[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Minutes / Notes



Iljitsch;

> >> Well, let's hear it then. What are those errors?
> 
> > 1) On slide of "loc/id separation", the mapping from FQDN should not be
> 
> > 	FQDN -> ID -> Locators
> 
> > but should be
> 
> > 	FQDN -> (ID, Locators)
> 
> > to avoid extra mapping and possible security problem.
> 
> That's not an error. There is no way to pass all locators to the socket 
> API.

It means that there are additional errors.

First, it is not an API issue that, if multihoming can be handled
by the transport layer like TCP case, you can keep the current API.

Second, it is trivially easy to add a new address family to the socket
API to pass multiple addresses to it.

> > 2) On slide of pros and cons of "small", all the "cons" are wrong as 
> > follows.
> 
> > 	2.1) Work with unaggregatable MAC namespace
> > 	or break autoconfiguration
> 
> > 	Structured ID can be autoconfigured by DHCP.
> 
> DHCP doesn't exist (yet) in IPv6.

Wrong.

What does not exist in IPv6 is useful definition of autoconfiguration.

> And for good reason: it is very hard 
> to operate this in a useful way.

It is merely that it is very hard to operate IPv6 autoconfiguration
in a useful way.

But, that is not my problem.

> > 	2.2) Can't trust incoming id-loc association
> 
> > 	Association between an ID and locators is secure if they
> > 	are contained in a single packet.
> 
> So if I call you and say my name is George W. Bush and give you my 
> phone number, you believe the mapping between Bush' identity and my 
> phone number is correct because it all happened in one exchange?

Not at all.

Instead, mapping between a phone number as an ID and a phone number
as a locator is secure.

							Masataka Ohta.