RE: PI/metro/geo [Re: The state of IPv6 multihoming development]

["Tony Hain" <alh-ietf@tndh.net>]

RJ Atkinson wrote:
> ...
> Since we don't have it today, I don't see how demanding absolute 
> uniqueness
> of identifiers is a reasonable thing to demand.  

You get away without uniqueness today by bounding the scope of
uniqueness with a locator. If you explicitly remove that bounding
function by insisting that the locator is separable and mutable, you
make the problem of attributing security attributes to an identifier
more complex. 

> And forged 
> identifiers are trivial today.  

By closely associating the identifier with the locator, forgery that
actually results in a usable connection is traceable and
compartmentalized with natural trust boundaries. 

> In a new system there could 
> be (at least) a 
> mechanism
> for providing optional authentication of the identifier.

If the border router is going to use that identifier to look up the
current locator, the authentication component would be a requirement
prior to any modification of the locator table. This would also be a
requirement before updating any DNS entries. (I bring up that last point
because last week I was talking to Vixie about DNS trust boundaries and
one approach would be to allow record updates when the record matched
the source address of a node that had successfully completed the 3-way
TCP handshake.) 

Tony


> 
> Ran
> 
>