[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [RRG] Identifiers & Security Associations



On 2008-05-26 12:49, Randall Atkinson wrote:
> Earlier, Brian Carpenter wrote:
...
> % In that role it could of course be replaced by some ID inserted
> % at a level above IP (as it is in IPSEC over UDP, in effect), but we
> % have to provide that at the same time as architecturally removing
> % e2e addressing. And if you do that *except* by inserting an alternative
> % 32 or 128 bit e2e quantity that looks just like an IP address, you
> % create unthinkable amounts of disturbance to upper layer running code.
> 
> That claim is NOT obvious to me.

...
> Perhaps you were thinking of some security approach other than
> IPsec or SSL/TLS ??

I think we don't know. Certainly the known cases are IPsec and TLS.
We could trawl in RFCs 3789 through 3796 for others, but that wouldn't
catch non-IETF protocols.

Note, I *fully agree that "good non-topological identifiers" are
what we should use; I'm only concerned about how to get there from
here without a deployment problem that is just as hard as the IPv6
deployment problem.

   Brian

--
to unsubscribe send a message to rrg-request@psg.com with the
word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg