[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Draft: PI addressing derived from AS numbers
>>>>> "RJ" == RJ Atkinson <rja@extremenetworks.com> writes:
RJ> On Tuesday, Feb 25, 2003, at 08:06 America/Montreal, Erik Nordmark
RJ> wrote:
>> It would presumably be easier to maintain the compression state in the
>> transport protocols (due to fate sharing etc) than in a separate
>> entity, whether it is below transport in the endpoints or in a
>> separate box.
RJ> s/transport protocols/end systems/
RJ> Its not at all clear to me that such compression state belongs in
RJ> TCP/UDP/SCTP rather than being inside IP. In practice, any IPv6 host
RJ> has some amount of IPv6 protocol state. That is probably the right
RJ> place for this information.
RJ> That might well be reasonable. One would want to see the details
RJ> before drawing a firm conclusion, of course.
RJ> In my book, "reasonably strong binding" means some form of
RJ> cryptographic authentication.
Gosh, this sure sounds like the packets ought look like:
IPv6, AH, IPcomp-well-known-CPI, IPv6, TCP
^could be ESP-null
The IPsec SPI contains all the state that you need.
I assume that we'll worry about how to map end system identifier to locator
later.
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [