ietf
[Top] [All Lists]

Re: Last Call Comments on draft-ietf-shim6-hba-04

2007-11-25 08:46:09
At Sun, 25 Nov 2007 10:35:20 +0100,
Hannes Tschofenig wrote:

Hi Ekr,

Eric Rescorla wrote:
At Sat, 24 Nov 2007 23:23:58 +0100,
Hannes Tschofenig wrote:
  
I reviewed the document as well.

I got the impression that CGAs are not really going to see larger 
deployment anytime soon.
    

Well, that may be true, but if that's the rationale for this work
it has a number of implications:

1. It casts severe doubt on any proposed future work on CGAs--such
   as the CSI BoF being held in YVR.
  
I see it differently. The proposed BOF tries to incorporate the fact 
that most networks use DHCP for address configuration.
Reflecting deployment facts seems to be reasonable to me.

I'm really confused by this argument. Either CGA has a future or
it doesn't. If it does, then the arguments for HBA become
incredibly weak. If it doesn't, then there's no point in
doing work on new ways to issue CGAs.


2. There needs to be some plausible rationale for why HBA won't
   suffer the same nondeployment fate as CGA, not just that
   HBA has a cooler sounding acronym.
  
Well. A lot of the mobility work is an investment into the future. 
Almost everything done in the area of mobility has been done many, many 
years before there was concrete interesting in deploying it.

Yes, I understand that, but again, your argument precedes from the
premise that people won't want to deploy CGA. Given that substantial
effort was invested in that, I think it's reasonable to take
a step back and ask why some new approach will be more attractive,
not just assume that it will be because it points in some different
direction.


HBA seems to be a simple and lightweight alternative (although I am not 
convinced about SHIM6 in general).
    

In what way is HBA any more lightweight than CGA?
  
Computational overhead.

I already addressed this point in my review. The signatures
are performed so rarely that I don't see any evidence that
this is a significant bottleneck. If you have some model
that shows otherwise, I'd be happy to hear it.

-Ekr




_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf