On 7 jul 2009, at 22:21, Dave Thaler wrote:
CGAs are only useful when they're assigned to a host, not in the
address space of protocol A that represents the address space of
protocol B.
Disagree. I'm not sure it's a big deal, but I disagree it has
0 worth. CGAs are useful to prevent spoofin
> -Original Message-
> From: behave-boun...@ietf.org [mailto:behave-boun...@ietf.org] On
> Behalf Of Iljitsch van Beijnum
> Sent: Tuesday, July 07, 2009 12:36 AM
> To: marcelo bagnulo braun
> Cc: Christian Huitema; 6man; Dave Thaler; Xing Li; Behave WG
> Subject: Re: [BEHAVE] Perils of stru
> -Original Message-
> From: Rémi Després [mailto:remi.desp...@free.fr]
> Sent: Tuesday, July 07, 2009 3:03 AM
> To: Christian Huitema
> Cc: Brian E Carpenter; Xing Li; 6man; Behave WG; Dave Thaler
> Subject: Re: Perils of structured host identifiers (was: Modified EUI-
> 64 format)
>
> Chr
Christian Huitema wrote:
[...]
> Structured identifiers are not compatible with privacy address
> extensions. Moreover, embedding addresses in identifiers discloses
> information that would otherwise have remained hidden behind the NAT
> and the firewall. The IPv4 address encoded in the host identi
On 7 jul 2009, at 20:27, Christian Huitema wrote:
I'm not seeing this.
vXuser - routers -- vXserver
v6user - NAT64 -- v4server
In the first case, the addresses are visible everywhere. In the
second
case, the destination address (in one form or another) is visible
everywhe
> I'm not seeing this.
>
> vXuser - routers -- vXserver
>
> v6user - NAT64 -- v4server
>
> In the first case, the addresses are visible everywhere. In the second
> case, the destination address (in one form or another) is visible
> everywhere. How is this suddenly a privacy issue?
CGA are not only used in SEND, but also in SHIM6, and they have a clear
potential in other applications. You can take the narrow view that CGA are only
useful to secure neighbor discovery, but doing that limits any future
application.
Iljitsch makes another point, that CGA are inherently not us
May I throw a dose of caution in this debate about host identifiers formats?
Many transition mechanisms rely on encoding information in the 64 bit host
identifier. This is of course a tempting design point, because it diminishes
the amount of state that servers have to keep. For example, Teredo
Le 7 juil. 09 à 15:40, Christian Huitema a écrit :
CGA are not only used in SEND, but also in SHIM6, and they have a
clear potential in other applications.
I agree that other useful uses of CGAs are possible.
For those where CGAs never appear in link-layer addresses, compliance
with the u-
On 7 jul 2009, at 15:40, Christian Huitema wrote:
I think Iljitsch missed the point about privacy. Consider an IPv4
enterprise network manager that wants to gain IPv6 access. Embedding
the internal IPv4 addresses in the IPv6 address makes these
addresses public, while previously they were p
Christian,
Thanks for this analysis.
Caution is indeed a must before any amendment of a basic document.
As my proposal is, its relationship with cryptographically generated
addresses (and with secure neighbor discovery which uses it) should
however not be a problem.
The proposal is, in sho
On 6 jul 2009, at 21:26, marcelo bagnulo braun wrote:
Maybe this can be addressed by having the Pref64 i.e. the prefix
used to make representations of IPv4 addresses in the IPv4 address
space to be shorter than 32 bits.
This would allow to have the Pref64+ IPv4 address shorter than 64
bits
12 matches
Mail list logo