[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [RRG] On "jack-down" models



On 3/16/08 5:15 AM, Tony Li allegedly wrote:
Handley posits the
use of multiple parallel connections between hosts, striping data across
these connections to instantiate a single, address-agile transport layer.
Implicit in this structure is a mechanism for the host to recognize that
these individual connections are part of a greater aggregated connection.
This has obvious security implications which will, in effect, require a
security association between hosts.  That security association effectively
requires some security token (e.g., a public-private key pair used to
compute a session key) so that the correspondent host can be assured that
the component connections are indeed related.  This security token is, for
all intents and purposes, a host identifier.

I question the very last step. The various multiplexed transport layer connections are unified by something at or above their level. Therefore an identification/authentication mechanism to unify them could be, perhaps should be, at a higher layer. It could be a transport-layer identity for the entire host, but certainly doesn't need to be. In fact I don't see a *requirement* for a network-layer or even transport-layer identity to be used in end-to-end authentication (routing yes).

> Accordingly, it seems
appropriate to christen this the "jack-down" model, as it jacks the network
layer down a notch and inserts a layer of host identification above the
network layer, leaving it firmly embedded in the transport layer.
Assuming that we retain our axioms from the start of this discussion, this
pretty clearly divides the solution space in two, and would seem to present
a full cover of the space, which I, for one, find somewhat satisfying.

"Jack-up" removed location from the IP address by introducing another relationship (edge-to-edge, ITR-ETR) below it. "Jack-down" would remove identity by introducing another relationship (e2e, authentication function) above it. The terminology seems reasonable and I can see why you would like the symmetry, but I'm not sure it's useful. :-)

First, there are intermediate schemes, for example those that do not remove all "address" functionality from EIDs but still use them for locally scoped routing.

Second, as I said above, I am quite unsure that the old way of thinking of general purpose end system IDs is actually useful. We can have network-layer identities, or transport-layer ones, but what will we use them for? The IP layer itself doesn't care what addresses are on the packets it receives. It's only higher layers that care. I'm on the verge of invoking the end-to-end argument, because it seems that as time goes on our needs for sophistication in higher layer identification and authentication increase, and that the transport layer shouldn't provide identity and authentication for its client layers, because in the future it won't be able to do an adequate, specific-enough job of it.

So we could have the very nice symmetric distinguisher of jack-up/jack-down, but it implies that the use of network-layer (maybe transport-layer) identifiers is architectually fundamental. I get the feeling that our thinking is evolving away from that.

I'll try to come up with other fundamental criteria instead.

Scott

--
to unsubscribe send a message to rrg-request@psg.com with the
word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg