Re: [Int-area] Re: KHIs and SHA-256

Erik, I don't understand the last point. A KHI couldn't be used in referrals unless we have a ubiquitous and scalable KHI->locator lookup system, and I don't think we know how to build such a thing (yet). I think we know, at least for some value of "know". We can use DHTs. What we don

Re: [Int-area] Re: KHIs and SHA-256

Tony and Erik, As I wrote, I can't see how we could convince the world from going from where we are now to a world that requires people to change their network stack, add a new piece of infrastructure, and to change applications at the same time. That won't happen, any more. Even a "kil

Re: [Int-area] Re: KHIs and SHA-256

Dear Geoff and Brian, Its a simple draft, but it still makes absolutely no sense to me to me in terms of relating to to an address allocation. If these token values are in fact "non routable identifiers" , which is what I read above, then you have no semantic intersection with the convent

Re: [Int-area] Re: KHIs and SHA-256

Dear Geoff, My apologies, but this is getting a little spaced out in terms of being able to understand where you are heading here. [...] Where exactly are you looking? Sorry for trying to interpret Christian's intentions, thereby confusing the things. I merely tried to understand what C

Re: [Int-area] Re: KHIs and SHA-256

Christian, => the draft is supposed to address both issues. For the first one we can add more cautionary words if one believes there are not yet enough. For the second one we already merged two very different experiments into one request. Well, if that is what we want, then we can write a much

Re: [Int-area] Re: KHIs and SHA-256

David, IMHO, every identifier ends up being routed, at least in some context. If they are routed, they are not identifiers. They are locators. An identifier simply names the object. It might enable connectivity on a non-routed infrastructure, e.g., a local LAN, and if you want to call

Re: [Int-area] Re: KHIs and SHA-256

Christian, IMHO, every identifier ends up being routed, at least in some context. I think I fully agree with you, but IMHO we need to be very careful about the terminology here. For example, I can easily imagine an overlay network, running on the top of the current IP network, using DHT

Re: [Int-area] Re: KHIs and SHA-256

Geoff, I fully agree with you that a new identifier name space should not be mixed with any existing locator space. In other words, from an ideal architectural point of view, the goals of having non-routable identifiers that have different semantics from IPv6 addresses definitely do not

Re: [Int-area] Re: KHIs and SHA-256

Geoff, My understanding is that these are not routable addresses. you are right: not only they are not routable but they should be easy to be recognized as not routable. To clarify: if we decide to define this prefix, it will mean that the particular prefix will be generally unavailable for

Re: [Int-area] Re: KHIs and SHA-256

e the prefix at the API level. Consequently, if you want to talk to those hosts, you cannot use the prefix in the network. Hence, even though the prefix is not assumed to appear in the wire, defining this does effect on what bits can(not) be used in the wire. --Pekka Nik

KHIs and SHA-256

so the previous discussion at the IPv6 WG, starting at http://www1.ietf.org/mail-archive/web/ipv6/current/msg05627.html --Pekka Nikander IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www1.i

Re: I-D ACTION:draft-laganier-ipv6-khi-00.txt

/4 as suggested, then I think most router configurations would already now do the right thing. But I may also be way off here; I'm mostly out of touch with current IPv6 operational matters. --Pekka Nikander IETF IPv6 wor

Re: I-D ACTION:draft-laganier-ipv6-khi-00.txt

put := CID | hash function id | Input Hash1 := Hash(Hash1 input) SHA1 Input := CID | Hash1 and so on. Basically, you encode another hash function into the input, and use it first to generate the input for the method defined in the draft. --Pekka Nikander ---

Re: I-D ACTION:draft-laganier-ipv6-khi-00.txt

ng: Consequently, the suggested method to react to the hash result becoming too short due to increased computational power or the used hash function becoming insecure due to advances in cryptology is to allocate a new prefix and cease to use the present one. Mayb

Re: SEND/DIID interoperabilility (was: Re: [rfc2462bis issue 275] DAD text inconsistencies)

thing for this to rfc2462bis, the protocol will become complicated, degrading one of the motivations of this clarification. From the SEND point of view, looks good. --Pekka Nikander IETF IPv6 working group mailing list [

Re: SEND/DIID interoperabilility (was: Re: [rfc2462bis issue 275] DAD text inconsistencies)

SEND node could well *defend* the address fe80::A for DAD/DIID purposes, but it would never actually use it. --Pekka Nikander IETF IPv6 working group mailing list [EMAIL PROTECTED] Administrative Requests: https://www1.ietf.org

Re: [DNA] IETF 59 Session [IPv6 DAD Optimization Goals and Requirements]

Daniel, Below is a DNA WG agenda at 59th IETF and DAD Optimization will be discussed as indicated in this agenda.  The intention is mostly to inform people that the work is continuing, but that it will be transferred to the IPv6 WG. For this work, a draft was proposed in the DNA BoF (before) as be

An official HIP BOF request has been sent

requires non-member postings to be explicitly approved by the list admins. --Pekka Nikander IETF IPv6 working group mailing list [EMAIL PROTECTED] Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6

Re: What end-point identifiers are needed for?

er requirements) for identification but pure mobility and multi-homing. --Pekka Nikander IETF IPv6 working group mailing list [EMAIL PROTECTED] Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6

Renewed HIP mailing list & BOF and WG proposals

available at: http://honor.trusecure.com/mailman/listinfo/hipsec --Pekka Nikander IETF IPv6 working group mailing list [EMAIL PROTECTED] Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6

APIs, locator-identifiers, DNS security, [and Cartesius] (was Re: A strawman analysis...)

ve up the idea of the Cartesian theatre already a few years ago. You really must start reading Dennet and Dawkings. :-) --Pekka Nikander IETF IPv6 working group mailing list [EMAIL PROTECTED] Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6

What end-point identifiers are needed for?

vacy threats associated with all of the above mentioned needs for identifiers. However, that is a subject of another mail. --Pekka Nikander IETF IPv6 working group mailing list [EMAIL PROTECTED] Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6

Spoofing and SCTP ADD-IP (was Re: Solving the right problems ...)

most probably apply also to SCTP ADD-IP and, of course, also other multi-address multi-homing solutions. --Pekka Nikander IETF IPv6 working group mailing list [EMAIL PROTECTED] Administrative Requests: https://www1.ietf.org

Re: A strawman analysis on locator identifiers vs. non-locator identifiers (was Re: A roadmap for end-point identifiers?)

stly, we still don't have secure DNS. Secondly, having to rely on an authority seems like a bad approach to me. At least when compared to one where you don't need to rely on authority. (Just can't resist: Could we compare this to the difference bet

A strawman analysis on locator identifiers vs. non-locator identifiers (was Re: A roadmap for end-point identifiers?)

Michel, Pekka Nikander wrote: I do understand your point about the benefits of an identifier also being a locator, but I also believe that the benefits of clean separation will more than pay the drawbacks in the long run. (I don't have any analysis or data to support this belief, though.) M

About identifiers, HITs, and security (was Re: A roadmap for end-point identifiers?)

are valid in both realms? Pekka Nikander wrote: Yes, in the long run. Would that include going to identifiers that are longer than 128 bits? [I think I answered this separately already elsewhere. Anyway.] No, just making a clear distinction does not necessarily mean that we have to go into

Re: About DHTs, byzantine robustness, and security (was Re: A roadmap for end-point identifiers? ...)

streams running. I know, the MIPv6 RO security background draft is long. But I don't have time to try to distill a shorter version of it right now. --Pekka Nikander IETF IPv6 working group mailing list [EMAIL PROTECTED] Ad