[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PI/metro/geo [Re: The state of IPv6 multihoming development]

To: <alh-ietf@tndh.net>
Subject: Re: PI/metro/geo [Re: The state of IPv6 multihoming development]
From: RJ Atkinson <rja@extremenetworks.com>
Date: Tue, 5 Nov 2002 07:59:01 -0500
Cc: <multi6@ops.ietf.org>
In-reply-to: <043001c28474$416d7380$237ba8c0@eagleswings>

On Monday, Nov 4, 2002, at 21:37 America/Montreal, Tony Hain wrote:

You get away without uniqueness today by bounding the scope of
uniqueness with a locator.

This is absolutely not true with the examples I gave.

By closely associating the identifier with the locator, forgery that
actually results in a usable connection is traceable and
compartmentalized with natural trust boundaries.

This is also not true today.   Forged IP addresses are not
compartmentalised today.  And if there is a NAT anywhere along
the path, the recipient has no real idea where the packet
originated (nor does the NAT, because it could have been forged
before reaching the NAT).  Forged domain names are quite
common in spam email.  So for both forms of identifier that
we commonly use today, there is no global uniquness, no guarantee
of tracability, and no compartmentalisation.

If the border router is going to use that identifier to look up the
current locator, the authentication component would be a requirement
prior to any modification of the locator table.

We don't authenticate DNS names today when using them to look up
the IPv6 address of the target.  We *should* in a perfect world,
but no one does because DNSsec is not deployed (and there are questions
of how deployable it is).

This would also be a
requirement before updating any DNS entries. (I bring up that last point
because last week I was talking to Vixie about DNS trust boundaries and
one approach would be to allow record updates when the record matched
the source address of a node that had successfully completed the 3-way
TCP handshake.)

Ah, so you consider man-in-the-middle attacks to not be part of your
threat model. Well that at least explains part of your commentary
above -- we still disagree because I think man-in-the-middle attacks
are pretty commonplace.

My claim was narrow, neither IP addresses nor FQDNs are globally unique
today in practice. You have not refuted that claim. What we have today
is probabilistic uniqueness of identifiers. Keeping that seems desirable
in a future identifier, but insisting on global uniqueness is excessive, IMHO.

Ran

Follow-Ups:
- Re: PI/metro/geo [Re: The state of IPv6 multihoming development]
  - From: Iljitsch van Beijnum <iljitsch@muada.com>

References:
- RE: PI/metro/geo [Re: The state of IPv6 multihoming development]
  - From: "Tony Hain" <alh-ietf@tndh.net>

Prev by Date: Re: The state of IPv6 multihoming development
Next by Date: Re: Transport multihoming
Previous by thread: RE: PI/metro/geo [Re: The state of IPv6 multihoming development]
Next by thread: Re: PI/metro/geo [Re: The state of IPv6 multihoming development]
Index(es):
- Date
- Thread