Le 7 juil. 09 à 15:40, Christian Huitema a écrit :
CGA are not only used in SEND, but also in SHIM6, and they have a
clear potential in other applications.
I agree that other useful uses of CGAs are possible.
For those where CGAs never appear in link-layer addresses, compliance
with the u-g constraint would not be necessary, but having this
constraint in the CGA spec doesn't hurt.
Neither change to CGAs, nor any restrictions on where they could be
used in the future, are suggested.
You can take the narrow view that CGA are only useful to secure
neighbor discovery, but doing that limits any future application.
I haven't taken this view... and don't plan to take it!
Iljitsch makes another point, that CGA are inherently not useful in
a NAT context, because the host identifier is assigned by the NAT,
and mostly unknown to the host. Clearly, this is a valid argument.
However, if you consider NAT64 close to the legacy IPv4 server, the
picture becomes different. The NAT64 acts then as an extension of
the IPv4 server, and may be tasked to prove that "you are really
speaking to this host".
I think Iljitsch missed the point about privacy. Consider an IPv4
enterprise network manager that wants to gain IPv6 access.
Embedding the internal IPv4 addresses in the IPv6 address makes
these addresses public, while previously they were private. In a
stateless scheme, they also become reachable.
-- Christian Huitema
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
