Please take our Survey
logo       
<prev   next>

Choosing A Webhost:
A web hosting service is a type of Internet hosting service that allows individuals and organizations to provide their own website accessible via the World Wide Web. Web hosts are companies that provide space on a server they own for use by their clients as well as providing Internet connectivity, typically in a data center. Web hosts can also provide data center space and connectivity to the Internet for servers they do not own to be located in their data center, called colocation. more...

Re: FQDN authorization and splitting drafts (was Re: Concensus Call: DNS Up: msg#00118

ietf.mip6

Subject: Re: FQDN authorization and splitting drafts (was Re: Concensus Call: DNS Update for Bootstrapping)

>
> IMO, this is explained clearly in the draft. if not the
> draft can be clarified as you want. which part of the draft
> is not clear?
>

The draft states:

"Since the DNS update must be performed securely in order to
prevent attacks or modifications from malicious nodes, the node
performing this update must share a security association with the
DNS server..."

And then states:

"Therefore, due to security and administrative reasons, it is
RECOMMENDED that the Home Agent perform DNS entry update for the
Mobile Node...."

This is misleading. You are not solving the above problem of generally
protecting against all malicious nodes. You are specifically solving
the problem of "a node being trusted to provide the right FQDN
providing the wrong HoA". The definition of a malicious node is really
much broader and can be subject to interpretation.

Even in section 9.5, the draft talks about the fact that FQDN
ownership can be taken care of with DNSSEC, while address ownership
can't. It fails to mention that with the HA performing the DNS update,
it is the exact reverse - while address ownership is taken care of,
FQDN ownership isn't. I think it should be clearer that we cannot get
FQDN *and* address ownership if that was needed.

>
> nope. we already have too many drafts for MIP6 bootstrapping.
> it becomes a mess when somebody tries to implement all
> the stuff. so far there are potentially 9 drafts if we talk
> about a complete MIP6 bootstrapping solution.
>

Whether it is the 9 documents listed below or a shorter list as
Francis says, I am sorry to say that this seems to be taking the
doomed path of IKEv1. The kind of cross references we will have here
is going to be bad. (Not to mention that boostrapping mip6 technically
doesn't compare in complexity to IKE in any dimension!!). Also, we
shouldn't say "bootstrapping with IKEv2" if parts of that document are
meant to be a base document that other bootstrapping documents will
refer to.

Vidya


> 1. bootstrapping with IKEv2
> 2. bootstrapping with IKEv1
> 3. bootstrapping with the authentication option protocol
> 4. bootstrapping with DHCP
> 5. DHCP options for bootstrapping
> 6. bootstrapping problem statement draft
> 7. HA-AAAH interface goals document
> 8. RADIUS extensions to support NAS-AAA and HA-AAAH interfaces
> 9. Diameter extensions to support NAS-AAA and HA-AAAH interfaces
>
> > The topic of auth option protocol keeps coming up - this draft does
> > not provide bootstrapping solutions for the auth option protocol. That
> > work is yet to be done. In fact, I thought it wasn't even in the scope
> > of the design team to do that work. If we are talking about the auth
> > protocol, I think there is a lot more to discuss here than just DNS.
>
> the design team consensus was that it is out of scope. it
> will be an individual draft. it will be out soon.
>
> > Does this make sense to anyone?
>
> you havent actually explained what is not clear in the
> split bootstrapping document. we can clarify that.
>
> Vijay
>
>
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Concensus Call: Proxy DAD on HoA, Soliman, Hesham
Next by Date:  Re: FQDN authorization and splitting drafts (was Re: Concensus Call: DNS Update for Bootstrapping), Vijay Devarapalli
Previous by Thread:  Re: FQDN authorization and splitting drafts (was Re: Concensus Call: DNS Update for Bootstrapping), Francis Dupont
Next by Thread:  Re: FQDN authorization and splitting drafts (was Re: Concensus Call: DNS Update for Bootstrapping), Vijay Devarapalli
Indexes:  [Date] [Thread] [Top] [All Lists]

Google Custom Search
Recently Viewed:
qplus.devel/200...    network.jabber....    debian.qa-packa...    encryption.gpg....    python.dabo.dev...    uclinux.devel/2...    science.mathema...    recreation.pesc...    kernel.ck/2004-...    mozilla.devel.e...    tex.latex.prosp...    ietf.multi6/200...    bbc.cvs/2002-11...    xfree86.newbie/...    jakarta.taglibs...    altlinux.hardwa...    comedi/2002-05/...    horde.bugs/2004...    games.diplomacy...    finance.e-gold....    web.dom.test-su...    lang.ruby.rails...    os.netbsd.devel...    video.gstreamer...   
Home | advertise | OSDir is an inevitable website. super tiny logo

Free Magazines

Cisco News
Receive a free quarterly e-newsletter with exclusive articles on how Cisco IT uses its own products and solutions to enable the business.
subscribe

Systems Management News, the newspaper for IT systems administration and data center managers! Each issue of Systems Management News is chock-full of news and analysis to help you understand what's happening in your field.
subscribe

The Enterprise Newsweekly eWeek is the essential technology information source for builders of e-business.
subscribe

Oracle Magazine Oracle Magazine contains technology strategy articles, sample code, tips, Oracle and partner news, how to articles for developers and DBAs, and more. Oracle (NASDAQ: ORCL) is the world's largest enterprise software company.
subscribe

Total Telecom Total Telecom is "The Economist of the communications industry".
subscribe

Navigation