[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [RRG] Identifiers & Security Associations
- To: Randall Atkinson <rja@extremenetworks.com>, Brian E Carpenter <brian.e.carpenter@gmail.com>
- Subject: Re: [RRG] Identifiers & Security Associations
- From: Peter Sherbin <pesherb@yahoo.com>
- Date: Mon, 26 May 2008 15:48:52 -0700 (PDT)
- Cc: IRTF Routing RG <rrg@psg.com>
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Received:X-Mailer:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Message-ID; b=FhJSmskReUp7Nw/AzK+EhJJigWzskNToZcpUTV7WPZVSC63kuN9DNIkV1vV8LDyu+Fzw1JSDA10Z9FCFZCcu43ds3YPIWKuyroek34RRzhwFKAFzhXJ0XDduJ7v2xv/Eu+lcyNPWzg182fXakgtmce0EV6NPteyP6LHZOizaJHk=;
- In-reply-to: <483A164D.1030909@gmail.com>
- Reply-to: pesherb@yahoo.com
>I'm only concerned about how to get there from here without a deployment >problem
If you give ISPs as well as all end users a number of id's to name interfaces and such, there might be no need to change sw in hosts. Routers will get their own names too. Host Name + Router Name + Router Locator = IP Address as it is today. Hence there is no need to change the routing. I.e. what is left is to provide a flat names' set and a separate hierarchical locators' set, right?
Thank you,
Peter
--- On Sun, 5/25/08, Brian E Carpenter <brian.e.carpenter@gmail.com> wrote:
> From: Brian E Carpenter <brian.e.carpenter@gmail.com>
> Subject: Re: [RRG] Identifiers & Security Associations
> To: "Randall Atkinson" <rja@extremenetworks.com>
> Cc: "IRTF Routing RG" <rrg@psg.com>
> Date: Sunday, May 25, 2008, 9:45 PM
> On 2008-05-26 12:49, Randall Atkinson wrote:
> > Earlier, Brian Carpenter wrote:
> ...
> > % In that role it could of course be replaced by some
> ID inserted
> > % at a level above IP (as it is in IPSEC over UDP, in
> effect), but we
> > % have to provide that at the same time as
> architecturally removing
> > % e2e addressing. And if you do that *except* by
> inserting an alternative
> > % 32 or 128 bit e2e quantity that looks just like an
> IP address, you
> > % create unthinkable amounts of disturbance to upper
> layer running code.
> >
> > That claim is NOT obvious to me.
>
> ...
> > Perhaps you were thinking of some security approach
> other than
> > IPsec or SSL/TLS ??
>
> I think we don't know. Certainly the known cases are
> IPsec and TLS.
> We could trawl in RFCs 3789 through 3796 for others, but
> that wouldn't
> catch non-IETF protocols.
>
> Note, I *fully agree that "good non-topological
> identifiers" are
> what we should use; I'm only concerned about how to get
> there from
> here without a deployment problem that is just as hard as
> the IPv6
> deployment problem.
>
> Brian
>
> --
> to unsubscribe send a message to rrg-request@psg.com with
> the
> word 'unsubscribe' in a single line as the message
> text body.
> archive: <http://psg.com/lists/rrg/> &
> ftp://psg.com/pub/lists/rrg
--
to unsubscribe send a message to rrg-request@psg.com with the
word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg