Re: IPv6 Security Last Call Initial Questions (per user keying)

[jis@mit.edu (Jeffrey I. Schiller)]

There has been some discussion (I apologize if I missed some of it, I am
traveling and having trouble keeping up with all of my e-mail) about the
per-user keying mandate. Specifically the justification given in the drafts
is pretty weak. However there are important reaons for supporting it. I
sent the following paragraph to Ran for consideration as an alternative
justification:

"IPv6 Security is intended to be able to provide Authentication,
Integrity and Confidentiality for application programs operating on
connected end-systems. Integrity and confidentiality can be
provided by the proper use of per-host keys. However authentication of
principals using applications on end-systems requires that processes
running such applications have the necessary facilities to set up their
own Security Parameters Indices. In this fashion applications can make
use of key distribution facilities which provide authentication."

What do people think?

                                -Jeff

---

Follow-Ups:

• Re: IPv6 Security Last Call Initial Questions (per user keying)
• From: Ran Atkinson <rja@bodhi.cs.nrl.navy.mil>

---

• Prev by Date: Re: IPv6 Security Last Call Initial Questions
• Next by Date: Re: IPv6 Security Last Call Initial Questions (per user keying)
• Next by thread: Re: (IPng) Proposed Standard or no?
• Index(es):
  • Main
  • Thread