[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Move forward
On Wed, 12 Mar 2003, Iljitsch van Beijnum wrote:
> > Which realistic solutions _do_ meet those requirements?
>
> > Right..
>
> Address agile TCP, to name just one?
Some folks might not agree on its reality.
Besides, how can you manage e.g. inbound loadbalancing/traffic engineering
with that? I think that was one of those "we want everything"
requirements.
> > Mobility could be useful, IMO, if and only if you could secure a construct
> > like Binding Update with like, IPsec. And this is a non-starter at the
> > moment.
>
> IPsec isn't as evil as people think it is. I got it to work in a few
> hours. As long as we can have the IPsec just between the mobile host and
> the home agent this shouldn't really be a show stopper.
No, this is not enough. Such a model just shifts the problem around so
that we'd require "truly multihomed" home agents. IMO, that's not a
solution.
On the other hand, if global PKI existed and was usable, one could perform
"homeless mobility". Node X with addresses X_1 and X_2 (from different
ISP's) could just signal to the other endpoint that the sessions should
continue using the other address. But this authentication is not possible
today. In fact, if you take a few more steps in this direction, you'll
stumble upon HIP.
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings