One more editorial comments, the introduction should include the scope of this document. It should at least mention this document is focus on SECURE ND proxy rather than only introduce ND proxy. It is good for context.
Best, Sheng >-----Original Message----- >From: [email protected] >[mailto:[email protected]] On Behalf Of Sean Shen >Sent: Monday, December 22, 2008 5:46 PM >To: [email protected] >Subject: [CGA-EXT] Review: draft-ietf-csi-sndp-prob-00 > >hi, >I had a first review and have the following comments: > >Section 2.2: >Did not under stand what the "this latest" refer to, can you >clarify it? If it refer to security gateway, the very last >sentense does not look right. > >Section 2.3: >I understand the problem statements for NS&NA and RS&RA >process. I think it should at least be mentioned what will >happen to periodical RAs when proxying. > >Is some sort of "flag" needed to indicate proxying? Maybe is >already mentioned somewhere but I didn't see, or do we need it? > >Section 4.1 & Section 4.2 >These two parts make sense to me: when a proxy use its own CGA >and key to protect the message, authorizaiton is needed; if >proxy does not have a CGA, non-CGA authentication is needed >for proxying. My question is, when a proxy uses its own CGA >and key, it already leave evidence of what he did. If the >proxy did anything unproper or unauthorized, he can be caught. >What I mean >is that, authorization mechanism may not be necessary in this case. > > >Potential approaches: >I know it's not a good time to disscuss more details about >solutions, but I hope to write down this question for future >discussion: when Proxy has it's own CGA, is it possible to for >the proxy to relay the messages (include the whole original >message) between solicitors and MN, sign the relayed messages >with proxy's key? > > >Best, > >Sean > > > > >_______________________________________________ >CGA-EXT mailing list >[email protected] >https://www.ietf.org/mailman/listinfo/cga-ext > _______________________________________________ CGA-EXT mailing list [email protected] https://www.ietf.org/mailman/listinfo/cga-ext
