-----BEGIN PGP SIGNED MESSAGE-----
Tony Hain [mailto:alh-ietf(_at_)tndh(_dot_)net] wrote:
[?Does this need to keep going to both ietf(_at_)ietf(_dot_)org &
ipng(_at_)sunroof?]
Jeroen Massar wrote:
... As far as it stands I think that HIP
is going the best way there is. LIN6 is flawed as it won't
scale and can't be deployed easily. Next to those I got my
own odd idea and I will probably work it out and implement it
as a proof of concept. Though timing on when and how may be
completely unknown.
What I was trying to point out is that HIP/etc. is only part of the
solution. What an identity protocol needs is a point in the
stack which is being identified. We can try to stuff it into each
of the transport protocols, but we will have to do that over for
each, and there would need to be complex api options if apps
wanted to avoid the identity / topology mapping. It will be
much simpler to leave the existing api path for the apps
that want that service, and provide a layer above transport
to manage the mappings.
My current idea puts it at the resolver level. The application
gets the 128bits identifier, which actuall is a IPv6 address,
either given out from a special registry or simply from an
/48 that is already assigned to you. This address can be used
for both routing and identification purposes and can easily
be assigned to hosts by using RA.
The stack/API then maintains a list of routing IP's that
are associated by that "IdentifierIP" and then replaces it
before it enters the network with the routing IP that is
to be used for actually routing the packet. On initial
communication there could be an extra header sent along
which says "this packet originates from this Identifier IP"
along with a signature, verifyable through eg DNS to check
it is really it. HIP is much further there though.
This way apps don't need to know about it, they only need
to know about IPv6. One could also pass this along to IPv4
except then it needs an extra magic packet for the IDIP.
See HIP again. And I am thinking about using the above for
solving a little problem for dynamic hosts in the SixXS project.
Greets,
Jeroen
-----BEGIN PGP SIGNATURE-----
Version: Unfix PGP for Outlook Alpha 13 Int.
Comment: Jeroen Massar / jeroen(_at_)unfix(_dot_)org / http://unfix.org/~jeroen/
iQA/AwUBP0znSSmqKFIzPnwjEQJiqACfem9Xk2LFRgFNM/wb67MXSmO4UEUAoJla
C7Xsb0R5XDzB2qC900ki1SUx
=I6ut
-----END PGP SIGNATURE-----