OPEN ISSUE: Standards Track
Charles E. Perkins
charliep at IPRG.nokia.com
Thu May 22 14:06:54 CEST 2003
Hello Steven,
"Steven M. Bellovin" wrote:
> It wasn't a matter of a "sophisticated and super robost security solution";
> it was a matter of one that would *ever* work outside a company.
This isn't true. A mobile node could roam outside a company,
and still get data from its home agent. I'm worried about
going over technical details on the problem statement list,
so I'll stop there.
> You can't do AH or ESP without keys; the difference is that we had a
> story about where those keys could come from even before we had a key
> distribution mechanism. The story was simple: pre-arranged keys.
Exactly.
> That only works for MobileIP if you can pre-arrange keys with every
> possible spot you'd ever roam to, which is quite at variance with the
> plans I'd heard for MobileIP.
No, you could do it with prearranged keys with the home agent
(as I hope you would agree), and prearranged keys with some
selected correspondent nodes.
> The only path forward we heard was, in
> effect, the One True PKI; that's something that will not, can not, and
> should not exist ("should not" because it would be horribly destructive
> towards any form of Internet privacy).
The other path, which _was_ articulated, was doing prearranged
keys first, and better key distribution later. Which is what
happened anyway, but we just couldn't publish the Proposed
Standard.
> I won't argue that point; however, any form of cryptographic
> authentication would run into the same key distribution problem.
> Very little of the issue had to do with the syntax or semantics of
> IPsec. You were running afoul of a basic architectural issue.
Actually, the situation was _far_ more complicated than that,
and IPsec produces serious constraints on what can be actually
run in a protocol. Again, this is far afield from the problem
statement list material.
> Let me expand a bit more on why IPsec can work (on a small scale)
> without key distribution, and on why the models are fundamentally
> different.
The scale for initial deployment with correspondent nodes would be
limited by the lack of key distribution. That was never at issue.
> With MobileIP, the mobile node and the home agent are trying to
> persuade random parts of the Internet infrastructure of assorted
> ownership and trust relationships. But where's the trust anchor?
What a lot of people wanted was the ability to run Mobile IP with
home agents and a few correspondent nodes. What the ADs demanded
was assurance that we could run Mobile IPv6 with an entire
IPv6-universe full of mobile nodes. It was and is a great goal.
I think we achieved it, but it shouldn't have stood in the way
of Proposed Standard.
Regards,
Charlie P.
More information about the Problem-statement
mailing list