Re: I-D ACTION:draft-nordmark-multi6-sim-01.txt (Fwd)

[Dave Crocker <dhc@dcrocker.net>]

Erik,

EN>         Title           : Strong Identity Multihoming using 128 bit Identifiers (SIM/CBID128)

It would be helpful for the different proposals and specifications to
discussion adoption, administration, use and performance issues, as well as
design rationale.

Your spec has the Protocol Walthrough, which gives detail about some of the
usage effort. Explicit discussion about the critical adoption requirements
would be particularly helpful.

I am probably not reading the specification correctly, but it appears that SIM
requires:


ADOPTION

1. Modification to both endpoints, using a shim layer directly above IP

2. Addition of a DNS record type and expected modification of DNS servers, to
do differential processing, based on presence or absence of records of that
type, when a query for that record type is made

3. Modification of intermediate routers, to do locator re-writing.


DESIGN

As the spec notes, deferred validation of new locators adds complexity to the
protocol.

My question is, therefore, why you chose deferred validation, versus automatic
validation? In general, it would be helpful to understand the reasons for the
various choices made in SIM.

The use of context tags in every packet appears intended to provide a higher
level of protection than exists in current IP.

1) What is to prevent a wire-tapper from using the copying the tag?

2) If sites want this kind of per-packet extra protection, why not use IPSec
or TLS?

d/
--
 Dave Crocker <dcrocker-at-brandenburg-dot-com>
 Brandenburg InternetWorking <www.brandenburg.com>
 Sunnyvale, CA  USA <tel:+1.408.246.8253>