[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CELP (was RE:)

To: "marcelo bagnulo" <mbagnulo@ing.uc3m.es>
Subject: Re: CELP (was RE:)
From: Dave Crocker <dhc@dcrocker.net>
Date: Thu, 12 Feb 2004 11:00:37 -0800
Cc: "Dave Crocker" <dhc@dcrocker.net>, "Multi6 List" <multi6@ops.ietf.org>
In-reply-to: <LIEEJBCNFDJHFFKJJDPAAEPLDKAA.mbagnulo@ing.uc3m.es>
Organization: Brandenburg InternetWorking
References: <1092072812.20040212082242@brandenburg.com> <LIEEJBCNFDJHFFKJJDPAAEPLDKAA.mbagnulo@ing.uc3m.es>
Reply-to: Dave Crocker <dcrocker@brandenburg.com>

Marcelo,

mb> i agree with your divide and conquer approach and providing simple
mb> mechanisms initially as a mechanism to facilitate adoption.

ok.  however this suggests that the document should have an appendix
that contains a discussion of the longer-term issues. that way, any
near-term, "expedient" choices will be distinguished.



>> However, I believe that early, simple versions of a CELP implementation
>> may choose _not_ to have pair-wise entries. As you note, there is a good
>> reason for maintaining locator pairs. However I would expect the simpler
>> approach to be adequate for many situations.

mb> I mean, the source address used by multihomed sites implies at least the
mb> return path and in many scenarios also the forward path (because of the
mb> ingress filtering)

Do other folks also view this as a significant issue _today_?

I still operate under the possibly-false view of an Internet that is
mostly reachable. Perhaps partitioning is already too much of a problem,
for us to ignore this type of fine-grained mechanism?


>> mb> Furthermore, some proposals also include information about whether the
>> mb> locator has been verified or not.

mb> In this part i was talking about the security verifications, that's why the
mb> stronger and weaker language.

ahh.  ok.  certainly this is a major point of difference among the
different proposals.

However I think that it still permits a question about practical
importance, for early celp.

it is entirely possible that folks will view any reasonable
authentication scheme as sufficient, and that it is not important to
make distinctions in the strength -- beyond a minimal threshhold, of
course.

Admittedly, I am biased on this point. I think anything at the level of
purpose-built keys is fine, to ensure that later packets are from the
same source as the original packet. But not going beyond that type of
"weak" authentication. (And, by the way, I personally dislike the use of
the word 'weak' for labeling this scheme. the authentication mechanism
can be strong. and the contextual assurances can be strong. it is the
_global_ _identification_ that is weak or rather, non-existent...)


mb> About the simplified initial approach, i am not sure if this would be
mb> possible here either.

Excellent.  We have something to debate, because I want to disagree...

(That's a cue for others to contribute.)



d/
--
 Dave Crocker <dcrocker-at-brandenburg-dot-com>
 Brandenburg InternetWorking <www.brandenburg.com>
 Sunnyvale, CA  USA <tel:+1.408.246.8253>

Follow-Ups:
- RE: CELP (was RE:)
  - From: "marcelo bagnulo" <mbagnulo@ing.uc3m.es>
- Re: CELP (was RE:)
  - From: Kurt Erik Lindqvist <kurtis@kurtis.pp.se>

References:
- Re: CELP (was RE:)
  - From: Dave Crocker <dhc@dcrocker.net>
- RE: CELP (was RE:)
  - From: "marcelo bagnulo" <mbagnulo@ing.uc3m.es>

Prev by Date: RE: CELP (was RE:)
Next by Date: Re: Draft agenda for Seoul
Previous by thread: RE: CELP (was RE:)
Next by thread: Re: CELP (was RE:)
Index(es):
- Date
- Thread