Re: Node Requirements: Issue 13 - CGA/SeND support

To: Arnaud Ebalard <arno at natisbad.org>
Subject: Re: Node Requirements: Issue 13 - CGA/SeND support
From: Hesham Soliman <hesham at elevatemobile.com>
Date: Fri, 24 Jul 2009 23:56:47 +1000
Cc: Thomas Narten <narten at us.ibm.com>, john.loughney at nokia.com, julienl at qualcomm.com, ipv6 at ietf.org, Brian E Carpenter <brian.e.carpenter at gmail.com>
Delivered-to: ipv6 at core3.amsl.com
In-reply-to: <87zlau193k.fsf at small.ssi.corp>
List-archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-help: <mailto:ipv6-request@ietf.org?subject=help>
List-id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-post: <mailto:ipv6@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
Thread-index: AcoMZpWgImcLAfT3EEKVdQoExQTyDQ==
Thread-topic: Node Requirements: Issue 13 - CGA/SeND support
User-agent: Microsoft-Entourage/12.19.0.090515

On 24/07/09 11:52 PM, "Arnaud Ebalard" <arno at natisbad.org> wrote:

> Hi Hesham,
> 
> Hesham Soliman <hesham at elevatemobile.com> writes:
> 
>>> 
>>> SeND is theoretically not easy to deploy - you need to provision
>>> 
>>> cryptography material on all nodes.
>> 
>> => Why? You only need to provision routers if you want them to support proof
>> of prefix ownership, but you certainly don't need to provision all nodes,
>> that's the advantage of CGAs.
> 
> What's the point of SEND *for authenticating routers*

=> SeND is not only for authenticating routers, in fact that particular
function was done last. It's about address ownership, which couldn't be done
without CGAs. 

  if you use only
> CGA and not certificates? And if you use certificates, then nodes need
> to be provided with trust anchors. Or am I missing your point?

=> I think so, you don't need to provision hosts with anything to allow them
to prove that they own an address. That's the whole point of CGAs. Prefixes
are a different story of course.

Hesham

> 
> Cheers,
> 
> a+

References:
- Re: Node Requirements: Issue 13 - CGA/SeND support
  - From: Arnaud Ebalard

Prev by Date: Node Requirements: Issue 14 - Privacy Extensions
Next by Date: Node Requirements: issue 17 - MIPv6
Previous by thread: Re: Node Requirements: Issue 13 - CGA/SeND support
Next by thread: Re: Node Requirements: Issue 13 - CGA/SeND support
Index(es):
- Date
- Thread

Re: Node Requirements: Issue 13 - CGA/SeND support

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.