hi, I had a first review and have the following comments: Section 2.2: Did not under stand what the "this latest" refer to, can you clarify it? If it refer to security gateway, the very last sentense does not look right.
Section 2.3: I understand the problem statements for NS&NA and RS&RA process. I think it should at least be mentioned what will happen to periodical RAs when proxying. Is some sort of "flag" needed to indicate proxying? Maybe is already mentioned somewhere but I didn't see, or do we need it? Section 4.1 & Section 4.2 These two parts make sense to me: when a proxy use its own CGA and key to protect the message, authorizaiton is needed; if proxy does not have a CGA, non-CGA authentication is needed for proxying. My question is, when a proxy uses its own CGA and key, it already leave evidence of what he did. If the proxy did anything unproper or unauthorized, he can be caught. What I mean is that, authorization mechanism may not be necessary in this case. Potential approaches: I know it's not a good time to disscuss more details about solutions, but I hope to write down this question for future discussion: when Proxy has it's own CGA, is it possible to for the proxy to relay the messages (include the whole original message) between solicitors and MN, sign the relayed messages with proxy's key? Best, Sean _______________________________________________ CGA-EXT mailing list [email protected] https://www.ietf.org/mailman/listinfo/cga-ext
