Steve Bellovin, on IPSEC, not-AH:
| [A] host's identity is represented by its certificate (I'm speaking a bit
| loosely here); its IP address is merely the way that packets reach it.
This is an example of two separate namespaces that allow one
to distinguish between "who" and "where". That the network
layer can be rewritten to the point of total protocol substitution
without interfering with the identification of who sent it
is a feature, adding enormous flexibility into the development
of network features.
agreed, *provided* there is a fast and reliable service for mapping
between one kind of identity and another. arguments of the form
"separate identities are better" tend to gloss over the difficulty
of providing an adequate mapping service.
(Hint: DNS is neither sufficiently fast nor sufficiently reliable)
the other problem with separating the layers is that the ability to
drill down through layers is essential for diagnostic purposes,
for tracking down miscreants, and to allow prototyping new kinds
of services that need to operate with knowledge of layer 3. So
we will always have a need for some kinds of "applications" to
operate with knowledge of network addresses.
Keith