On Tue, 2003-01-28 at 22:13, Pekka Savola wrote:
> > Not necessarily. The <anycast,unicast> binding could be stored in the
> > binding cache as in MIPv6 and TCP could continue using the anycast
> > address.
>
> That would require anycast be used as source address, or home address
> option, right? (Plus some modifications in clients etc.)
And routing header the other way, of course. I don't think using an
anycast address as source address would actually be a problem, since it
can't be exploited for DDOS purposes. Might even have some legitimate
uses with UDP.
> This really should need a bit fleshening up, in a short I-D.
Nudge, nudge.
> Assuming sufficient ISN randomness,
>
> and timing requirements
>
> > perhaps this is not a
> > problem.
>
> I agree but I think the total security level is not _all_ that different.
Probabaly so. Requiring that the prefixes of the anycast and unicast
adresses match would provide some additional confidence (assuming the
prefix length were known to the client).
> > Which is why existing mechanisms (e.g. MIPv6) should be reused rather
> > than inventing new ones.
>
> I'd like to see a roadmap for these. :-)
Heh, well. It IS finally in last call... Probably get it sooner than
dragging any TCP changes through tsvwg, anyway. :-)
MikaL
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
