Hosting Provided By

Re: [Hipsec-rg] RE: feedback from draft-hip-applications-02

From: Pekka Nikander <pekka.nikander(at)nomadiclab.com>
Date: Thu Mar 02 2006 - 23:39:00 EST

Miika,

Thanks for your thoughtful comments!

>> The term LSI is not described in ESP or BEET drafts, yet we found

This double-binding should not be allowed. If there are two apps, the second binding attempt should fail with EISCONN or a similar error. If there is only one app, then the situation is slightly trickier since there exist legacy server apps that want to separately bind IPv4 and IPv6 socks for the same server port. In that case I would advice for a hack that allows the double binding but directs all incoming connections to the IPv6 sock.

>> The LSI and HIT point to the same public key. In this case, the

I think the rule above should be sufficient to disambiguate the situation.

>> There are two choices to overcome the first problem. Either you

Do you need help?
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related honor.cybertrust.com Links hipsec-rg Request more information about Pantek

As I argued above, both of these might be OK, depending of the situation.

>> Jan convinced me that the latter alternative sounds better, just

See above.

>> The second problem with use LSIs is that the underlying

I agree with Tom. This is a no-issue.

>> The third problem is about referrals, a topic which you slightly

As argued in draft-laganier-ipv6-khi-01.txt, the plan is to eventually make HITs "routable", or at least universally mappable to locators. This is a topic of active research, as you know.

>> As a consequence, it seems like opportunistic HIP is perhaps the

Do you need more help?
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related honor.cybertrust.com Links hipsec-rg Request more information about Pantek

I agree with Tom.

> Anyway, I think that we discuss this issue sufficiently without

I don't think we really can make a recommendation; what is best depends on so many aspects. If you would like to propose qualitative or quantitative text on the trade-offs, that would be excellent.

>> Passing an IP address as a referral can be made also mobility

There seems to be some lurking issues w.r.t. RVSses, legacy, opportunistic HIP etc.

Please propose text.

--Pekka

Hipsec-rg mailing list
Hipsec-rg@honor.cybertrust.com
http://honor.cybertrust.com/mailman/listinfo/hipsec-rg Received on Thu Mar 2 23:39:48 2006

This message: [ Message body ]
Next message: raul rodriguez: "[Hipsec-rg] One question"
In reply to Henderson, Thomas R: "[Hipsec-rg] RE: feedback from draft-hip-applications-02"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 12:42:50 EDT

Can we help you?
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related honor.cybertrust.com Links hipsec-rg Request more information about Pantek