Re: GSE IDs [Re: IETF multihoming powder: just add IPv6 and stir]

[Pekka Nikander <pekka.nikander@nomadiclab.com>]

Marcelo,

marcelo bagnulo wrote:
> Instead of including the HIP's HIT in the SPI, we could include it in
> the lower 64 bits of the IP addresses. This would imply that the 64
> lower bits could be used as identifiers and the 64 higher bits can be
> changed for routing purposes. Perhaps this would provide the security
> features needed for GSE to work in a stateless fashion.
I am afraid such a practice would fall within the
claims of the patent I know about.  Basically, the
widest claim cover anything that effectively does

  interface id = hash(public key | anything)

where | is concatenation (in any order).  Thus, to
circumvent that you both have to split the IPv6 address
into something else but 64+64, and call the right hand
(identifier) part something else but interface id.  And
even then I am not sure if you would be done.

But IANAL, so go and check the patent.  It can be found in
the British patent database fairly easily.

Then there is another problem.  64 bits is not quite enough
to be secure in the future.  See draft-aura-cga-00.txt for
the detailed analysis and a suggestion on how to work around
that limitation.

--Pekka Nikander