Re: GSE IDs [Re: IETF multihoming powder: just add IPv6 and stir]

[Iljitsch van Beijnum <iljitsch@muada.com>]

On donderdag, mei 8, 2003, at 13:10 Europe/Amsterdam, marcelo bagnulo 
wrote:

> I guess that what Brian means is that this (what you are describing) is
> not GSE anymore, since it is not stateless (which is a fundamental
> feature of GSE, as i see it)
No disagreement there.

> what you are describing sounds more like MHAP...
Originally, I wanted to write something that encompasses both MHAP and 
GSE. But:

  "The original GSE and 8+8 drafts split the IPv6 address in two 64-bit
   parts. The lower part is used within the site or subnet. Routers add
   the higher 64 bits as packets leave the site. Since hosts don't know
   the higher 64 bits their correspondent will see, they must disregard
   these bits, which has the relatively minor consequence that the TCP
   and UDP pseudo header used in checksum calculations must be changed.
   A more severe consequence is that the lower 64 bits must now be
   globally unique. This in turn makes it very easy to perform spoofing
   attacks, as an attacker can simply present arbitrary lower bits,
   thereby assuming any desired identity, while setting the higher bits
   such that the packets are routed back to the attacker and not to the
   host identified by the lower 64 bits. This vulnerability, breaking
   autoconfiguration and, to a lesser degree, the transport layer
   checksums, make adopting GSE or 8+8 unfeasible and undesirable."

Is there anyone who disagrees and feels stateless GSE is still viable?

The letter combination "GSE" will not appear in the title. The 
preliminary title is "Multihoming in IPv6 by Rewriting Addresses".