Re: stable addressing

[Iljitsch van Beijnum <iljitsch@muada.com>]

[Sorry Brian, but I'm already rate limiting]

On 21-apr-04, at 15:16, marcelo bagnulo wrote:

> > Also, there is still the option of having cryptographic hashes in the
> > addresses. This would especially make sense with stable addresses. If
> > we can find enough bits the hash can be in the higher part of the
> > address so there is no need to make hosts aware of the existence of 
> > the
> > hash.

> I am not following, sorry.

In my draft I mainly talk about crypto hashes in the interface 
identifier part of the address:

[prefix=48][subnet=16][hash+control=48][hostnumber=16]

However, another option is:

[iana=4][hash=44][subnet=16][eui-64]

Unmodified hosts can simply get addresses within such a prefix through 
stateless address configuration and the middleboxes take care of the 
multihoming issues. Yes, very similar to son-of-site-local+NAT, but 
some important differences:

1. We get multihoming (NAT doesn't provide this)
2. The "real" address is communicated to the correspondent so it's 
transparent
3. The hash over a public key allows for simpler/stronger security in 
the
   multihoming negotiation mechanisms

Note that this can very well be an extension on top of NOID or 
something similar. This would give us the option to either be backward 
compatible OR have stable addressing + strong multihoming security. I 
think that comes pretty close to the ideal solution. (In that case we'd 
have both at the same time...)

Iljitsch