Re: Perils of structured host identifiers (was: Modified EUI-64 format)

[Rémi Després <remi.despres at free.fr>]

Le 7 juil. 09 à 15:40, Christian Huitema a écrit :

> CGA are not only used in SEND, but also in SHIM6, and they have a  
> clear potential in other applications.

I agree that other useful uses of CGAs are possible.
For those where CGAs never appear in link-layer addresses, compliance  
with the u-g constraint would not be necessary, but having this  
constraint in the CGA spec doesn't hurt.

Neither change to CGAs, nor any restrictions on where they could be  
used in the future, are suggested.

> You can take the narrow view that CGA are only useful to secure  
> neighbor discovery, but doing that limits any future application.

I haven't taken this view... and don't plan to take it!


> Iljitsch makes another point, that CGA are inherently not useful in  
> a NAT context, because the host identifier is assigned by the NAT,  
> and mostly unknown to the host. Clearly, this is a valid argument.  
> However, if you consider NAT64 close to the legacy IPv4 server, the  
> picture becomes different. The NAT64 acts then as an extension of  
> the IPv4 server, and may be tasked to prove that "you are really  
> speaking to this host".
>
> I think Iljitsch missed the point about privacy. Consider an IPv4  
> enterprise network manager that wants to gain IPv6 access.  
> Embedding the internal IPv4 addresses in the IPv6 address makes  
> these addresses public, while previously they were private. In a  
> stateless scheme, they also become reachable.
>
>
> -- Christian Huitema