Let's talk text (was Re: EAP over IKEv2 as the default mechanism for HMIPv6)

>
> - The current text seems to make certs the default and
EAP a backup
> option. I think that both options should be equally
weighted.
>
> - Since 4306 does not mandate EAP, I think EAP is a
MUST for HMIP, to
> ensure interoperability. If 4306 does not mandate
certs, that should
> also be included as a MUST, i.e. both options need to
be available for
> interoperability.
>
> - I think the text should discuss the drawbacks of each
option from a
> deployment standpoint as guidance to people who are
deploying it. I
> think this should be included in the "Security
Considerations" section.
>
> - I think the text should point to
draft-ietf-mip6-ikev2-ipsec-07.txt,
> draft-ietf-mip6-bootstrapping-split-03.txt, and
> draft-ietf-mip6-bootstrapping-integrated-dhc-01.txt (if
relevant) and
> specify what details in those drafts can be reused for
HMIP security
> and what details need to be changed (if anything) and
what those
> changes are.
>
> - I think it would make sense to include self-signed
certs as an
> infrastructureless option, but that might require more
changes, as
> Vidya suggested. I think these are certainly
worthwhile, the WG needs
> to consider whether it is worth taking the time to work
through them.
All good suggestions, agreed.

--Jari


_______________________________________________
Mipshop mailing list
Mipshopietf.org
https:
//www1.ietf.org/mailman/listinfo/mipshop

I agree with all the suggestions as well.  

Vidya

> -----Original Message-----
> From: Jari Arkko [mailto:jari.arkkopiuha.net] 
> Sent: Monday, November 27, 2006 12:51 PM
> To: James Kempf
> Cc: Narayanan, Vidya; Vijay Devarapalli; mipshopietf.org
> Subject: Re: [Mipshop] Let's talk text (was Re: EAP
over 
> IKEv2 as the default mechanism for HMIPv6)
> 
> 
> >
> > - The current text seems to make certs the default
and EAP a backup 
> > option. I think that both options should be
equally weighted.
> >
> > - Since 4306 does not mandate EAP, I think EAP is
a MUST 
> for HMIP, to 
> > ensure interoperability. If 4306 does not mandate
certs, 
> that should 
> > also be included as a MUST, i.e. both options need
to be 
> available for 
> > interoperability.
> >
> > - I think the text should discuss the drawbacks of
each 
> option from a 
> > deployment standpoint as guidance to people who
are deploying it. I 
> > think this should be included in the
"Security 
> Considerations" section.
> >
> > - I think the text should point to 
> draft-ietf-mip6-ikev2-ipsec-07.txt,
> > draft-ietf-mip6-bootstrapping-split-03.txt, and 
> >
draft-ietf-mip6-bootstrapping-integrated-dhc-01.txt (if 
> relevant) and 
> > specify what details in those drafts can be reused
for HMIP 
> security 
> > and what details need to be changed (if anything)
and what those 
> > changes are.
> >
> > - I think it would make sense to include
self-signed certs as an 
> > infrastructureless option, but that might require
more changes, as 
> > Vidya suggested. I think these are certainly
worthwhile, 
> the WG needs 
> > to consider whether it is worth taking the time to
work 
> through them.
> All good suggestions, agreed.
> 
> --Jari
> 
> 

_______________________________________________
Mipshop mailing list
Mipshopietf.org
https:
//www1.ietf.org/mailman/listinfo/mipshop