[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: flow label demultiplexing
On Mon, 18 Apr 2005, marcelo bagnulo braun wrote:
First, one specific comment:
An added limitation imposed by this approach is that all the
potential source and destination locators have to be known beforehand
by the receiver in order to be recognized.
==> I don't understand why this is a limitation in practice (though it may
be an architectural limitation). Isn't the assumption that all the
potential locators must be exchanged somehow before the network
connectivity failure, otherwise the shim6 solution might not be able to
switch to working locators? Otherwise the rehoming could not be secured...
Well, if you are using CGA security, you could use the new locator (as source
address) without prior information to the peer. This could be useful in
*some* scenarios (let's not mention the word for now :-)
CGA based security does not need prior exchange of locators, right?
Sorry, I don't quite follow. Based on my reading of the HBA spec (I
was more confused when I read the new version, because I had thought
it worked differently)..
Is it true that you can use CGA or HBA addresses for connection
survivability only after you have used the shim6 protocol to pass the
Parameter Data Structure, right? Otherwise I'm not sure how the host
could verify the HBA address (i.e., how is step 1 of Section 5
Note that HBA+CGA in one doesn't help (AFAICS) because otherwise you'd
be trusting anyone you have a public key with to not hijack any of
Or were you talking about the case where the host obtained a new
source locator and wants to start using it immediately, and send the
first packet using shim6 protocol (also using the new locator as
source), i.e., "piggybacking"? That would likely need more than just
a flow label in any case, so I don't see how that would apply.
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings