[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [RRG] RE: Is the flat identifier acceptable
On 2008-07-24 19:58, Iljitsch van Beijnum wrote:
> On 24 jul 2008, at 6:53, Tony Li wrote:
>
>> What happens
>> when the aggregation mechanism doesn't match your desired identifier
>> block?
>> Not everyone is clever enough to allocate addresses to match their
>> security
>> policies and the results are predictable: really long ACLs.
>
> If we accept the desire to base security policies on identifier
> semantics as a requirement we're going to get nowhere fast.
Agreed. After all, if you do a serious job on trust mechanisms
and verifiable identities, you'll end up re-inventing X.509
certificate semantics, and that probably won't fit into 128 bits.
I haven't followed HIP for quite a while, but something tells me
those people must have had this conversation a few years ago.
Bria
--
to unsubscribe send a message to rrg-request@psg.com with the
word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg