[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: threats ID

To: <iljitsch@muada.com>, <mbagnulo@ing.uc3m.es>
Subject: Re: threats ID
From: Dave Crocker <dhc@dcrocker.net>
Date: Sat, 24 Jan 2004 06:40:15 +0900
Cc: Multi6 List <multi6@ops.ietf.org>
In-reply-to: <87FABA0B-4B8C-11D8-9871-000A95CD987A@muada.com>
Reply-to: dcrocker@brandenburg.com

On Tue, 20 Jan 2004 22:06:35 +0100, Iljitsch van Beijnum wrote:
> I think there is some middle ground here, where sessions can be grouped
> in such that an optimal tradeoff between increased risk and decreased
> performance is found. However, this probably means the MH layer needs
> to know more than a few intimate details of what the transport
> protocols are up to.

Thinking about the role of a "shared" pool of address, as with SLAP, I 
realized that one kind of multiaddress set is limited to a single association, 
and that the sharing only works when multiple associations have some 
referential properties that are the same, but not others.  Originally, I 
thought that the shared pool would only be at the granularity of host-to-host.

John Wroclawski suggested distinguishing sets of locators by additional 
parameters (eg, quality of service).  I believe this is exactly in line with 
your suggestion. The idea of creating subsets in order to reduce risk from an 
individual compromise was not in the discussion, but I believe it is solved by 
the same mechanism. 

Define a pooling mechanism.  Permit an extensible set of parameters to define 
subsets of the pool (or at least to label individual address sets.)  The 
details for choosing and using particuler parameters can come later.  

d/

References:
- Re: threats ID
  - From: Iljitsch van Beijnum <iljitsch@muada.com>

Prev by Date: RE: threats ID
Next by Date: Re: architected shim layers [was Re: threats ID]
Previous by thread: Re: threats ID
Next by thread: Re: threats ID
Index(es):
- Date
- Thread