGAs, to avoid bootstrapping trust.


As far CGAs, they require a "postcard"
> IPR license from Microsoft:
https://datatracker.ietf.org/ipr/676/
which -I
> assume- makes them legally incompatible with the Linux IPv6 stack
in USA.

=> Completely different issue, which is clearly understood by all those OSs
supporting SeND.

Hesham 




-- 
>
Rémi 
> Denis-Courmont

--------------------------------------------------------------
> ------
IETF IPv6 working group mailing list
ipv6 at ietf.org
Administrative
> Requests: 
> https://www.ietf.org/mailman/listinfo/ipv6
-----------------------------------
> ---------------------------------

References:
- Re: Node Requirements: Issue 13 - CGA/SeND support
  - From: Rémi Denis-Courmont

Prev by Date: Re: Node Requirements: Issue 13 - CGA/SeND support
Next by Date: Re: Node Requirements: Issue 13 - CGA/SeND support
Previous by thread: Re: Node Requirements: Issue 13 - CGA/SeND support
Next by thread: Re: Node Requirements: Issue 13 - CGA/SeND support
Index(es):
- Date
- Thread

Re: Node Requirements: Issue 13 - CGA/SeND support

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.