[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: addition of TLV to locator ID or locator ID set
On Thu, 29 Sep 2005, Erik Nordmark wrote:
How does the host get an IPv6 address assigned that has the right
low-order bits so that the HBA stuff on the remote shim/proxy can
prove (using HBA) to the peer that it owns the IPv6 address hence
is allowed to redirect it?
I don't know. I'm not terribly familiar with HBA. Marcelo seems to
think it's possible.
BTW, one question, is HBA a requirement for shim6?
Other possibilities include simply securing the side-band shim6
protocol (using, eg, anonymous IPSec) and disallowing any
locator<->ULID (do i have the jargon correct?) state changes to occur
other than through the secured side-band.
Then you wouldn't need to try stuff security state into an address.
destination locators to be changed). Thus if the shim proxy wants
to handle this, it needs to first do a 1:1 IPv6 NAT where the proxy
has created the HBA/CGA addresses for the host.
It'd have to be a 1:1 NAT yes.
One could envision having DHCPv6 be shim aware so that when the
hosts asks DHCP for an address, the DHCP server would interact with
the shim proxy so that the addresses are from a HBA or CGA set. In
that case one wouldn't need the 1:1 IPv6 NAT in the shim proxy.
Hmm, possible I guess.
Paul Jakma firstname.lastname@example.org email@example.com Key ID: 64A2FF6A
A lawyer with a roving commission.
-- Ambrose Bierce, "The Devil's Dictionary"