Re: GSE

["J. Noel Chiappa" <jnc@ginger.lcs.mit.edu>]

    > From: Iljitsch van Beijnum <iljitsch@muada.com>

    > No failover. If a host as A::1 and B::1 and I select A::1 but then this
    > path goes down, GSE doesn't tell me what I should do.

Right, this was one of the "unfinished" pieces.

But it's pretty easy to fix this one: at some point early on (either when you
do the DNS lookup, or in the ICP) you get the other viable addresses for the
host. So when one stops responding you can try others.

But it's more complex, because part of the motivation for GSE was not just
failover, but also the ability to do path-selection, and that's more complex.


    > Another problem: how do I prevent someone from using C::1 and stealing
    > A::1/B::1's sessions?

There are lots of ways that differ in the details, but basically the all use
crypto to authenticate; either any binding change, or the individual packets
- and you can make up zillions of different variants, depending on what your
concerns are.


    > Doing it the MHAP way and replace the addresses in transit makes more
    > sense as it doesn't require changes to higher layers

Umm, how does this differ from NAT? I guess the difference is that by the
time the packet gets to the other end, the original source and destination
addresses are back in it? So it's kind of invisble wrapping/unwrapping?

My concern about doing that is that now you've got state (those mappings) out
in the network - more complex and less robust. Let the hosts manage it.


    > Or use implicit rather than explicit identifiers so you only have to
    > negotiate some stuff at the start of the session.

If you crypto-secure binding changes, you get basically the same thing - you
only have to do anything extra when the prefix changes.


    > I can't help you with your original question about GSE as I wasn't
    > around in IETF circles in 1997. :-)

Trust me, those of us who were around at the time wish we weren't! It was
very painful watching the IPng bus get drive off the cliff....

	Noel