[anonsec] mobility and btns
Michael Richardson
mcr at sandelman.ca
Thu Jul 26 00:01:40 PDT 2007
wrong subject. sorry.
Michael Richardson wrote:
> Black_David at emc.com wrote:
>> Taking the areas in reverse order, the current sections 6.1 and
>> 6.2 of the draft essentially say that NAT, mobility and multihoming
>> issues are out of scope. Whether they are out of scope is a longer
>
> I believe that we should make mobility out of scope.
> Actually, I am uncertain I know what it means to have mobility and BTNS.
>
> Someone could comtemplate mixing MOBIKE and BTNS. I don't initially see
> a reason why this can't be done at the protocol level.
> The issue is that you can't construct a sane/safe security policy.
> The major concern is that I think that BTNS will mostly be used for
> host/32<->host/32 connections, or in transport mode. I.e. BTNS will be
> constrained to permit some remote host to assert it's own IP.
>
> MOBIKE, however, deals with someip/32===changingip/32...host connections,
> and deals with how to change "changingip". I don't see how you can mix these
> things. If you write a security policy that says that anyone out there can
> assert any IP... well, it's not much of a policy.
>
> The only other kind of mobility that I can see being mixed in with BTNS
> is stuff described in the IFARE stuff. Let's leave that out of scope for
> BTNS as well.
>
> I don't think we can make mobility in scope.
>
>
>
>
> _______________________________________________
>
More information about the ANONSEC
mailing list