On 25/07/09 12:07 AM, "Rémi Denis-Courmont" <r...@remlab.net> wrote:
>
On Fri, 24 Jul 2009 23:40:14 +1000, Hesham Soliman
<hes...@elevatemobile.com>
> wrote:
>> SeND is theoretically not easy to deploy - you need to provision
>>
> cryptography material on all nodes.
>
> => Why? You only need to provision
> routers if you want them to support
> proof of prefix ownership, but you
> certainly don't need to provision
> all nodes, that's the advantage of
> CGAs.
> First, you need a trust anchor to verify. Trust cannot be bootstrapped
> out
of nothing, or I missed something?
=> I'm clearly not talking about routers. You said that you need to
configure "all nodes" that's simply not true for proving address ownership,
that's why we use CGAs, to avoid bootstrapping trust.
As far CGAs, they require a "postcard"
> IPR license from Microsoft:
https://datatracker.ietf.org/ipr/676/
which -I
> assume- makes them legally incompatible with the Linux IPv6 stack
in USA.
=> Completely different issue, which is clearly understood by all those OSs
supporting SeND.
Hesham
--
>
Rémi
> Denis-Courmont
--------------------------------------------------------------
> ------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative
> Requests:
> https://www.ietf.org/mailman/listinfo/ipv6
-----------------------------------
> ---------------------------------
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
