[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [RRG] RE: Is the flat identifier acceptable

To: Iljitsch van Beijnum <iljitsch@muada.com>
Subject: Re: [RRG] RE: Is the flat identifier acceptable
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Date: Fri, 25 Jul 2008 09:33:10 +1200
Cc: tony.li@tony.li, 'Xu Xiaohu' <xuxh@huawei.com>, 'Jari Arkko' <jari.arkko@piuha.net>, 'Dino Farinacci' <dino@cisco.com>, 'RJ Atkinson' <rja@extremenetworks.com>, 'IRTF Routing RG' <rrg@psg.com>
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:organization:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; b=Qrs6rI3aE61z/qjSzXq8IlZJiWMGeeAxRMF/rzYz/2z+7CVVieXChAn3CW3ivhdRKd QkeujaEA8GXUN4gZoLZQOSBhtpGT3zxhU/RG/uJB/jcPBrouNTzlbznG9uzYHZhmFerT DVOXD0DSLojqZUzdazCWxaw4IZMSCx7fDw/oY=
In-reply-to: <73270C69-B904-47BF-8201-1EFF3C82E867@muada.com>
Organization: University of Auckland
References: <48873DA4.7040103@piuha.net> <008101c8ed41$1c8c19e0$330c6f0a@china.huawei.com> <55D64C7E2BC048D297A57D6370D43022@ad.redback.com> <73270C69-B904-47BF-8201-1EFF3C82E867@muada.com>
User-agent: Thunderbird 2.0.0.6 (Windows/20070728)

On 2008-07-24 19:58, Iljitsch van Beijnum wrote:
> On 24 jul 2008, at 6:53, Tony Li wrote:
> 
>> What happens
>> when the aggregation mechanism doesn't match your desired identifier
>> block?
>> Not everyone is clever enough to allocate addresses to match their
>> security
>> policies and the results are predictable: really long ACLs.
> 
> If we accept the desire to base security policies on identifier
> semantics as a requirement we're going to get nowhere fast.

Agreed. After all, if you do a serious job on trust mechanisms
and verifiable identities, you'll end up re-inventing X.509
certificate semantics, and that probably won't fit into 128 bits.

I haven't followed HIP for quite a while, but something tells me
those people must have had this conversation a few years ago.

   Bria

--
to unsubscribe send a message to rrg-request@psg.com with the
word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg

References:
- Re: [RRG] IEEE EUI-64 as an Identifier format
  - From: Jari Arkko <jari.arkko@piuha.net>
- [RRG] Is the flat identifier acceptable
  - From: Xu Xiaohu <xuxh@huawei.com>
- [RRG] RE: Is the flat identifier acceptable
  - From: "Tony Li" <tony.li@tony.li>
- Re: [RRG] RE: Is the flat identifier acceptable
  - From: Iljitsch van Beijnum <iljitsch@muada.com>

Prev by Date: Re: [RRG] thoughts on the design space 3: caching
Next by Date: Re: [RRG] Six/One Router Design Clarifications
Previous by thread: Re: [RRG] RE: Is the flat identifier acceptable
Next by thread: [RRG] Re: Is the flat identifier acceptable
Index(es):
- Date
- Thread