[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Identifier/locator recap

To: "Iljitsch van Beijnum" <iljitsch@muada.com>
Subject: RE: Identifier/locator recap
From: "Bound, Jim" <Jim.Bound@hp.com>
Date: Mon, 17 Mar 2003 10:20:18 -0500
Cc: <multi6@ops.ietf.org>

> > If we can make them implied its an extra condition check 
> for routers 
> > and hosts but will make the overall architecture less heavy 
> and less 
> > to manage.  I believe in overload though it is complex to implement 
> > not impossible.
> 
> Routers don't have to do anything, just the end points. 
> Having the identifier in each packet really doesn't buy you 
> any simplicity since the relationship between the locators 
> and identifiers must be authenticated to steer clear of 
> endless security troubles.

At the last hop to the node the identifier is needed by the router. 

> 
> > > There is also the question of what makes good 
> identifiers. HIP uses 
> > > the fingerprint of a cryptographic key. MHAP uses 
> > > provider-independent IPv6 addresses that aren't visible in the 
> > > global routing table. I myself have suggested to use FQDNs as the 
> > > first choice.
> 
> > I suggest not being dependent on crypto anything is wise it implies 
> > PKI to the solution and I fear that is a non-starter?
> 
> No, HIP is smarter than that. But what I find troublesome 
> with that approach is that the identifiers are a flat 120+ 
> bit space which makes it incredibly hard to create a 
> distributed way to look up properties for identifiers.

Not a fan of HIP.  But should I go down that rathole and my issues with
it?
At least for now.  Rather spend my energy on the model/architecture
agreement.

Thanks
/jim

Prev by Date: RE: Reducing Peerings for MH Routing within a site via end systems
Next by Date: Re: HIP and PKI reqs [RE: Identifier/locator recap]
Previous by thread: Re: Identifier/locator recap
Next by thread: Re: Identifier/locator recap
Index(es):
- Date
- Thread