[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Fwd: Minutes / Notes
> From: "Christian Huitema" <huitema@windows.microsoft.com>
Christian, you've raised two important points. I'm going to reply to this one
first, separately.
> there are very different trade-offs. For example, a fundamental design
> choice) is the layer at which identifiers are maintain. Is it IP,
> transport or session?
> ...
> Another quite important design choice is the scope of the identifier. ..
> Is it a host? .. Consider clusters on one hand, multi-user systems on
> the other.
> ...
> Yet another design choice is the life-time of the identifier. .. And
> there are very different privacy and reliability implications between
> the two variations.
> ...
> I trust that much more than a identifier/location split designed by
> committee.
I think you're confusing two separate but related points.
Your points (expressed above) relate to the semantics and properties of a
potential "identity" name.
However, this is a *separate* set of questions from "do you split location
and identity".
If you do certain functional things, you *are* separating location and
identity, whether you admit it or not. For instance, MIPv6 separates location
and identity. The namespace they use for the "identity" name happens to be the
same namespace as the "location" namespace, but that's an orthagonal issue.
Anytime you separate location and identity, that separation brings with it
certain inevitable architectural and engineering points - and if you don't
believe me, take a look at the length of the MIPv6 spec. You have to secure
the binding, handle broken bindings, etc, etc, etc.
Similarly, iff you i) handle multi-homing with multiple addresses, and ii)
allow any "connection" which identifies the entity at the far end by its
address (such as TCP, as currently defined) to survive that address becoming
non-working - then you are again separating "location" and "identity", with
all the architectural and engineering issues that brings - *even if the
namespace you use for the "identity" name happens to be the same namespace as
the "location" namespace*, as in MIPv6.
It is for that reason that I press people to decide whether or not they really
need to support that capability, of having TCP connections survive the
failure of one address.
Having decided to separate location and identity, then you get to the
question of i) whether you use the same namespace for both, and if not ii)
what the properties of the second namespace are - the questions you raise
above.
But don't mistake these questions for the first question - of whether you do
the separation.
Noel