Well, the paper explains that it would be inconvenient for M to refer to
James Bond by location, e.g. "10 Market Street" and later "101 Main
Street". You use that to make the classic case for location independent
identifiers, but this case disregard the fact that while James Bond may
want to be known to M, he probably does not want to be immediately
recognized as James Bond by Goldfinger and Dr. No. In fact, when dealing
with these characters, being known by the current location may be vastly
preferable.
You do obtain some privacy by conducting a Diffie-Hellman exchange
before actually exchanging the identity. This will meet one of the
privacy requirements, by making the identity opaque to the third parties
in the path. However, you do not solve all the issues related to
permanent identities, i.e. that Mr. Bond wants to present uncorrelated
identities to M and to Goldfinger. In the latter case, we probably want
something much more light weight than a full cryptographic exchange --
some random number would be fine, along the lines of the COT/COTI
exchange in MIP6.
By the way, I did not actually analyze the way you suggest to use
Diffie-Hellman and public keys, but I have the impression that your
mechanism is very similar to IKE. This begs an obvious question.
Cryptographic protocols are notoriously hard to get right. Instead of
inventing a new one, we should probably work with the IPSEC working
group and either adapt IKE or make sure that the planned revision of IKE
also meets the needs of Multi6.
-- Christian Huitema