On Sat, 16 Aug 2003, jfcm wrote:
At 20:17 16/08/03, Alex Rousskov wrote:
If Hillarie is not convinced, we are stuck.
I do not think so. If we take back the thinking we have;
1. IAB says each processor MUST be addressable
2. we say each OPES processor belongs to a domain
3. the owner of the domain may not want each of its OPES processors to be
disclosed.
1. It seems that we can say that each OPES processor in an OPES
system MUST be addressable through its OPES domain sub-address,
however povided his OPES domain address is tracable; a domain owner
MAY opacfied the sub-address of his processors.
2. in the security part it can be underlined that the OPES domain
owners should be adviszed not to disclose the domain adress of their
processors or to provide coded addresses suitable for trouble
shouting but not for access.
First of all, you are mixing two distinct properties: IP-level
addressability by end user (IAB consideration 2.2) and OPES processor
identification in the trace for end user (IAB consideration 3.2). The
opaque IDs will not make internal OPES processors addressable at IP
level. Nothing short of OPES-specific VPNs will -- the whole point of
an internal host is that it is not IP-addressable from the outside!
If we concentrate on processor identification alone, then I agree with
your approach as long as "opacification" (making opaque) of OPES IDs
includes removing them completely. There is absolutely no reason for
us to tell content provider how to identify their internal systems. In
a simple case, for example, there will be a single path through the
OPES system and no individual processor identification will be
necessary.
Combining the two observations above, we can see that we should
concentrate on specifying OPES system IDs and may ignore all other IDs
until we have spare cycles to waste.
Alex.