[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [RRG] Identifiers & Security Associations

To: Randall Atkinson <rja@extremenetworks.com>
Subject: Re: [RRG] Identifiers & Security Associations
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Date: Mon, 26 May 2008 13:45:49 +1200
Cc: IRTF Routing RG <rrg@psg.com>
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:organization:user-agent:mime-version:to:cc:subject:references:in-reply-to:content-type:content-transfer-encoding; b=QvFWCBeKAINmBkxa02Rjl2MmpGya5SeeWXWo5Z1w49n81KJSm2/nT35qhi2FYUoaQFgx0ZDD094WN7MlDnv21YxztQhdSSGCtfWfL2a2goFCNJ70NrGyTR70qnySyKDVrgCG1RV2dtNzVo0LM5lNBJIcoLTKPdjCG48J039rVD4=
In-reply-to: <8329C86009B2F24493D76B486146769A9DDC073B@USEXCHANGE.corp.extremenetworks.com>
Organization: University of Auckland
References: <8329C86009B2F24493D76B486146769A9DDC073B@USEXCHANGE.corp.extremenetworks.com>
User-agent: Thunderbird 2.0.0.6 (Windows/20070728)

On 2008-05-26 12:49, Randall Atkinson wrote:
> Earlier, Brian Carpenter wrote:
...
> % In that role it could of course be replaced by some ID inserted
> % at a level above IP (as it is in IPSEC over UDP, in effect), but we
> % have to provide that at the same time as architecturally removing
> % e2e addressing. And if you do that *except* by inserting an alternative
> % 32 or 128 bit e2e quantity that looks just like an IP address, you
> % create unthinkable amounts of disturbance to upper layer running code.
> 
> That claim is NOT obvious to me.

...
> Perhaps you were thinking of some security approach other than
> IPsec or SSL/TLS ??

I think we don't know. Certainly the known cases are IPsec and TLS.
We could trawl in RFCs 3789 through 3796 for others, but that wouldn't
catch non-IETF protocols.

Note, I *fully agree that "good non-topological identifiers" are
what we should use; I'm only concerned about how to get there from
here without a deployment problem that is just as hard as the IPv6
deployment problem.

   Brian

--
to unsubscribe send a message to rrg-request@psg.com with the
word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg

Follow-Ups:
- Re: [RRG] Identifiers & Security Associations
  - From: Peter Sherbin <pesherb@yahoo.com>
- RE: [RRG] Identifiers & Security Associations
  - From: Randall Atkinson <rja@extremenetworks.com>

References:
- [RRG] Identifiers & Security Associations
  - From: Randall Atkinson <rja@extremenetworks.com>

Prev by Date: [RRG] Identifiers & Security Associations
Next by Date: Re: [RRG] Consensus? IPv4 scaling problem must be solved directly, not by relying on migration to IPv6
Previous by thread: [RRG] Identifiers & Security Associations
Next by thread: RE: [RRG] Identifiers & Security Associations
Index(es):
- Date
- Thread