All
One of the key things that we all need to
press on, is to FORCE the IPSec vendors to STANDARDIZE their implementations
and terminology so that IPSec interoperability is actually achievable (without
one of the few existing real IPSec wizards) by normal networking/security
folks.
This will be especially problematic for
aviation since we will have so many different PKIs to interface with and our
aircraft will have to seamlessly handoff from PKI to PKI around the world to
re-establish their IPSec tunnels as they change Navigation Service Providers.
For us, having a “single vendor” IPSec solution or “single
PKI” solution (which is how the corporate world solves the IPSec
non-interoperability problem now) for aviation is a true “non-starter”.
All that said, from my point-of-view,
IPSec MUST remain mandatory in IPv6; it may need another working group to get
implementations and interfaces standardized though.
Take care
Terry
PS: This is also very problematic for DNSSec which has become
critical for the TLDs. I expect some interesting discussions on that in Cairo next week.
From: mext-bounces at ietf.org
[mailto:mext-bounces at ietf.org] On Behalf Of Behcet
Sarikaya
Sent: Monday, October 27, 2008
2:21 PM
To: Basavaraj Patil; mext at ietf.org
Subject: Re: [MEXT] FW: New
Version Notification fordraft-patil-mext-mip6issueswithipsec-00
Hi Raj,
I read this draft with interest. I remember long and heated debate in
6man list on IPSec being mandatory in IPv6.
Overall I kind of disagree with you saying that MIPv6 hasn't been widely
deployed just because of IPSec. Probably the status of IPv6 deployment has
something to do with it.
Regards,
Behcet
From: Basavaraj Patil
<basavaraj.patil at nokia.com>
To: "mext at ietf.org"
<mext at ietf.org>
Sent: Monday, October 27, 2008
12:27:33 PM
Subject: [MEXT] FW: New Version
Notification for draft-patil-mext-mip6issueswithipsec-00
FYI,
------ Forwarded Message
From: ext IETF I-D Submission Tool <idsubmission at ietf.org>
Date: Mon, 27 Oct 2008 09:55:13 -0700 (PDT)
To: Basavaraj Patil <basavaraj.patil at nokia.com>
Cc: Charles Perkins <charliep at wichorus.com>, <Hannes.Tschofenig at gmx.net>
Subject: New Version Notification for
draft-patil-mext-mip6issueswithipsec-00
A new version of I-D, draft-patil-mext-mip6issueswithipsec-00.txt has been
successfuly submitted by Basavaraj Patil and posted to the IETF repository.
Filename: draft-patil-mext-mip6issueswithipsec
Revision: 00
Title: Issues related to the design choice of IPsec for Mobile IPv6
security
Creation_date: 2008-10-27
WG ID: Independent Submission
Number_of_pages: 15
Abstract:
Mobile IPv6 as specified in RFC3775 relies on IPsec for security. An
IPsec SA between the mobile node and the home agent provides security
for the mobility signaling. Use of IPsec for securing the data
traffic between the mobile node and home agent is optional. This
document analyses the implications of the design decision to mandate
IPsec as the default security protocol for Mobile IPv6 and recommends
revisiting this decision in view of the experience gained from
implementation and adoption in other standards bodies.
The IETF Secretariat.
------ End of Forwarded Message
_______________________________________________
MEXT mailing list
MEXT at ietf.org
https://www.ietf.org/mailman/listinfo/mext
