[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: GSE



On Mon, 17 Feb 2003, Kurt Erik Lindqvist wrote:

> > I'm sure that once we agree on the requirements GSE can't meet them.  :-)

> Why wouldn't it?

No failover. If a host as A::1 and B::1 and I select A::1 but then this
path goes down, GSE doesn't tell me what I should do. But I guess if
we're going to overhaul TCP anyway (as is needed for GSE) we can fix
this too. Another problem: how do I prevent someone from using C::1 and
stealing A::1/B::1's sessions?

Doing it the MHAP way and replace the addresses in transit makes more
sense as it doesn't require changes to higher layers and the explicit
search-and-replace operation makes security easier. Or use implicit
rather than explicit identifiers so you only have to negotiate some
stuff at the start of the session.

I can't help you with your original question about GSE as I wasn't
around in IETF circles in 1997.  :-)