Miika, > I don't think we need XORring with HIP because we have more powerful > mechanisms in HIP. So, I am going to add some text that mandates that > the LOCATOR parameter must be encapsulated inside ENCRYPTED parameter > when ICE-HIP-UDP will be used. The tradeoff here is that we favor > end-host privacy at the cost middlebox transparency.
Seems like a good use of ENCRYPTED to me. I'm not sure what kind of middlebox would need to know all of the address candidates. Maybe some extra signaling could be devised when that needs to happen (like a HIP-aware middlebox where addresses can be communicated via HIP.) Thanks for continuing the work on this! -Jeff _______________________________________________ Hipsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/hipsec
