Folks, I am getting tired in trying to argue for splitting the IPv6 address space into two subsets, and for perhaps reserving "a bit" in the IID, for the purpose of providing footing for work on security MIPv6 and ND, and perhaps also securing other signalling functions.
To me, the problems with end-host mobility and end-host multihoming are just two faces of a more generic problem, the end-point naming problem. In that arena I am very much in favour of Noel Chiappa's thinking. I think that we need a new end-point name space, and we even have a decent candidate for that: HIP. From that point of view, Mobile IPv6 and CGA are just stepping stones towards the direction that I personally believe that we will head sooner or later anyway. I think that CGA and ABK are great ideas that could make the current architecture quite a bit more secure before doing the big transition into separate end-point name space. What comes to ND, securing ND is a hard matter as long as the hosts do not have cryptographic end-point identities. Once they do, the problem is *much* simpler to solve. CGA and ABK seem to help in this area quite much by providing a means to still use addresses as primary end-point identifiers, and to convert the addresses into public keys. If we take the other approach of using public keys as primary end-point identifiers, we do not any more have that problem. Or at least the problem is different. Thus, with these observations and expressions of my personal beliefs, I hereby withdraw back to my humble researcher chamber, and don't bother your standardization work with too radical issues. Yours sincerely, --Pekka Nikander A poor researcher exhausted in the mill -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
