Re: GSE IDs [Re: IETF multihoming powder: just add IPv6 and stir]

[Pekka Nikander <pekka.nikander@nomadiclab.com>]

Christian Huitema wrote:
> Having a 16+16 solution a la Mobile IPv6 may be fine, provided that the
> privacy-conscious can encrypt the correlation identifier (the second 16)
> in an encrypted exchange. And it would also be nice if the second 16 did
> not have to be present in every packet.
With the danger of repeating myself (which I apparently do),
I just want to remind that the above is more or less what
HIP does.  In HIP the second 16 is carried only during the
initial host-to-host state setup; after that both the second
16s are "compressed" into ESP SPI.

There is one problem with encrypting the second 16, which is
making stateful middleboxes harder to implement.  Thus, there
is a tradeoff between privacy and dealing with middle boxes
such as firewalls.  In the case of HIP, this is (partly) taken
care of by allowing the hosts to use several "second 16"s,
different ones for different purposes (or locations).  There
might be other alternatives, like partial encryption that
allows authorized middle boxes to learn, through some computation,
the real second 16s while making such a computation far too
expensive for third parties.

Secondly, in whichever solution is selected, we must remember
that the mapping from the identifiers to the locators (or from
DNS names to identifier/locator pairs) must be made secure enough
in a scalable manner.  Secure DNS has been shown not to be scalable
in practise.

--Pekka Nikander