[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [RRG] Re: Does every host need a FQDN name in the future?//re:[RRG] draft-rja-ilnp-intro-01.txt

To: <tony.li@tony.li>
Subject: Re: [RRG] Re: Does every host need a FQDN name in the future?//re:[RRG] draft-rja-ilnp-intro-01.txt
From: Iljitsch van Beijnum <iljitsch@muada.com>
Date: Thu, 7 Aug 2008 19:32:24 +0200
Cc: "'Steven Blake'" <slblake@petri-meat.com>, "'Sheng Jiang'" <shengjiang@huawei.com>, <rrg@psg.com>
In-reply-to: <6D824360BE5146F39D491FF0E5E8FC60@ad.redback.com>
References: <002301c8f86b$bfa9bb20$5d0c6f0a@china.huawei.com> <1218110898.27730.14.camel@tachyon> <BAC000E3-CC43-480A-A15E-09ADE0558446@muada.com> <6D824360BE5146F39D491FF0E5E8FC60@ad.redback.com>

On 7 aug 2008, at 18:10, Tony Li wrote:

|- can't filter on it, so this will be done on locators = no
|renumberability

The local site *can* guarantee that an identifier is unique, so itcan infact filter on inbound identifiers. Filtering on remote identifiersis
trivially insecure (regardless of uniqueness) due to spoofing.

The id/loc overload allows for a return routability check;cryptographic identifiers allow for a challenge.

|- can't look locators up using the id, so a working locator must
|always accompany id = reduced multihoming and mobility

I'm failing the logical leap here. Could you spell out where thisis a
problem?

If you find yourself in the situation where the currently knownlocator(s) are unreachable, you can't ask the other side for locators.If you also can't look them up, you can't contact the correspondentthrough another locator and the session is dead or can't beestablished. With mobility this is especially likely as a mobile hostwill often not know its new locator before the old one stops working.

In theory a locator->locator lookup would be possible, maybe throughthe DNS. In that case, the ID value is superfluous.

Maybe we should simply deprecate identifiers. After all, I know who Iam and you know who you are, and the packets get there through thelocators. And if identity is really necessary, higher layers canmanage it (TLS etc).


--
to unsubscribe send a message to rrg-request@psg.com with the
word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg

Follow-Ups:
- Re: [RRG] Re: Does every host need a FQDN name in the future?//re:[RRG] draft-rja-ilnp-intro-01.txt
  - From: Scott Brim <swb@employees.org>
- Re: [RRG] Re: Does every host need a FQDN name in the future?//re:[RRG] draft-rja-ilnp-intro-01.txt
  - From: Steven Blake <slblake@petri-meat.com>
- RE: [RRG] Re: Does every host need a FQDN name in the future?//re:[RRG] draft-rja-ilnp-intro-01.txt
  - From: "Tony Li" <tony.li@tony.li>

References:
- RE: [RRG] Re: Does every host need a FQDN name in the future?//re:[RRG] draft-rja-ilnp-intro-01.txt
  - From: Sheng Jiang <shengjiang@huawei.com>
- RE: [RRG] Re: Does every host need a FQDN name in the future?//re:[RRG] draft-rja-ilnp-intro-01.txt
  - From: Steven Blake <slblake@petri-meat.com>
- Re: [RRG] Re: Does every host need a FQDN name in the future?//re:[RRG] draft-rja-ilnp-intro-01.txt
  - From: Iljitsch van Beijnum <iljitsch@muada.com>
- RE: [RRG] Re: Does every host need a FQDN name in the future?//re:[RRG] draft-rja-ilnp-intro-01.txt
  - From: "Tony Li" <tony.li@tony.li>

Prev by Date: Re: [RRG] Re: Six/One Router revised 2008-07-12 - IPsec
Next by Date: Re: [RRG] Six/One Router revised 2008-07-12 - IPsec
Previous by thread: RE: [RRG] Re: Does every host need a FQDN name in the future?//re:[RRG] draft-rja-ilnp-intro-01.txt
Next by thread: RE: [RRG] Re: Does every host need a FQDN name in the future?//re:[RRG] draft-rja-ilnp-intro-01.txt
Index(es):
- Date
- Thread