On Thu, Nov 19, 2009 at 10:36 AM, Tony Li <tony.li at tony.li> wrote:
> Scott Brim wrote:
>>
>> Excerpts from William Herrin on Wed, Nov 11, 2009 07:04:54PM -0500:
>>>
>>> Important consequences of this are:
>>>
>>> a. Locators aren't about network attachments. They're about the
>>> packet forwarding process and more abstractly about the network
>>> topology. An element that always has exactly one attachment to the
>>> network is likely a holy grail. Case and point, the IP address on my
>>> BGP router with two upstreams is certainly a locator but it clearly
>>> has two points of attachment.
>>
>> I think this conflates two things we distinguished for a while, and
>> the distinction should not be lost. I don't remember the name for the
>> second one, but we have
>>
>> - names for a network attachment points ("locator")
>>
>> - information used for forwarding at intermediate hops (forwarding
>> directives? something like that. was it Noel's?)
>
> Indeed, if you have explicit forwarding instructions, you use that.
>
> Locators are necessarily about network attachments (per stack). If a host
> has multiple points of attachment, then it should have multiple locators.
> And only one identifier.
>
Only one...?
IMHO, a PKI certificate identifies a stack/person/host so it is a
identifier in the RRG terminology, right?
http://trac.tools.ietf.org/group/irtf/trac/wiki/RRGTerminology
A second identifier is needed, that will provide mobility (fixed and
mobile site, endpoint) and not as complex to deploy as a PKI
infrastructure, also less secure than the PKI infrastructure. Think
this needs be clarified, if not - there is a risk that the new
identifier will have too much security features and start to compete
with the PKI infrastructure??
-- patte
Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.