Re: [RRG] On "jack-down" models

[Scott Brim <swb@employees.org>]

On 3/16/08 5:15 AM, Tony Li allegedly wrote:
> Handley posits the
> use of multiple parallel connections between hosts, striping data across
> these connections to instantiate a single, address-agile transport layer.
> Implicit in this structure is a mechanism for the host to recognize that
> these individual connections are part of a greater aggregated connection.
> This has obvious security implications which will, in effect, require a
> security association between hosts.  That security association effectively
> requires some security token (e.g., a public-private key pair used to
> compute a session key) so that the correspondent host can be assured that
> the component connections are indeed related.  This security token is, for
> all intents and purposes, a host identifier.  

I question the very last step.  The various multiplexed transport layer 
connections are unified by something at or above their level.  Therefore 
an identification/authentication mechanism to unify them could be, 
perhaps should be, at a higher layer.  It could be a transport-layer 
identity for the entire host, but certainly doesn't need to be.  In fact 
I don't see a *requirement* for a network-layer or even transport-layer 
identity to be used in end-to-end authentication (routing yes).

> Accordingly, it seems
> appropriate to christen this the "jack-down" model, as it jacks the network
> layer down a notch and inserts a layer of host identification above the
> network layer, leaving it firmly embedded in the transport layer.
> Assuming that we retain our axioms from the start of this discussion, this
> pretty clearly divides the solution space in two, and would seem to present
> a full cover of the space, which I, for one, find somewhat satisfying.

"Jack-up" removed location from the IP address by introducing another 
relationship (edge-to-edge, ITR-ETR) below it.  "Jack-down" would remove 
identity by introducing another relationship (e2e, authentication 
function) above it.  The terminology seems reasonable and I can see why 
you would like the symmetry, but I'm not sure it's useful. :-)

First, there are intermediate schemes, for example those that do not 
remove all "address" functionality from EIDs but still use them for 
locally scoped routing.

Second, as I said above, I am quite unsure that the old way of thinking 
of general purpose end system IDs is actually useful.  We can have 
network-layer identities, or transport-layer ones, but what will we use 
them for?  The IP layer itself doesn't care what addresses are on the 
packets it receives.  It's only higher layers that care.  I'm on the 
verge of invoking the end-to-end argument, because it seems that as time 
goes on our needs for sophistication in higher layer identification and 
authentication increase, and that the transport layer shouldn't provide 
identity and authentication for its client layers, because in the future 
it won't be able to do an adequate, specific-enough job of it.

So we could have the very nice symmetric distinguisher of 
jack-up/jack-down, but it implies that the use of network-layer (maybe 
transport-layer) identifiers is architectually fundamental.  I get the 
feeling that our thinking is evolving away from that.

I'll try to come up with other fundamental criteria instead.

Scott

--
to unsubscribe send a message to rrg-request@psg.com with the
word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg