Re: Draft: PI addressing derived from AS numbers

[Michael Richardson <mcr@sandelman.ottawa.on.ca>]

>>>>> "RJ" == RJ Atkinson <rja@extremenetworks.com> writes:
    RJ> On Tuesday, Feb 25, 2003, at 08:06 America/Montreal, Erik Nordmark
    RJ> wrote:
    >> It would presumably be easier to maintain the compression state in the
    >> transport protocols (due to fate sharing etc) than in a separate
    >> entity, whether it is below transport in the endpoints or in a
    >> separate box.

    RJ> s/transport protocols/end systems/

    RJ> Its not at all clear to me that such compression state belongs in
    RJ> TCP/UDP/SCTP rather than being inside IP.  In practice, any IPv6 host
    RJ> has some amount of IPv6 protocol state.  That is probably the right
    RJ> place for this information.

    RJ> That might well be reasonable.  One would want to see the details
    RJ> before drawing a firm conclusion, of course.

    RJ> In my book, "reasonably strong binding" means some form of
    RJ> cryptographic authentication.

  Gosh, this sure sounds like the packets ought look like:
	IPv6, AH, IPcomp-well-known-CPI, IPv6, TCP
               ^could be ESP-null
  The IPsec SPI contains all the state that you need. 

  I assume that we'll worry about how to map end system identifier to locator
later.
  
]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [