Re: stable vs address-derived v6 prefix [Re: v6 deployment in general [Re: tunnel broker deployment [RE: Tunneling scenarios and mechanisms evaluation]]]

[Pekka Savola <pekkas@netcore.fi>]

On Fri, 19 Mar 2004, Erik Nordmark wrote:
> > But MIPv4 has assumptions which I do not agree with.  It assumes you 
> > have an authenticated association with the Home Agent.  Here, the 
> > respective element is the tunnel server.
> > 
> > I do not want to require such authenticated association -- which is 
> > required if you want to have a stable v6 prefix which is independent 
> > of v4 address [/port].  I think this is a useful additional mechanism 
> > which can be used when authentication is available, but when it isn't 
> > -- there is no use requiring it!
> 
> You appear to be looking for a free lunch.
> Sufficiently secure, operationally robust, direct paths, and no
> need to "register".
> That is an overconstrained problem IMHO.

That certainly is; but I am do not want to solve "direct paths" in 
this kind of "tunnel server" solution -- and then I do not think the 
problem space is over-constrained.

As a matter of fact, Alain Durand reminded that "stable prefix"  
scenario introduces stricter security requirements in a sense -- as
noted in your multi6 security presentation on 3rd party bombing.  
You'll basically have to do (at least) return routability when you're
doing any actions associated with the v6 prefix.  If you tie the v6
prefix to the address/port you use, there is no need for that.

> I personally prefer "sufficiently secure" over the "no need to register"
> given the world we live in today.
> And lots of people seem to think it is ok to register to get
> a free email account at yahoo, hotmail, etc.
> Why do we think asking them to do the same thing to enable the cool
> applications running on IPv6 is out of the question?

I think it is important to enable a process where this could be done
transparently -- and easily enough.  Whether they would still want to
do authentication is a separate issue.

Many (most?) people don't know how to subscribe a free email support
(much less find one -- which is another difficult problem!), but we
want to enable IPv6 at their desks as well :).

> > I think the critical point here is whether we require this
> > registration protocol / user authentication in the mechanism, or
> > whether it's an optional step.  IMHO, we must not require that.
> 
> I actually think it is a mistake to define mechanisms that are *not
> capable* of doing registration with the same type of "tracability" that
> is done to sign up for a free email account.

This type of traceability is available from the tunnel server logs, 
similar to traceability of someone sending emails off such an account 
(many of which do not show the IP address of the sender).

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings