[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: GSE
> From: Kurt Erik Lindqvist <kurtis@kurtis.pp.se>
> I have re-read Mike O'Dells old draft from 1997. Can someone remind me
> what the reasons for not going with this was?
The main reason given at the time was that there was a security issue with
protecting the binding between the location and the identifier parts. (Duh.)
I was pretty irritated by the shallowness of that, because i) it's so obvious,
and ii) the possible fixes [too many different ones, with different tradeoffs,
to list here] are also so obvious. (I note that Mobile IPv6 has *exactly* the
same security problem, but the IPv6 intellegensia isn't down on Mobile
IPv6...)
The claim is that in classic IPv4/v6, you get a certain amount of security
from the fact that your identity and your location are inextricably bound
together. Steve Bellovin has written a critique of that claim which shows
that in fact the security that provides is not in fact very good at all.
Well, so much for all that.
Some of the more perceptive critics were uneasy with the way that the routing
goop got added and munged around with. It's a potentially complex process,
and IIRC it wasn't fully fleshed out. I thought that was a much more valid
concern.
Noel