BOUNCE multi6@ops.ietf.org: Admin request of type /\bsubscribe\b/i at line 7 (fwd)

[Kurtis Lindqvist <kurtis@kurtis.pp.se>]

Appproved: tered0
From iljitsch@muada.com Mon Mar 14 16:34:28 2005
Received: from [83.149.65.1] (helo=sequoia.muada.com)
	by psg.com with esmtps (TLSv1:AES256-SHA:256)
	(Exim 4.44 (FreeBSD))
	id 1DAsWS-000DEd-6D
	for multi6@ops.ietf.org; Mon, 14 Mar 2005 16:34:28 +0000
Received: from [IPv6:2001:1af8:6::20a:95ff:fecd:987a] (alumange-giga.muada.com [IPv6:2001:1af8:6:0:20a:95ff:fecd:987a])
	(authenticated bits=0)
	by sequoia.muada.com (8.12.10/8.12.10) with ESMTP id j2EGYGvZ069403
	(version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NO)
	for <multi6@ops.ietf.org>; Mon, 14 Mar 2005 17:34:16 +0100 (CET)
	(envelope-from iljitsch@muada.com)
Mime-Version: 1.0 (Apple Message framework v619.2)
Content-Transfer-Encoding: 7bit
Message-Id: <74db857d605d2c1b69e2f89f700d59e9@muada.com>
Content-Type: text/plain; charset=US-ASCII; format=flowed
To: Multi6 List <multi6@ops.ietf.org>
From: Iljitsch van Beijnum <iljitsch@muada.com>
Subject: Fwd: how mobile do we want to be
Date: Mon, 14 Mar 2005 17:34:23 +0100
X-Mailer: Apple Mail (2.619.2)
X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on psg.com
X-Spam-Level:
X-Spam-Status: No, score=-2.6 required=5.0 tests=AWL,BAYES_00 autolearn=ham
	version=3.0.1

Hi gang,

I sent this message to the new shim6 list two days ago, but I didn't
see any replies or any other messages for that matter, so I'm posting
it here as well.

If you want to subscribe to the shim6 list:

Interim mailing list for pre-discussion: shim6@psg.com

Join by sending "subscribe shim6" to majordomo@psg.com

Note that you have to be very careful in copying back the auth info,
any extra text or quote indicators will confuse majordomo. (Wasn't this
easier before?)


Begin forwarded message:

> From: Iljitsch van Beijnum <iljitsch@muada.com>
> Date: 12 maart 2005 16:44:58 GMT+01:00
> To: shim6@psg.com
> Subject: how mobile do we want to be

In the discussion in the BOF yesterday there were different viewpoints
on the relationship between mobility and multihoming in general and
shim6 in particular.

Apparently, some people are equating renumbering with mobility. Now
obviously mobility mechanisms can be used to renumber without skipping
a beat, but that doesn't mean mobility and renumbering are the same
thing.

I think the important difference is the timescale. In mobility, the
assumption is that TCP sessions and other state are longer-lived than
locator addresses. In site renumbering, I very much doubt that this is
the case. At the very least, we're talking about the order of days
here, and _very_ few sessions or associations last for days. So in
nearly all cases, site renumbering can be addressed with regular
stateless autoconfiguration address deprecation.

Please don't forget: adding a new address in the middle of a session is
a security nightmare. The only way this can be done reasonably is with
the help of strong crypto (magic PKI dust) or a home agent that is
impervious to on-path nastiness such as sniffing and MitM. Obviously,
for a good number of applications strong crypto isn't a problem as they
already use it today. But mandating strong crypto for *everything* is
very problematic for reasons of performance, configuration and
robustness. (Let the person who never clicked "accept" on an SSL
warning cast the first stone here.)

I think HBAs are a very good compromise between reasonable security and
usability. It would be a shame to throw this out the window just so one
or two applications are saved from reconnecting once in a blue moon. It
takes a lot of reconnects to waste the same amount of time that it
takes to obtain and install an X.509 certificate...