[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Transport multihoming



> > I'm not really sure about this (please correct me), but HIP seems to
> > support just one address, that may be changed for another one with the
> > Readdress packet. Maybe that's a hard constrain, EPCP supports several
> > simultaneous addresses, even IPv4 and IPv6 altogether.
> 
> In draft-jokela-*-01.txt the HIP REA packet has been fixed to
> support multi-homing, and per-interface mobility.  However, the
> RR check is still missing.  We know that.

Time to go to the library :)
 
> OK.  I have then the same basic problem with this as with LIN6.
> Both your proposal and LIN6 conceptually *overload* the same ID space.
> That causes alias problems, and potentially "stealing" problems.

I don't understand why have a separate space for ID alone solves the
stealing problem. Anyone can steal your ID unless cryto is used, of
course. Do I miss something?

Anyway I didn't explain it well, Primary Address is employed by legacy
transport protocols to identify the peer. For the network layer it's
wiser to employ the Endpoint Identifier, which is set locally and it's a
separate ID space.

> When the name spaces are completely different, the alias and "stealing"
> problems do not exist. Thus, the security requirements are slightly
> less strict. For example, CGA is not needed even in a "quick" mode,
> since address "ownership" is not an issue, its who is using an address
> right now, not who used it before or whose primary identifier it is.
 
That is exactly what EPCP checks with RR+Endpoint Identifier, that an
address is used by the peer that tries to add it.

--Manuel