[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: identity persistence and comparison issues

To: Brian E Carpenter <brc@zurich.ibm.com>
Subject: Re: identity persistence and comparison issues
From: Erik Nordmark <Erik.Nordmark@sun.com>
Date: Tue, 29 Jun 2004 06:00:27 -0700 (PDT)
Cc: Multi6 <multi6@ops.ietf.org>
In-reply-to: "Your message with ID" <40E152D7.6070002@zurich.ibm.com>
Reply-to: Erik Nordmark <Erik.Nordmark@sun.com>

> NAT breaks this assumption of course. But we are trying to repair the
> damage done by NAT. So I suggest that a multi6 goal should be that the
> thing an application gets back from an AAAA query, or any other source
> including manual config, must be a permanent identifier with the
> nice property that something below the socket API can transform it
> into a locator.

Agreed, except that temporary/permanent is not binary but a continutiy
of different lifetimes.

> Which leads me to wonder whether session survival for sessions using
> temporary things such as RFC 3041 addresses is a reasonable goal for
> multi6.

rfc 3041 temporary addresses have a default valid lifetime of 1 week.
So why wouldn't be reasonable for connections using such addresses
to be able to survive failures that last for a few minutes or hours?

Having said that, solutions which rely on the DNS for verifications
might be tricky unless the RFC 3041 addresses have forward and reverse DNS
entires (with a temporary FQDN to prevent correlation to the other
IP addresses of the host).

But this difficulty should distract from the desirability of making
things work for RFC 3041 addresses IMHO.

   Erik

References:
- Re: identity persistence and comparison issues
  - From: Brian E Carpenter <brc@zurich.ibm.com>

Prev by Date: Re: draft remarks [multi6-threats]
Next by Date: Re: Engaging apps folks
Previous by thread: Re: identity persistence and comparison issues
Next by thread: Re: identity persistence and comparison issues
Index(es):
- Date
- Thread