Excerpts from Olivier Bonaventure on Wed, Jan 21, 2009 09:52:12PM +0100: > > I think the work on EID allocation guidelines for RIRs is premature at > > this stage. > > I proposed this work item because I think that we need to integrate the > EID and RLOC allocation mechanisms in the development of the protocol > itself. I don't think that "doing as we've always done with IP > addresses" is the best solution.
Olivier: I certainly hope I misunderstand you. Choosing a particular forwarding or mapping protocol shouldn't lock us into a particular allocation mechanism. <shudder> > For example, I consider that mapping systems must be secured from day > one. This will probably require the utilisation of certificates (e.g. > similar to the X509 certificates discussed within the SIDR WG) to bind > EID blocks to owners. These certificates could then be used to secure > the mapping replies. > > The "EID allocation guidelines" that I mentionned are more related to > this security issue than to the size of the blocks to be allocated and > other issues. OK now I understand a little better. I would not want to build an assumption about a particular security mechanism into the protocol, even if it did allow us to optimize it a lot. We can optimize ourselves into an evolutionary dead end. Consider MD5. It's better to have at least one mechanism that works satisfactorily and can be replaced by a better mechanism in the future. Scott _______________________________________________ Int-area mailing list [email protected] https://www.ietf.org/mailman/listinfo/int-area
