[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: MAST and mip based solution
Dave,
> -----Mensaje original-----
> De: Dave Crocker [mailto:dhc@dcrocker.net]
> Enviado el: miercoles, 17 de septiembre de 2003 19:44
[...]
> mb> - Deployment. I think that it is clear that mip will be available much
>
> Unless I am missing something very basic -- and I readily admit
> that that is
> likely -- then MIP has problematic barriers to adoption.
>
> These barriers come in 3 ways:
>
> 1. How much software has to be built or changed.
>
> 2. How much infrastructure has to be changed (new software and/or new
> operational procedures.)
>
> 3. How difficult is it to use?
>
> I think that MIP loses on all 3 counts. It requires modification
> to the user
> stacks, and requires enhancements to infrastructure software and
> operations.
>
> The user platform must have a formal "home" network.
>
> All of the bells and whistles are required for even the simplest use.
>
Well, i would like to mention a coouple of issues about this:
Note that the functionality that it is required (at least from my pov) is
onlt the CN functionality. I mean, the idea is to try to benefit from
capabilities that are being inlcuded in end-hosts code right now.
So CN capabilities are not the most complex part. for instance, al the home
network complexity is not included
The other thing is that i don't think that mip has artificial complexity.
I mean, mip is complex, agree. But my question is, how do you manage to
provide a solution with al the required functionality and that it doesn't
introduce new security vulnerabilities to the internet without all this
complexity.
You can argue that for instance MAST is much simpler (i choose mast just as
an example), but how simple will it be when you provide proper security
features. My guess is that it will be at least as complex as mip.
> And mip works for mobility but not multihoming. If it offered major
> advantages over some of the alternative solutions, that might be
> fine. But I
> do not see those advantages.
About mip for multi-homing.
Yes, mip has some issues when trying to use it for multi-homing.
If you assume that an end-host solution is required (i include here
solutions that use some form of proxy in the site's network), you will find
that it is very difficult to provide a solution that doesn?t introduce new
security issues.
As far as i can see, the only solution that provide this is HIP.
The problem with hip is that it is a bit too revolutionary and requires a
lot of changes, not only in code but also in paradigm. We need to gain
experience and moving to hip will take some time IMHO.
So we need a bridge.
An option is to use current ipv4 style, just as Kurtis proposed a long time
ago...
The other option is to use a solution that it is not as secure as we would
like.
But when considering adopting a transient solution that is not optimal,
probably you want to minimize the effort, so it can deployed as fast as
possible.
IMHO a mip based solution suits fine with this constraints.
Regards, marcelo
>
>
> mb> - Overhead/MTU. I think that one of the main benefits of mast
> over a mip
> mb> based solution is related to the overhead and MTU reduction
> imposed by mip.
>
> yes. this benefit also applies to the transport-level solutions.
>
>
> mb> However, i think that mip signaling is really similar to the
> one required by
> mb> MAST. for instance bu messages contain alternative address
> information. I
> mb> mean, i think it should be interesting to evaluate if mip
> messages can be
> mb> used in a MAST implementation. Moreover, i think that the mip
> solution can
> mb> be optimized by just avoiding the usage of the HoA
> destination address and
> mb> the routing header.
>
> You are talking in terms that look like an effort to "converge"
> two or more
> designs. That will be excellent, if it can happen.
>
> The history of such efforts in the IETF is not all that positive,
> but I think
> that attempts to synthesize different proposals together always produces
> better understanding, if not fewer specifications.
>
>
> mb> Finally, the main problem that i find in mast is, as always,
> the security. I
> mb> mean, mast is vulnerable to time shifting attack and can be
> used to generate
> mb> flooding attacks, so more stuff is needed, just as in a mip
> based solution.
>
> As I've noted elsewhere, MAST is intentionally limited in what security it
> tries to provide. It can be made stronger and broader, but I think there
> needs to be a very clear understanding of the reasons more security is
> needed... for multiaddressing, rather than for overall enhancement of the
> Internet.
>
> As I have said, the latter goal is laudable... but it is an
> additional goal that is
> not essential to multiaddressing support.
>
>
>
> d/
> --
> Dave Crocker <dcrocker-at-brandenburg-dot-com>
> Brandenburg InternetWorking <www.brandenburg.com>
> Sunnyvale, CA USA <tel:+1.408.246.8253>
>