[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: shim4 bar BoF in Dublin?



On 4 jul 2008, at 9:46, Iljitsch van Beijnum wrote:

This is NOT an effort to start any actual work, but just to see if this makes any kind of sense or if it's completely insane: anyone interested in discussing the possibilities for shim4 in the form of a bar BoF in Dublin?

These are my preliminary ideas:

- It has to work through NAT. We don't have enough IPv4 addresses to give every host one, let alone multiple

- So the normal communication happens normally, shim6 signaling and data use the shim header encapsulated in UDP.

- Hosts use a STUN server to discover an external address / port pair that they can receive incoming packets on for each link to the internet that they have.

- Hosts make a list of external address / port pairs and create a hash chain that includes this list.

- Upon shim6 context establishment, the first hash and the address / port list are exchanged.

- When the normal communication stops, hosts contact each other using udp/shim encapsulated packets on the alternative addresses and use the hash chains to authenticate.

This is of course less secure than shim6 but if we require that only sessions set up in the same direction can be rehomed to another address and that we must be (reasonably) sure the communication on the primary path is no longer working, this isn't entirely trivial to break.