[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Notes about identifier - locator separator

To: multi6@ops.ietf.org
Subject: Re: Notes about identifier - locator separator
From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
Date: Sat, 02 Nov 2002 16:58:07 -0500
In-reply-to: Your message of "Sat, 02 Nov 2002 11:43:01 +0200." <3DC39E25.9080404@nomadiclab.com>

-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "Pekka" == Pekka Nikander <Pekka.Nikander@nomadiclab.com> writes:
    Pekka> 1. Architectural "structure" of the identifiers

    Pekka>     From my point of view, there are two different basic
    Pekka>     approaches:

    Pekka>       a) make the end-point identifiers a completely
    Pekka>          separate name space

  To me, this is trivially done by either extension headers, or layers
of IP/IP. The later has the advantage that it naturally fits into IPsec.

    Pekka> 2. Translations

    Pekka>     Here I see two basic solutions, again:

    Pekka>       a) perform the identifier -> locator translation at
    Pekka>          the end-host so that all packets leaving the end-host
    Pekka>          have a proper locator,

    Pekka>       b) allow the identifiers to leave the end-host without
    Pekka>          locators, and perform the translation within the
    Pekka>          the network, e.g., at a site border router.

  IPsec-type processing permits either. This is just gateway vs host.
We also can do bump-in-the-stack/wire, but I hope we won't.

    Pekka> 4. Backwards compatibility

  This is equivalent to saying that one will permit cleartext traffic
to single-homed boxes whose locator = end-point identifier.  

    Pekka> 5. Security and privacy

  We have solutions to this problem.

    Pekka>     From the privacy point of view, it would be a
    Pekka>     definite plus if the actual, long lasting identifiers
    Pekka>     would not be visible in packets.  There are

  It would even better if the whole data contents were private.
  If the "cost" of being multihomed is that you have to strongly authenticate
and/or encrypt your data... well... I'll be pushing everyone to become multihomed!

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBPcRKbYqHRg3pndX9AQGO4wP+MCBNd+dHXPMjrOaCJlMj2oYsuYCJji4g
ch4SGUMWh/Phh+cBrW4Xga4x8bo5+goCznUUlMmE5saFKI1REwwbZAOBU5wCQ2Ck
lt9eYYjdjbjQ1df7VC0CzonBGjii33zZdGYtXl/gCIVEPAgUA1Ozx3PlpAryc8aR
z+r0upumpxs=
=ixLi
-----END PGP SIGNATURE-----

References:
- Notes about identifier - locator separator
  - From: Pekka Nikander <Pekka.Nikander@nomadiclab.com>

Prev by Date: Re: Notes about identifier - locator separator
Next by Date: Re: Notes about identifier - locator separator
Previous by thread: Transportzilla backwards
Next by thread: Re: Notes about identifier - locator separator
Index(es):
- Date
- Thread