Re: proxy shim with hash in upper address bits?

[marcelo bagnulo braun <marcelo@it.uc3m.es>]

El 11/07/2007, a las 12:45, Iljitsch van Beijnum escribió:

> [catching up]
>
> After reading Marcelo's draft about a proxy implementation of shim6  
> a while ago I was somewhat disheartened: this is extremely hard to  
> do, mostly because an unsuspecting host would need to receive an  
> HBA-compatible address.

why do you think so?... you can deal with this doing dhcp delegation  
of the HBAs/CGAs? (you would be breaking stateless address autoconf,  
but i guess the same would happen if you need a reasonable amount of  
bits in the prefix to carry crypto information...)

> I know we had discussions in the past about putting crypto bits in  
> the _upper_ rather than the _lower_ bits of an address, which would  
> solve this problem very nicely. That would (of course) be  
> incompatible with the idea that shim6 identifiers are also PA  
> routable locators, but that's actually an advantage: by doing this  
> we'd be creating an identifier space for shim6 that's distinct from  
> regular routable address space and also from all forms of ULA.

Yes, creating a crypto prefix for the identifier namespace would bean  
option for dealing with this, but i guess it would break SAA

regards, marcelo

> The only problem that I see is that under the normal regime (/48  
> per site), the number of hash bits would be very limited. The only  
> way to solve that would be to annex most of the subnet bits, so we  
> can have 52 - 56 hash bits.
>
> Thoughts?