<skipped> > > An increasing number of hosts have computational constraints due to > > being hand-held devices with very limited battery power. This is no > > problem for simple protocols and caching a few things, but if > > cryptographic work is required in the CEE protocols, then I think it > > is more of a problem. > > I agree here, do we really need to have cryptographic solution on the > network layer? > We are trying to remove the IP address overload (identifier and > locator) but if we are not careful we could introduce some other > overload mechanism that somebody has to deal with in the future. The > transport layer can take care of things and also the application layer > can take care of things, such as cryptographic
In the current Internet architecture, the overlapping of IP address semantics makes it possible to use uRPF to avoid IP (as the role of ID) spoofing to some extent. However, in an ID/locator split architecture, ID spoofing will be much harder to prevent provided there is no any mechanism for ID authentication (uRPF is useless for ID checking). If cryptographic identifiers are not used, ID authentication would have to be relied on a third-party certification infrastructure. Xiaohu _______________________________________________ rrg mailing list rrg@irtf.org http://www.irtf.org/mailman/listinfo/rrg
