[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PI/metro/geo [Re: The state of IPv6 multihoming development]

To: Tony Li <Tony.Li@procket.com>
Subject: Re: PI/metro/geo [Re: The state of IPv6 multihoming development]
From: Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
Date: Wed, 6 Nov 2002 08:15:09 +0859 ()
Cc: alh-ietf@tndh.net, RJ Atkinson <rja@extremenetworks.com>, multi6@ops.ietf.org
In-reply-to: <D2EC481073504E498A8DB9C0687E8CAF01AD13C2@EXCHANGE0-0.na.procket.com>from Tony Li at "Nov 4, 2002 11:27:07 pm"

Tony Li;

> |   > And forged 
> |   > identifiers are trivial today.  
> |   
> |   By closely associating the identifier with the locator, forgery that
> |   actually results in a usable connection is traceable and
> |   compartmentalized with natural trust boundaries. 
> 
> 
> Yeah, but a connection is only ONE means of exchanging data.  Do you trust
> the single UDP DNS query?

16 bit ID in DNS messages is the cookie.

> I would happily agree that anything that is going to update the locator
> entries in DNS needs to be secured.  I would expect that this would
> be part of normal manual DNS updates for multihomed sites and some
> secure protocol would be involved for mobile hosts.

Why do you think DNS must be updated for multihoming?

> This seems very
> much analogous to what we have in v4 today.  Is there some issue with
> this approach?

So, multihoming mechanism should be unified with mobility.

							Masataka Ohta

References:
- RE: PI/metro/geo [Re: The state of IPv6 multihoming development]
  - From: "Tony Li" <Tony.Li@procket.com>

Prev by Date: Re: identifier uniqueness
Next by Date: Re: Transport multihoming
Previous by thread: RE: PI/metro/geo [Re: The state of IPv6 multihoming development]
Next by thread: RE: PI/metro/geo [Re: The state of IPv6 multihoming development]
Index(es):
- Date
- Thread