[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Mip6] Re: RFC2136 and IP address ownership

To: "Olaf M. Kolkman" <olaf@nlnetlabs.nl>
Subject: Re: [Mip6] Re: RFC2136 and IP address ownership
From: Vijay Devarapalli <vijayd@iprg.nokia.com>
Date: Wed, 07 Dec 2005 12:01:14 -0800
Cc: Alper Yegin <alper.yegin@yegin.org>, mip6@ietf.org, Olafur Gudmundson <ogud@ogud.com>, Namedroppers <namedroppers@ops.ietf.org>
In-reply-to: <BB916231-D3CB-4FB0-BDCB-489FC2A27D0E@nlnetlabs.nl>
References: <002401c5f9ea$64757550$0302a8c0@Alperyegin> <B6E376C2-58D5-4A6E-8283-3B18EDFF1AB5@nlnetlabs.nl> <4395E30E.5050804@iprg.nokia.com> <BB916231-D3CB-4FB0-BDCB-489FC2A27D0E@nlnetlabs.nl>
User-agent: Mozilla Thunderbird 1.0.7 (Windows/20050923)

[ Moderators note: Post was moderated, either because it was posted by

a non-subscriber, or because it was over 20K.With the massive amount of spam, it is easy to miss and thereforedelete relevant posts by non-subscribers.Please fix your subscription addresses. ]


Olaf M. Kolkman wrote:

I can briefly describe whats in the draft. what we have done so
far is to let the home agent do the update (both direct and
reverse tree) instead of the mobile node. this assumes the home
agent is more trusted than the mobile node.
And would the mobile node have an IP6 address on the access network(i.e. roaming far away from its home agent) for which it would need toupdate the reverse DNS?


no. the DNS update is only for the home address. and the
home address is allocated from the home link.

Vijay

My general thinking goes into the direction of SIG0 basedauthentication. I think that can be made to work but I need tounderstand the relation between the maintainer of the DNS in theforward tree(s), the maintainer of the DNS in the reverse tree, and themaintainer of the mobile agent, the mobile client and the networksinvolved.
Obviously you will need to store the client's public keys somewhere inthe DNS, that could be a duty of the home agent during thebootstrapping phase. The maintainers of the several pieces of DNSnamespace should then put trust into those keys.
This technology (SIG0 based dynamic updates of secured zones) works  today.
And now I should really scheadule some time to read about the generalMIP6 architecture, for now I am just thinking out loud, a bad practice :-)
--Olaf

-----------------------------------------------------------
Olaf M. Kolkman
NLnet Labs
http://www.nlnetlabs.nl/





--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

References:
- Re: RFC2136 and IP address ownership
  - From: "Olaf M. Kolkman" <olaf@NLnetLabs.nl>
- Re: [Mip6] Re: RFC2136 and IP address ownership
  - From: Vijay Devarapalli <vijayd@iprg.nokia.com>
- Re: [Mip6] Re: RFC2136 and IP address ownership
  - From: "Olaf M. Kolkman" <olaf@NLnetLabs.nl>

Prev by Date: Re: DS Algorithm selection and SHA1 deprecation
Next by Date: Re: DS Algorithm selection and SHA1 deprecation
Previous by thread: Re: [Mip6] Re: RFC2136 and IP address ownership
Next by thread: Release-0.2 TAHI DNC client conformance test tool
Index(es):
- Date
- Thread