On 10 Jun 2010, at 10:47 , Patrick Frejborg wrote: > Couldn't open this one > http://www.cs.st-andrews.ac.uk/~saleem/papers/2009/milcom2009/milcom2009-rab2009.pdf > Firefox reported it broken
Hmm. I just was able to click on that and have the PDF open. So I'm not sure what happened. Maybe some transient network issue somewhere. I apologise for being very unclear in my earlier note. I actually meant the other MILCOM 2009 paper online: R. Atkinson & S. Bhatti, Site-Controlled Secure Multi-homing and Traffic Engineering for IP, 28th IEEE Military Communications Conference (MILCOM), Boston, MA, USA, October 2009 (I just verified that link from the ilnp.cs.st-andrews.ac.uk site, and it opened the right PDF, at least for me.) > However, it could be hard to sell this to the security officers, i.e. > having an external partner updating their ACL or firewall rules > automatically.... Hmm. It isn't really "having an external partner update their ACL or firewall rules", but instead using learned local-knowledge (knowledge that can be authenticated !) to locally update local ACL or firewall rules. That is, the ruleset remains whatever was locally chosen, it is just that as the location change is learned and then the same locally-specified rule is applied to the same locally-specified node/site, at the remote node/site's new location. There are multiple authentication mechanisms for those ICMP Locator Updates: - non-cryptographic session nonces are always used - cryptographic authentication of the packet (IPsec AH) can optionally be used Separately, DNS with DNS Security can be used to retrieve the revised Locator value(s) from the DNS && the mobile site/node can use Secure Dynamic DNS Update to send the revised Locator value(s) to its authoritative DNS Servers. (I think the authentication aspect of the updates is pretty thoroughly covered in the current ILNP specs.) >> This is no longer true. The bandwidth pressures created >> by various "smart phones" mean that mobile phone operators >> are quite keen to encourage their users to migrate to WiFi >> if they roam to an area with good WiFi coverage (for example), >> at least for data traffic (Handoffs of voice telephony traffic >> to WiFi is still in flux in the marketplace). > Think the reason is that the current TDM connections are > too expensive and gets filled by data that is not generating > much revenue. This model could change back once carrier ethernet > is available, they should be much much cheaper than the TDM > connections. That could be true for some operators in some places. The subset of mobile telephone operators who already have deployed Carrier Ethernet over glass that I happen to have talked with told me that (for them at least) the bandwidth of the radio links is the fundamental limitation (and they told me that moving to any of the 4G radio technology options don't alleviate that limitation for them). Of course, "mileage could vary" from one operator, location, or regulatory environment to another. Also, not all IP carriers use mobile telephone technology, some use copper wires (e.g. DSL), fibre-optic cables (e.g. Verizon FIOS), hybrid fibre-coax (HFC), or other wireless technologies (e.g. WiMAX as a "last mile" point-to-point link). Cheers, Ran _______________________________________________ rrg mailing list rrg@irtf.org http://www.irtf.org/mailman/listinfo/rrg