Re: identity persistence and comparison issues

[marcelo bagnulo braun <marcelo@it.uc3m.es>]

El 28/06/2004, a las 14:45, Erik Nordmark escribió:

> > What if we just always show the application a long-lived identifier,
> > even though when it sets up a session we use ephemeral identifiers?
>
> That's part of what Jukka and I were pondering a bit.
> I think it is very interesting; just need to make sure that
> the additional local mapping on the host from the long-lived to
> the ephemeral doesn't introduce attacks that we don't know how to
> handle.

Terminology questions: the application would only use the stable (long 
lived) id, right?
The ephemeral id is internal to the multi6 layer, and it is not handled 
by the ULP, right?
would then this ephemeral id would be an id, or is this simply a key or 
a token, just as in IPSec or pbk?

regards, marcelo

> > If
> > the application then doesn't do referrals there is no issue as the
> > long-lived identifier doesn't leave the host. If it does "contact me 
> > at
> > xxx" type referrals there is also no problem as xxx is the long-lived
> > identifier so the reference remains valid over (a reasonable amount 
> > of)
> > time. Only in the case of "you'll hear from me and I'm xxx" type
> > referrals wouldn't work, but those won't work reliably in the presence
> > of multiple addresses anyway.
>
> And if the long-lived ID is one of the locators we can provide 
> compatbility
> for unmodified applications which do referrals and callbacks.
>
>   Erik