SEND IDs [Re: Comments on draft-nordmark-multi6-threats-01]

[Brian E Carpenter <brc@zurich.ibm.com>]

Iljitsch,

> On a related note: the SEND CGA stuff mandates using the subnet prefix 
> in creating the interface identifier and as such makes it impossible to 
> have the same interface identifier in different subnets. I was unable to 
> convince them of the error of their ways and apparently there was no 
> IETF last call or I missed it so now this stupidity is an RFC. We should 
> do our best to make sure there isn't any more of this.

(Co-chair hat is OFF.)

I happen to agree with you and disagree with Christian - there should
be a mode in SEND in which the CGA address is generated without including
the (typically /48) prefix which will vary between ISPs when multihomed.

There was a last call, you missed it, and I raised this point in
private email and lost.

For multi6, I believe we should not feel constrained by this. It would
be a fairly simple extension to SEND to allow this, and it might be
a very valuable functionality vs security tradeoff for a multihomed
site that wanted to run SEND.

   Brian