End-host multi-homing (was Re: The state of IPv6 multihoming development)

[Pekka Nikander <Pekka.Nikander@nomadiclab.com>]

[I changed the subject to match content.  Besides,
 this starts to go off-topic.  But a part of this
 discussion is already moving elsewhere.]

> > > Hm, what problem exactly does this solve that isn't solved by (for
> > > instance) SSL?
> > That is a subtle question, thanks for asking that.  That is also
> > exactly the question which has prevented HIP from becoming a WG
> > a long time ago.  I think that the multi6 list is perhaps not the
> > right place to discuss that question, the answer is too long.
> If the answer is so long, how do you expect to convince people they need
> it...?
Well, to give a short answer, HIP doesn't fit in to the way
people are used to work at the IETF:  take one problem, and
solve it.  And that's the reason why there is no HIP WG,
at least as far as I understand the situation.  I didn't
have the discussions with the IESG, so I don't know.

Anyway, I'll write a longer one to the hipsec list, explaining
the details, but here is the condensed answer:

  HIP does not solve any new problems (except perhaps
  IPv6 end-host multi-homing).  Instead, it solves a number
  of problems that have already been solved individually,
  but in an integrated and architecturally "better" way.

(If you don't want to subscribe to the hipsec list, the
archive is at http://lists.freeswan.org/pipermail/hipsec/)

> >  2. End-host based multi-homing solutions *seem* to have the
> >     same security problems as (some) end-host mobility solutions.
> That's what everyone has been saying the last few days. However, I see
> some fundamental differences. First of all, in multihoming all the
> addresses are known beforehand. This gives us more options to implement
> security mechanisms. Second, mobile hosts are likely to travel to a
> place where the network is less secure than at their home location. For
> multihomed hosts, the security of their network connections doesn't
> really change.
I agree and disagree.  As I already wrote in my answer to Peter,
if you take the view that end-host multi-homing is only for large
servers, I can't but agree with you.

However, I'm personally more interested in multi-homed end-user
devices, i.e. the future mobile devices and home appliances
with multiple simultaneous network connections.  There are
already now PCMCIA NICs available that are able to switch
from WLAN to GPRS to something else, and the next generation
NICs will be able to maintain a WLAN and a GPRS/EDGE connection
at the same time.  I have both an old ISDN line and an ADSL
line to my home server, and if I had a good end-host
multi-homing solution I could use the ISDN line as a good backup.
My current practise of manually changing the routing tables and
re-establishing TCP connections is not very transparent.
With a better multi-homing solution, maybe I could replace the
ISDN with a second ADSL or Cable.  Under the current arrangment
that doesn't make much sense.

Now, if we speak about this kind of end-host multi-homing,
then I don't think that the difference is so great.
Either you have multiple IP addresses at the same time,
or you have multiple IP addresses one after another,
or some combination of both.

So what?  Maybe we need not just different multi-homing
solutions for large sites and small sites, but also for
large stationary servers, home servers, and mobile multi-access
end-hosts.  I just don't know.  But so many solutions sure
sounds quite complex.

I'm just making an observation that to *me* the *security*
problems look pretty similar.  Maybe I'm wrong, I'm still
learning about multi-homing.

--Pekka Nikander