[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [RRG] Re: Does every host need a FQDN name in the future?//re:[RRG] draft-rja-ilnp-intro-01.txt

To: tony.li@tony.li
Subject: Re: [RRG] Re: Does every host need a FQDN name in the future?//re:[RRG] draft-rja-ilnp-intro-01.txt
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Date: Mon, 11 Aug 2008 11:23:53 +1200
Cc: 'Iljitsch van Beijnum' <iljitsch@muada.com>, 'Steven Blake' <slblake@petri-meat.com>, 'Sheng Jiang' <shengjiang@huawei.com>, rrg@psg.com
In-reply-to: <BD29DD893D8149AFA7117145E390542B@ad.redback.com>
Organization: University of Auckland
References: <002301c8f86b$bfa9bb20$5d0c6f0a@china.huawei.com> <1218110898.27730.14.camel@tachyon> <BAC000E3-CC43-480A-A15E-09ADE0558446@muada.com> <6D824360BE5146F39D491FF0E5E8FC60@ad.redback.com> <A1F3BC03-B69D-4DB1-8806-21F9F828C634@muada.com> <BD29DD893D8149AFA7117145E390542B@ad.redback.com>
User-agent: Thunderbird 2.0.0.6 (Windows/20070728)

On 2008-08-08 05:51, Tony Li wrote:
> Hi Iljitsch,
>  
> 
> |> |- can't filter on it, so this will be done on locators = no
> |> |renumberability
> |
> |> The local site *can* guarantee that an identifier is unique, so it  
> |> can in
> |> fact filter on inbound identifiers.  Filtering on remote 
> |identifiers  
> |> is
> |> trivially insecure (regardless of uniqueness) due to spoofing.
> |
> |The id/loc overload allows for a return routability check;  
> |cryptographic identifiers allow for a challenge.
> 
> 
> True, but now we're drifting into the realm of how much security is provided
> just by filtering.  My strong preference is that if you want security, it
> should be provided by real crypto, not just by identifier filtering.  Again,
> spoofing identifiers is going to happen.
> 
> 
> |> |- can't look locators up using the id, so a working locator must
> |> |always accompany id = reduced multihoming and mobility
> |
> |> I'm failing the logical leap here.  Could you spell out where this  
> |> is a
> |> problem?
> |
> |If you find yourself in the situation where the currently known  
> |locator(s) are unreachable, you can't ask the other side for 
> |locators.  
> |If you also can't look them up, you can't contact the correspondent  
> |through another locator and the session is dead or can't be  
> |established. With mobility this is especially likely as a mobile host  
> |will often not know its new locator before the old one stops working.
> |
> |In theory a locator->locator lookup would be possible, maybe through  
> |the DNS. In that case, the ID value is superfluous.
> 
> 
> Except that the locator isn't host-specific.  As before, you could
> conceivably do a reverse lookup on (locator, id) -> name -> {locator} to get
> the new set of locators.
> 
> 
> |Maybe we should simply deprecate identifiers. After all, I know who I  
> |am and you know who you are, and the packets get there through the  
> |locators. And if identity is really necessary, higher layers can  
> |manage it (TLS etc).
> 
> 
> Or, perhaps, you're taking Christian's side that the real identifier is the
> FQDN.  The locally unique identifier is simply a form of a nonce.  ;-)

No ;-) needed, I think. An identifier needs to be unique for as long as
it needs to be unique for. If we stipulate that no transport connection
has a lifetime greater than T, then the transport ID only needs
to be unique for T+epsilon. (Where lifetime means the time after which
all ends of the connection have deleted all relevant state.) So you can
imagine a world in which the FQDN is used in a discovery phase to get
a fresh unique transport ID and a set of locators that currently
reach that transport ID.

   Brian

--
to unsubscribe send a message to rrg-request@psg.com with the
word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg

References:
- RE: [RRG] Re: Does every host need a FQDN name in the future?//re:[RRG] draft-rja-ilnp-intro-01.txt
  - From: Sheng Jiang <shengjiang@huawei.com>
- RE: [RRG] Re: Does every host need a FQDN name in the future?//re:[RRG] draft-rja-ilnp-intro-01.txt
  - From: Steven Blake <slblake@petri-meat.com>
- Re: [RRG] Re: Does every host need a FQDN name in the future?//re:[RRG] draft-rja-ilnp-intro-01.txt
  - From: Iljitsch van Beijnum <iljitsch@muada.com>
- RE: [RRG] Re: Does every host need a FQDN name in the future?//re:[RRG] draft-rja-ilnp-intro-01.txt
  - From: "Tony Li" <tony.li@tony.li>
- Re: [RRG] Re: Does every host need a FQDN name in the future?//re:[RRG] draft-rja-ilnp-intro-01.txt
  - From: Iljitsch van Beijnum <iljitsch@muada.com>
- RE: [RRG] Re: Does every host need a FQDN name in the future?//re:[RRG] draft-rja-ilnp-intro-01.txt
  - From: "Tony Li" <tony.li@tony.li>

Prev by Date: RE: [RRG] Re: Six/One Router revised 2008-07-12 - IPsec
Next by Date: [RRG] Perplexing PMTUD and packet length observations
Previous by thread: RE: [RRG] Re: Does every host need a FQDN name in the future?//re:[RRG] draft-rja-ilnp-intro-01.txt
Next by thread: Re: [RRG] Re: Does every host need a FQDN name in the future?//re:[RRG] draft-rja-ilnp-intro-01.txt
Index(es):
- Date
- Thread