[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Identifiers

To: Brian E Carpenter <brc@zurich.ibm.com>
Subject: Re: Identifiers
From: Jari Arkko <jari.arkko@piuha.net>
Date: Wed, 24 Mar 2004 14:14:39 +0200
Cc: Iljitsch van Beijnum <iljitsch@muada.com>, Multi6 List <multi6@ops.ietf.org>
In-reply-to: <4061618A.14A2F4E6@zurich.ibm.com>
Organization: None
References: <200403231717.i2NHHZSj041614@givry.rennes.enst-bretagne.fr> <D79ED0BF-7D21-11D8-97C7-000A95CD987A@muada.com> <4061618A.14A2F4E6@zurich.ibm.com>
Reply-to: jari.arkko@piuha.net
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5) Gecko/20031007

Brian E Carpenter wrote:

Our problem is not ownership. It is surviving changes in existing connectivity


I suspect "ownership" is not defined in the above context well
enough to say whether it is or is not a part of our problem.
I agree that ownership as in "IANA has allocated this address
to me" is not an issue for multi6. On the other hand, address
ownership has also been used in other meanings as well, e.g.,
in SEND its "this address has been created by this node". This
might be within multi6 scope.

without opening the door to hijacking or DoS. All we need to authenticate
is that after a multihoming event, we are still talking to the same
entity at the other end.

Yes. Quoting a dictionary:

  Identity
     From Latin idem, ‘the same’.
     1. Sameness ...

So I believe the issues of identities and checking
the sameness of the entity at the other end are
the same thing (no pun intended).

Also, someone wrote earlier in the thread:

The main reason to forego having identifiers is that it is hard to
determine if a correspondent is rightfully using an identifier.


It is indeed necessary to determine this. But of course its
trivial if its a cryptographic identity such as HIT or CGA.
If its a human assigned identity, such as jarkko@piuha.net,
it would be much more troublesome (I don't recommend this).

More importantly, note that even if you don't have identifiers,
there's still a need to determine if the correspondent is rightfully
claiming a multihoming event. So I believe the rightfullness /
sameness check will be needed in any case.

Iljitsch wrote:

For now, we build a "no identifier" type solution.


Based on the above, I tend to think that we will always
have an identifier, the only question is how explicit/implicit
it is, and whether the identifier is a new identifier or an
existing one (such as FQDNs and IP addresses in NOID). The
other differentiator is how good security you get for
tying the protocol exchanges to the identifier, e.g.,
cryptographic signatures vs. relying on DNS.

--Jari

Follow-Ups:
- RE: Identifiers
  - From: "marcelo bagnulo" <mbagnulo@ing.uc3m.es>

References:
- Re: Identifiers
  - From: Francis Dupont <Francis.Dupont@enst-bretagne.fr>
- Re: Identifiers
  - From: Iljitsch van Beijnum <iljitsch@muada.com>
- Re: Identifiers
  - From: Brian E Carpenter <brc@zurich.ibm.com>

Prev by Date: RE: Identifiers
Next by Date: Re: Identifiers
Previous by thread: Re: Identifiers
Next by thread: RE: Identifiers
Index(es):
- Date
- Thread