[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [RRG] Re: Does every host need a FQDN name in the future?//re:[RRG] draft-rja-ilnp-intro-01.txt



On 2008-08-08 05:51, Tony Li wrote:
> Hi Iljitsch,
>  
> 
> |> |- can't filter on it, so this will be done on locators = no
> |> |renumberability
> |
> |> The local site *can* guarantee that an identifier is unique, so it  
> |> can in
> |> fact filter on inbound identifiers.  Filtering on remote 
> |identifiers  
> |> is
> |> trivially insecure (regardless of uniqueness) due to spoofing.
> |
> |The id/loc overload allows for a return routability check;  
> |cryptographic identifiers allow for a challenge.
> 
> 
> True, but now we're drifting into the realm of how much security is provided
> just by filtering.  My strong preference is that if you want security, it
> should be provided by real crypto, not just by identifier filtering.  Again,
> spoofing identifiers is going to happen.
> 
> 
> |> |- can't look locators up using the id, so a working locator must
> |> |always accompany id = reduced multihoming and mobility
> |
> |> I'm failing the logical leap here.  Could you spell out where this  
> |> is a
> |> problem?
> |
> |If you find yourself in the situation where the currently known  
> |locator(s) are unreachable, you can't ask the other side for 
> |locators.  
> |If you also can't look them up, you can't contact the correspondent  
> |through another locator and the session is dead or can't be  
> |established. With mobility this is especially likely as a mobile host  
> |will often not know its new locator before the old one stops working.
> |
> |In theory a locator->locator lookup would be possible, maybe through  
> |the DNS. In that case, the ID value is superfluous.
> 
> 
> Except that the locator isn't host-specific.  As before, you could
> conceivably do a reverse lookup on (locator, id) -> name -> {locator} to get
> the new set of locators.
> 
> 
> |Maybe we should simply deprecate identifiers. After all, I know who I  
> |am and you know who you are, and the packets get there through the  
> |locators. And if identity is really necessary, higher layers can  
> |manage it (TLS etc).
> 
> 
> Or, perhaps, you're taking Christian's side that the real identifier is the
> FQDN.  The locally unique identifier is simply a form of a nonce.  ;-)

No ;-) needed, I think. An identifier needs to be unique for as long as
it needs to be unique for. If we stipulate that no transport connection
has a lifetime greater than T, then the transport ID only needs
to be unique for T+epsilon. (Where lifetime means the time after which
all ends of the connection have deleted all relevant state.) So you can
imagine a world in which the FQDN is used in a discovery phase to get
a fresh unique transport ID and a set of locators that currently
reach that transport ID.

   Brian

--
to unsubscribe send a message to rrg-request@psg.com with the
word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg