Re: identity persistence and comparison issues

[Erik Nordmark <Erik.Nordmark@sun.com>]

> What if we just always show the application a long-lived identifier, 
> even though when it sets up a session we use ephemeral identifiers? 

That's part of what Jukka and I were pondering a bit.
I think it is very interesting; just need to make sure that
the additional local mapping on the host from the long-lived to
the ephemeral doesn't introduce attacks that we don't know how to
handle.

> If 
> the application then doesn't do referrals there is no issue as the 
> long-lived identifier doesn't leave the host. If it does "contact me at 
> xxx" type referrals there is also no problem as xxx is the long-lived 
> identifier so the reference remains valid over (a reasonable amount of) 
> time. Only in the case of "you'll hear from me and I'm xxx" type 
> referrals wouldn't work, but those won't work reliably in the presence 
> of multiple addresses anyway.

And if the long-lived ID is one of the locators we can provide compatbility
for unmodified applications which do referrals and callbacks.

  Erik