RE: Comments on draft-nordmark-multi6-threats-01

[Erik Nordmark <Erik.Nordmark@sun.com>]

> Well, I don't know whether hosts should use the same identifier for
> transactions with different third parties. Here, to, there are privacy
> implications. If I had a choice, I would go for the minimal possible
> requirement, i.e. an identifier for the abstract context for which
> continuity of communications is desired. I would also not assume that we
> should combine identifier and port number.

Section 8 in the draft talks about privacy considerations.

Given that the stack doesn't (and can't) know the continuity requirements
for some communication - this can be a lot more than the lifetime of
a transport connection - I think we need to have identifiers that can be
stable for more than the lifetime of a single transport connection.

Otherwise, even simple application patternss such as "call me back when done"
(which would cause a second transport connection in the reverse direction)
would fail.

  Erik