On Mon, 2003-09-29 at 09:34, Brian E Carpenter wrote: > Steven Blake wrote:
> > 2. I don't find the argument for a single allocation authority > > compelling. It is still possible for a single authority (i.e., > > IANA) to delegate blocks of the global ID space to multiple > > registries. The naive way would be to delegate lists of random > > numbers generated by IANA. A more elegant way would be to delegate > > ranges in the sequence space of a non-repeating PRNG (e.g., maximal > > period 40-bit LFSR). Note that the requirement (1) above precludes > > this latter method. > > Yes but why bother ? There is no geographical aspect here, so why set up > more than one registry? Well, the main reason is to prevent one registry from ripping people off at 10 euros a piece. > > 3. I don't believe it is essential to have alternative registration > > methods besides web and e-mail. Anyone can establish a new network > > using only PA addresses (and locally assigned local IDs if > > necessary) before acquiring a "centrally assigned" local ID. One > > could also ask a friend with connectivity, or go to a local library. > > Requiring non-automated means of registration significantly drives > > up the allocation cost. > > I would agree, but how does someone in the middle of a developing country > with no connected friends and no such thing as a library do it? How do they come up with 10 euros to spend on a random number? The simplest thing to do is use a locally assigned local ID until they get a PA allocation, and then go get their "centrally assigned" local ID. > > 4. I don't believe that it is necessary for the allocation registry to > > escrow each allocation; I think it is sufficient for the allocation > > recipient to do so. In a dispute one can prove that he or she owns > > an allocation by producing a non-repudiatable (e.g., signed) message > > from a registry. The registries would only have to escrow their > > public keys. > > Yes, I think that is better. > > > > > 5. I don't believe that the 10 euro fee is appropriate. I suspect that > > the cost to collect the money is substantially higher than the > > cost to manage the registry infrastructure, especially if the > > requirements are relaxed sufficiently such that the process can be > > fully automated. Although I'm not volunteering to foot the costs > > of a registry myself, I suspect sponsors could be found to operate > > them. > > The fee is the abuse-prevention mechanism. We know from other examples that > automated registries can and do operate at that level of fee. And in the > conditions of the early 21st century, no, I don't think it's trivial to > find sponsorship. If the registration page requires some manual action by the registree then that should be effective to prevent widespread abuse. The typical approach is to imbed a string in some graphic and require the user to type in the string. > > 6. I believe a centralized registry is more susceptible to a DoS > > attack. > > That's true. But if each probe of the attack takes 10 Euros out of the > attackers credit card, who cares? Attackers would be more clever than that. Anyway, I think the 10 euro fee is arbitrary and absurdly high. I hope IANA puts this out to competitive bid. Regards, =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Steven L. Blake <[EMAIL PROTECTED]> Ericsson IP Infrastructure +1 919-472-9913 -------------------------------------------------------------------- IETF IPv6 working group mailing list [EMAIL PROTECTED] Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------