[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: GSE

To: multi6@ops.ietf.org
Subject: Re: GSE
From: "J. Noel Chiappa" <jnc@ginger.lcs.mit.edu>
Date: Sun, 3 Nov 2002 20:17:44 -0500
Cc: jnc@ginger.lcs.mit.edu

    > From: Iljitsch van Beijnum <iljitsch@muada.com>

    > using identifiers with regular IPv6 unicast semantics will make the
    > transition a lot easier as it allows .. providing the multihoming
    > support in separate boxes.

Umm, wouldn't you fall across the connection-hijacking issues that i)
prevented use of source route to do mobility in MIPv4, and ii) led to the
heavy-duty authentication in MIPv6?

In other words, I'm assuming you have a "multihoming support box" (MSB) which
is adding an extra layer of wrapping so that the destination address in the
inner packet is the "host identifier" of the destination, which never
changes, and the outer packet contains the current "locator".

This sounds just like MIPv6, and has all the MIPv6 security issues. Or did I
mis-understand something? E.g. were you not planning to support keeping
connections up when one address stops working?

	Noel

Prev by Date: The cost of privacy (was Re: Notes about identifier - locator separator)
Next by Date: Re: The cost of privacy (was Re: Notes about identifier - locator separator)
Previous by thread: Re: GSE
Next by thread: RE: GSE
Index(es):
- Date
- Thread