I read the document and came to rather different conclusions (see below): On 7/9/2012 4:41 PM, Tina TSOU wrote: > I reviewed this draft and I found it very detailed about the various > ways of including a HOST ID. Considering the number of users that share > the same IPv4 address, there is an increasing importance of the HOST ID. > Though it is discussed in the introduction about the various > implications of not having HOST IDs, in my opinion, there should be a > little more explanation of the problems faced if there is no HOST ID > included. Moreover, the main concern is security issue. It is very > difficult to identify a particular user, when there are a number of > users with different private IP addresses sharing the same public address.
I agree with you that if the document is pursued, it should include more discussion of what the problems are with not having a host ID; the current text seems like handwaving to me. I don't personally think it is very well motivated, and from my standpoint there is absolutely no reason to pursue a solution. It would be enough to simply have the analysis documented as to why all of the considered approaches COMPLETELY STINK. But aside from that, I disagree with you on purpose of whatever is being attempted here. The document is about identifying hosts, and you mention "users". These are not the same thing. Which do you want to identify? In my opinion, anything related to users (and not hosts) should be completely out of scope. Further, I think the problem has to perhaps be refined to disambiguating between different hosts using the same IP address versus trying to semi-uniquely identify the hosts. The problems described are due to aliasing, and unique identification is a rather strong means of de-aliasing. > The TCP option is another good way to include the HOST ID in case of TCP > and UDP communications. Surely there's a typo there, since it does not work at all in the case of UDP. I disagree with the overall recommendation of the document, since it presumes that a solution is required, among other flaws with it. Additionally, it is not particularly clear how this can work for multiple layers of sharing (e.g. CGN), though draft-abdo seems to think that CGN is a single layer of sharing. -- Wes Eddy MTI Systems _______________________________________________ Int-area mailing list Int-area@ietf.org https://www.ietf.org/mailman/listinfo/int-area