[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Identifier/locator recap
On Sun, 16 Mar 2003, Bound, Jim wrote:
> > - Locators must always be present in each packet. But what about the
> > identifiers? Do we include them in each packet (= tunneling) or are
> > they implied?
> If we can make them implied its an extra condition check for routers and
> hosts but will make the overall architecture less heavy and less to
> manage. I believe in overload though it is complex to implement not
> impossible.
Routers don't have to do anything, just the end points. Having the
identifier in each packet really doesn't buy you any simplicity since
the relationship between the locators and identifiers must be
authenticated to steer clear of endless security troubles.
> > There is also the question of what makes good identifiers.
> > HIP uses the fingerprint of a cryptographic key. MHAP uses
> > provider-independent IPv6 addresses that aren't visible in
> > the global routing table. I myself have suggested to use
> > FQDNs as the first choice.
> I suggest not being dependent on crypto anything is wise it implies PKI
> to the solution and I fear that is a non-starter?
No, HIP is smarter than that. But what I find troublesome with that
approach is that the identifiers are a flat 120+ bit space which makes
it incredibly hard to create a distributed way to look up properties for
identifiers.
> I do think we need to work on the Model so it is clear to all and then
> we can do the architecture and then apply implementation discussion?
Sounds good to me.
Iljitsch