[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Design] Re: Wes Hardaker: opportunistic encryption deployment problems
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Francis" == Francis Dupont <Francis.Dupont@enst-bretagne.fr> writes:
Francis> In your previous mail you wrote:
MAT> Also: I think the MIP experience sez that we ought to consider
MAT> whether we'd want such a PKI even if it were possible.
Francis> => we leave the technical domain there... I've never seen a
Francis> rational argument about this!
But, back to a technical question.
If I have just dialed up to an ISP and been assigned an IP address, how can
I prove that I'm the legitimate owner of that IP address?
(PPPoE makes "dialup" still a part of many high speed connections now...)
If this is a cooperative ISP, they could issue me a short-lifetime
certificate attesting to this. Perhaps this should be done at the PPP layer
rather than IP as this assures link layer integrity, but that likely is not
as easy to deploy as using a standard enrolment protocol over TCP.
A note: Mobile IP does not need this at all unless your "home address" is
a dialup.
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
Comment: Processed by Mailcrypt 3.5.6, an Emacs/PGP interface
iQCVAwUBO3wo14qHRg3pndX9AQEakgQA6Eb46iqYMinzRsPkJbJjKct/1/mTVaBa
LyE+F5TjSqoUZp7qksNtS/XIK4aOZL0wBu5FqgmLX8m8QGIOcRuCjZBEPXEuppgZ
0IdoknBZEQZYzydZ8DAvBGhgxvFei/ExxNeN0NWSX9Iq2BVEEqGIa7HHBiGt2n/R
gF3uUFxptyA=
=7WQk
-----END PGP SIGNATURE-----
References: