Re: shim4 bar BoF in Dublin?

[Iljitsch van Beijnum <iljitsch@muada.com>]

On 4 jul 2008, at 9:46, Iljitsch van Beijnum wrote:

> This is NOT an effort to start any actual work, but just to see if  
> this makes any kind of sense or if it's completely insane: anyone  
> interested in discussing the possibilities for shim4 in the form of  
> a bar BoF in Dublin?

These are my preliminary ideas:

- It has to work through NAT. We don't have enough IPv4 addresses to  
give every host one, let alone multiple

- So the normal communication happens normally, shim6 signaling and  
data use the shim header encapsulated in UDP.

- Hosts use a STUN server to discover an external address / port pair  
that they can receive incoming packets on for each link to the  
internet that they have.

- Hosts make a list of external address / port pairs and create a hash  
chain that includes this list.

- Upon shim6 context establishment, the first hash and the address /  
port list are exchanged.

- When the normal communication stops, hosts contact each other using  
udp/shim encapsulated packets on the alternative addresses and use the  
hash chains to authenticate.

This is of course less secure than shim6 but if we require that only  
sessions set up in the same direction can be rehomed to another  
address and that we must be (reasonably) sure the communication on the  
primary path is no longer working, this isn't entirely trivial to break.