[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: (multi6) requirements draft comments

To: multi6@ops.ietf.org
Subject: Re: (multi6) requirements draft comments
From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
Date: Tue, 18 Dec 2001 20:21:08 -0500
In-reply-to: Your message of "Tue, 18 Dec 2001 11:15:18 CST." <011d01c187e7$91036b00$b69946ab@cisco.com>

-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "Craig" == Craig A Huegen <chuegen@cisco.com> writes:
    Craig> While I agree with your sentiment, I believe there are multiple
    Craig> classes that must be considered.  I don't believe that a user
    Craig> should be able to inject global prefixes from a cable modem and a
    Craig> DSL line at home; however, I do believe there's room for global
    Craig> prefixes to be injected by large, multi-national enterprises as
    Craig> end-users.  I ask for caution within this community not to condemn
    Craig> a solution that may be right for the very large end-users because
    Craig> of a fear someone might want to apply it to home networks --
    Craig> they're vastly different beasts.

  I believe that there are three solution spaces:
    1) large multi-national entreprise solutions.
       (if you have geographically relevant addressing, either via
       geo-PI, or via national governments doing all assignments. Perhaps
       not a reality in the "free markets", but possibly true for other
       less free areas, but also places like Antartica, the Moon, Mars...)
       
       This is more or less the BGP solution space.

    2) network layer solutions.
       mobile-IP like systems.
         Some people believe that this requires some kind of global PKI 
	 on the reverse name space. (note: PKI = PK infrastructure, which
	 maybe PK+DNSSEC. It may not imply x509/pkix)

       opportunistic-encryption-like-tunnel systems.
	 Given the above global PKI, you can assign PI addresses to everyone
	 which are *not* routed. You can then advertise how to get to these
	 places by putting stuff into DNS reverse map. 
		(see draft-richardson-ipsec-opportunistic-03.txt)
         This is no different than the mobile-IP system, it just never tries
	 to optomize anything.

       HIP-like systems- a variation of the above where IP addresess 
		become meaningless, and hashes of public keys terminate
		connections.

    3) transport layer solutions.
       Just use SCTP for everything with PA addressing.

  None of these solutions are even exclusive. I can see all three systems
occuring at the same time.	      

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy");  [

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
Comment: Finger me for keys

iQCVAwUBPB/rgoqHRg3pndX9AQHnWAP7BpRW5NHLj3HXvfP8DrN27MPXledVYily
GUwPrvp0nv7m+SAdYWkx/zgnvsTTbJk2nJo2Eev0a87zlLiFVSnk1SUjVJNh2aJD
DAtqde3MCl01cutaEKvZnTMRq63lf7+vihNfu4/86LUN0R7ZjsoSmXOmEFELyZg0
wzOc5c7XNCw=
=9vd7
-----END PGP SIGNATURE-----

References:
- RE: (multi6) requirements draft comments
  - From: "Craig A. Huegen" <chuegen@cisco.com>

Prev by Date: Re: (multi6) requirements draft comments
Next by Date: RE: (multi6) requirements draft comments
Previous by thread: RE: (multi6) requirements draft comments
Next by thread: Re: (multi6) requirements draft comments
Index(es):
- Date
- Thread