[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [RRG] Re: Does every host need a FQDN name in the future?//re:[RRG] draft-rja-ilnp-intro-01.txt

To: "'Iljitsch van Beijnum'" <iljitsch@muada.com>
Subject: RE: [RRG] Re: Does every host need a FQDN name in the future?//re:[RRG] draft-rja-ilnp-intro-01.txt
From: "Tony Li" <tony.li@tony.li>
Date: Thu, 7 Aug 2008 10:51:37 -0700
Cc: "'Steven Blake'" <slblake@petri-meat.com>, "'Sheng Jiang'" <shengjiang@huawei.com>, <rrg@psg.com>
In-reply-to: <A1F3BC03-B69D-4DB1-8806-21F9F828C634@muada.com>
References: <002301c8f86b$bfa9bb20$5d0c6f0a@china.huawei.com> <1218110898.27730.14.camel@tachyon> <BAC000E3-CC43-480A-A15E-09ADE0558446@muada.com> <6D824360BE5146F39D491FF0E5E8FC60@ad.redback.com> <A1F3BC03-B69D-4DB1-8806-21F9F828C634@muada.com>
Reply-to: <tony.li@tony.li>

Hi Iljitsch,
 

|> |- can't filter on it, so this will be done on locators = no
|> |renumberability
|
|> The local site *can* guarantee that an identifier is unique, so it  
|> can in
|> fact filter on inbound identifiers.  Filtering on remote 
|identifiers  
|> is
|> trivially insecure (regardless of uniqueness) due to spoofing.
|
|The id/loc overload allows for a return routability check;  
|cryptographic identifiers allow for a challenge.


True, but now we're drifting into the realm of how much security is provided
just by filtering.  My strong preference is that if you want security, it
should be provided by real crypto, not just by identifier filtering.  Again,
spoofing identifiers is going to happen.


|> |- can't look locators up using the id, so a working locator must
|> |always accompany id = reduced multihoming and mobility
|
|> I'm failing the logical leap here.  Could you spell out where this  
|> is a
|> problem?
|
|If you find yourself in the situation where the currently known  
|locator(s) are unreachable, you can't ask the other side for 
|locators.  
|If you also can't look them up, you can't contact the correspondent  
|through another locator and the session is dead or can't be  
|established. With mobility this is especially likely as a mobile host  
|will often not know its new locator before the old one stops working.
|
|In theory a locator->locator lookup would be possible, maybe through  
|the DNS. In that case, the ID value is superfluous.


Except that the locator isn't host-specific.  As before, you could
conceivably do a reverse lookup on (locator, id) -> name -> {locator} to get
the new set of locators.


|Maybe we should simply deprecate identifiers. After all, I know who I  
|am and you know who you are, and the packets get there through the  
|locators. And if identity is really necessary, higher layers can  
|manage it (TLS etc).


Or, perhaps, you're taking Christian's side that the real identifier is the
FQDN.  The locally unique identifier is simply a form of a nonce.  ;-)

Tony


--
to unsubscribe send a message to rrg-request@psg.com with the
word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg

Follow-Ups:
- Re: [RRG] Re: Does every host need a FQDN name in the future?//re:[RRG] draft-rja-ilnp-intro-01.txt
  - From: Brian E Carpenter <brian.e.carpenter@gmail.com>

References:
- RE: [RRG] Re: Does every host need a FQDN name in the future?//re:[RRG] draft-rja-ilnp-intro-01.txt
  - From: Sheng Jiang <shengjiang@huawei.com>
- RE: [RRG] Re: Does every host need a FQDN name in the future?//re:[RRG] draft-rja-ilnp-intro-01.txt
  - From: Steven Blake <slblake@petri-meat.com>
- Re: [RRG] Re: Does every host need a FQDN name in the future?//re:[RRG] draft-rja-ilnp-intro-01.txt
  - From: Iljitsch van Beijnum <iljitsch@muada.com>
- RE: [RRG] Re: Does every host need a FQDN name in the future?//re:[RRG] draft-rja-ilnp-intro-01.txt
  - From: "Tony Li" <tony.li@tony.li>
- Re: [RRG] Re: Does every host need a FQDN name in the future?//re:[RRG] draft-rja-ilnp-intro-01.txt
  - From: Iljitsch van Beijnum <iljitsch@muada.com>

Prev by Date: Re: [RRG] Six/One Router revised 2008-07-12 - IPsec
Next by Date: Re: [RRG] Re: Six/One Router revised 2008-07-12 - IPsec
Previous by thread: Re: [RRG] Re: Does every host need a FQDN name in the future?//re:[RRG] draft-rja-ilnp-intro-01.txt
Next by thread: Re: [RRG] Re: Does every host need a FQDN name in the future?//re:[RRG] draft-rja-ilnp-intro-01.txt
Index(es):
- Date
- Thread