[anonsec] multihoming and btns
mcr at sandelman.ca
Wed Jul 25 23:18:38 PDT 2007
Black_David at emc.com wrote:
> Taking the areas in reverse order, the current sections 6.1 and
> 6.2 of the draft essentially say that NAT, mobility and multihoming
> issues are out of scope. Whether they are out of scope is a longer
I believe that we should make mobility out of scope.
Actually, I am uncertain I know what it means to have mobility and BTNS.
Someone could comtemplate mixing MOBIKE and BTNS. I don't initially see
a reason why this can't be done at the protocol level.
The issue is that you can't construct a sane/safe security policy.
The major concern is that I think that BTNS will mostly be used for
host/32<->host/32 connections, or in transport mode. I.e. BTNS will be
constrained to permit some remote host to assert it's own IP.
MOBIKE, however, deals with someip/32===changingip/32...host connections,
and deals with how to change "changingip". I don't see how you can mix these
things. If you write a security policy that says that anyone out there can
assert any IP... well, it's not much of a policy.
The only other kind of mobility that I can see being mixed in with BTNS
is stuff described in the IFARE stuff. Let's leave that out of scope for
BTNS as well.
I don't think we can make mobility in scope.
More information about the ANONSEC