[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: New multi6 draft: WIMP

To: Dave Crocker <dcrocker@brandenburg.com>
Subject: Re: New multi6 draft: WIMP
From: Pekka Nikander <pekka.nikander@nomadiclab.com>
Date: Wed, 18 Feb 2004 09:24:24 +0200
Cc: <multi6@ops.ietf.org>, <jari.arkko@ericsson.com>, Erik Nordmark <Erik.Nordmark@sun.com>, "Vesa Torvinen (JO/LMF)" <vesa.torvinen@ericsson.com>, Jukka Ylitalo <jukka.ylitalo@nomadiclab.com>, Iljitsch van Beijnum <iljitsch@muada.com>
In-reply-to: <1289992244.20040217131511@brandenburg.com>
References: <4017DBF3.1070704@nomadiclab.com> <B649FB88-5F40-11D8-B5AA-000A95CD987A@muada.com> <4030A3E0.7010306@nomadiclab.com> <1289992244.20040217131511@brandenburg.com>

Dave,

Although the paradigmatic differences probably affect one's list of
issues or "modules", my own view is:


As we apparently share the same paradigm, your list looks
good to me.  Some further thoughts:

- Association establishment


An interesting aspect here is the idea of a "staged"
association establishment.  That is, maybe you could initially
just exchange a couple of identifiers and/or hash anchors and
check the reachability of the primary address as a side effect.
All further checks, i.e. reachability of other addresses,
establishing strong identity via public key crypto, etc,
could be "delayed" and performed only if needed.

- Endpoint-pair context identification


To me, it looks like that we have to look at this on two or
perhaps three levels.  One is how to identify the context
initially, before the end-points have exchanged any messages.
The second one is the way the context is identified in the
control protocol, and the third one how the context is
identified in the actual payload packets.  Apparently, some
of these may overlap, depending on the details.

- Authentication of the control exchange


Here the minimal requirements seem to be covered by
Erik's draft (I know that some WG members disagree, but
that is at least party due to different paradigm, IMHO.)
However, especially if the "staged" association establishment
idea is used, it may be possible to introduce more secure
("strong" or "semi-strong" instead of "weak") authentication
on demand.

  - Updates to the pool of locators for the context
  - Rendezvous (for mobile targets)


I think that we have to make a distinction between initial
rendezvous, or finding a mobile target before there is any
association, and rendezvous while there is an active
association.

And then we have the "third party rendezvous", which I
would like to call referral.  That is, handing over an
identifier (IP address or other) to a third host, so that
it can create an association with the identified end-point.

- Control exchange transport

By way of example, MAST has a very large hand-wave with respect to the
details of control exchange authentication. ...


HIP, on the other hand, has very well defined control exchange
authentication, but many people consider it too heavy.  The
"staged" idea might be able to help there.  It looks like that
HIP is weakest in its handling of the address pool and in some
aspects of rendezvous.

--Pekka

Follow-Ups:
- Re: New multi6 draft: WIMP
  - From: Dave Crocker <dhc@dcrocker.net>

References:
- New multi6 draft: WIMP
  - From: Jukka Ylitalo <jukka.ylitalo@nomadiclab.com>
- Re: New multi6 draft: WIMP
  - From: Iljitsch van Beijnum <iljitsch@muada.com>
- Re: New multi6 draft: WIMP
  - From: Jukka Ylitalo <jukka.ylitalo@nomadiclab.com>
- Re: New multi6 draft: WIMP
  - From: Dave Crocker <dhc@dcrocker.net>

Prev by Date: Re: New multi6 draft: WIMP
Next by Date: modules of a mh solution (was RE: New multi6 draft: WIMP)
Previous by thread: Re: New multi6 draft: WIMP
Next by thread: Re: New multi6 draft: WIMP
Index(es):
- Date
- Thread