[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [RRG] RE: Is the flat identifier acceptable



On 2008-07-24 19:58, Iljitsch van Beijnum wrote:
> On 24 jul 2008, at 6:53, Tony Li wrote:
> 
>> What happens
>> when the aggregation mechanism doesn't match your desired identifier
>> block?
>> Not everyone is clever enough to allocate addresses to match their
>> security
>> policies and the results are predictable: really long ACLs.
> 
> If we accept the desire to base security policies on identifier
> semantics as a requirement we're going to get nowhere fast.

Agreed. After all, if you do a serious job on trust mechanisms
and verifiable identities, you'll end up re-inventing X.509
certificate semantics, and that probably won't fit into 128 bits.

I haven't followed HIP for quite a while, but something tells me
those people must have had this conversation a few years ago.

   Bria

--
to unsubscribe send a message to rrg-request@psg.com with the
word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg