[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [RRG] Re: Should the identifier be used as local locator




On Jul 8, 2008, at 9:59 AM, Tony Li wrote:



|2/ an engineering judgment call of whether one could borrow MAC address
|    to serve the above purpose.
|    (this is similar to the existing TCP design of borrowing IP
|     address as part of TCP's connection ID)
|
|2/ represents an engineering tradeoff because the borrowing saves the
|trouble of managing another new ID space.


2/ also creates a significant security issue. If a MAC address is visible outside of the local subnet, then it implies that someone can track a host as it migrates across the Internet. That's been widely discussed during the first iteration of GSE and pretty generally viewed as a Bad Idea. At the very least, there needs to be a mechanism to escape from the MAC address and
jump to a separately assigned space.

Tony

the above is just one of the factors of why I call 2/ an engineering judgment call: it gives some saving, but definitely has associated cost with doing so.

If one has a clear description of all the desired properties of a true node ID, then one can see more clearly what are the costs of this borrowing idea.

Lixia

--
to unsubscribe send a message to rrg-request@psg.com with the
word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg