Hi Lixia, some comments on your draft: Le 22-juil.-08 à 18:56, Lixia Zhang a écrit :
[snip]
[snip]
From the above paragraph sounds like, differently from transport level solution, with the map-and-encap solution the benefits are significant from the beginning of the deployment, which in my opinion is not true. Both map-and-encap and transport solutions need to reach a "critical mass" before providing any significant benefit. Of course the point where gains start can be different for the two approaches. [snip]
“Any problem in computer science can be solved with another layer of indirection. But that usually will create another problem.” —David Wheeler My point is that even if separation can help in alleviating some kind of attacks, it could open the door to new kinds of attacks. We should be careful before stating that security is improved.
I remeber the talk and actually I was not convinced. But if you have made any progress and you have a pointer, I am interested.
We did some work on this subject: [snip]
[snip]
The use of multiple path is resilient to single path failure. Yet, somewhere you have to keep track of the individual paths. Otherwise you risk to assume the existence of something that in reality is not available anymore (path).
Here I'm confused. In the previous paragraph you claim the contrary. [snip]
[snip]
I really do not understand that. By SEPARATION I assume you mean loc/ID split. This, allows you to get rid of IDs in the core network. Since IDs can be PI addresses, this leads to ELIMINATION of non-aggregatable prefixes. So, can you clarify the difference? [snip] Cheers Luigi Iannone |