[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Identifiers

To: "Iljitsch van Beijnum" <iljitsch@muada.com>
Subject: RE: Identifiers
From: "Kanchei Loa" <loa@ieee.org>
Date: Tue, 23 Mar 2004 09:58:31 -0700
Cc: "Multi6 List" <multi6@ops.ietf.org>
In-reply-to: <EB9AC3F2-7CDD-11D8-9771-000A95CD987A@muada.com>

Hi Iljitsch,
I personally prefer  solutions with identifier or identifier extension as
you described. But I thought this
WG is still at architecture analysis phase, which is agnostic to all
proposals.

---------
Kanchei Loa
loa@ieee.org

> -----Original Message-----
> From: owner-multi6@ops.ietf.org
> [mailto:owner-multi6@ops.ietf.org]On Behalf Of Iljitsch van Beijnum
> Sent: Tuesday, March 23, 2004 8:23 AM
> To: Multi6 List
> Subject: Identifiers
>
>
> Looking at the proposed solutions, it seems that we have been
> gravitating towards locator agility without explicit identifiers. While
> that's certainly a valid approach, I think we should take a few moments
> to consider identifier issues.
>
> The main reason to forego having identifiers is that it is hard to
> determine if a correspondent is rightfully using an identifier.
> However, this is not the case for two classes of potential identifiers:
>
> 1. Identifiers with a cryptographic nature, such as the ones proposed
> for HIP. Since the identifier is a hash of a public key, proving
> ownership is trivial given a few round trips and CPU cycles.
>
> 2. FQDNs with a certificate that leads back to a trusted authority.
> These are in relative wide use today for SSL.
>
> It stands to reason that future developments will lead to new types of
> verifyable identifiers. I think this invalidates the assumption that
> verifying the authenticity of identifiers is too hard a priori. Rather,
> the question should be whether we are willing to accept the necessary
> complexity to allow extensible identifier authentication in our multi6
> solution of choice. In this regard, it should be interesting to see
> what the MOBIKE people are up to.
>
> Personally, I think the best choice would be to remain agnostic about
> the identifier issue for now, but build our negotiation protocol such
> that they can be added easily later. For now, we build a "no
> identifier" type solution. Solving the problem of how a correspondent
> proves ownership of an identifier can then be deferred until such time
> that someone actually wants to extend the multi6 solution to support
> identifiers. So the only thing we have to do now is make sure the
> protocols are flexible enough to allow such extensions.
>
> Thoughts?
>
>

Follow-Ups:
- Re: Identifiers
  - From: Iljitsch van Beijnum <iljitsch@muada.com>

References:
- Identifiers
  - From: Iljitsch van Beijnum <iljitsch@muada.com>

Prev by Date: Re: Identifiers
Next by Date: Re: Identifiers
Previous by thread: Re: Identifiers
Next by thread: Re: Identifiers
Index(es):
- Date
- Thread