[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: how mobile do we want to be
On 22-mrt-05, at 14:05, Dave Crocker wrote:
It's you and Avri who keep harping about mobility without addressing
the technical issues that I or others bring up in response.
There is no evidence that layer 3 mobility
is even useful or necessary,
that's not a technical claim.
I never claimed that all my claims are technical.
and the original discussions, a year or so
ago, had clear examples of interest, with mobile phones switcing
between
cell phone linkage and 802.11 linkage being one of the more
interesting.
You have to drill a bit deeper as mobile phones aren't an application
so it's impossible to determine whether they need layer 4 stability on
top of layer 3 mobility.
No, but it does need a home address, so you don't get multihoming
with
existing mobility. If you want multihoming AND mobility you need
strong
crypto to authenticate adding addresses to existing sessions.
1. the 'home address' model is needed in some mobility cases, but not
others. To assert that one is always needed is to presume details
about the
problem and solution space that haven't been stated.
Let me repeat some text from my first message to this list:
Please don't forget: adding a new address in the middle of a session is
a security nightmare. The only way this can be done reasonably is with
the help of strong crypto (magic PKI dust) or a home agent that is
impervious to on-path nastiness such as sniffing and MitM. Obviously,
for a good number of applications strong crypto isn't a problem as they
already use it today. But mandating strong crypto for *everything* is
very problematic for reasons of performance, configuration and
robustness. (Let the person who never clicked "accept" on an SSL
warning cast the first stone here.)
2. strong crypto is the typical choice for any mechanism that changes
addresses within a transport association.
Not sure I understand what you're talking about.
Are you saying that we need strong crypto and I should get over it?
Multihomed, mobile, simple: pick any two.
clever, but without foundation and certainly not a 'technical issue'.
Let's for a moment assume that all we need for mobility is a mechanism
to add new addresses to existing sessions. Can you tell me what kind of
architecture would allow this to happen in a way that is secure enough
that it isn't the weakest link in a mobile session over IPsec, but also
allows for autoconfiguration and doesn't increase computational
requirements significantly over the current situation?
We now have the situation that a group of people wants to do X.
Another
group of people wants to do X+Y. Does this mean the first group is
now
obiligated to do (X+Y), even though (X+Y) is much harder to solve
than
(X)+(Y)?
given the trauma caused by a shim-like change to the architecture and
given
the very poor history of getting these sorts of changes adopted by the
Internet user community, the answer ought to be yes.
I can go along with that for a bit, because I wish I could have been
there when MIPv6 started and have told them that they were going down
the wrong path and should have included multihoming support.
The trouble is that the type of input you're providing right now comes
at the wrong time. Despite the fact that it's a BOF the shim effort is
well underway, and starting from scratch would be a HUGE waste of time,
without any reason to believe that a new effort would result in
anything better, whatever "better" happens to be. The shim approach has
enormous potential for synergy with lots of other stuff, so I'm sure
that we're going to revist lots of issues somewhere down the line.
There is also a lot of good oldfashioned engineering to do (protocol
messages, failure detection, path selection, ingress filtering, the
list goes on). Experience so far has shown that these areas can impose
unforseen restrictions, so it's very important to get them out of the
way before widening the scope.