[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [rrg] RRG recommendation

On Fri, Nov 20, 2009 at 12:02 AM, Patrick Frejborg <pfrejborg at gmail.com> wrote:
 
> When moving, your identifier will still be kept, not changed, but your
> locator will be changed. The mapping between the identifier and the changing
> locator (and its retrieval) will have to be done a server in the
> infrastructure (perhaps an extended DNS or rendezvous server(?) in HIT) a
> very efficient manner.
>

Yes, this is the host identifier approach - very similar as a PKI
infrastructure but the PKI doesn't offer mobility, the PKI certificate
do have global uniqueness . Another approach is to use a session
identifier that can offer mobility, the session identifier is not
globally unique - it is just used to identify the session when the
endpoint is moving from one attachment point to another.

Bought.

Yet, is PKI a necessity or a group consensus already? What about host ID(HID) in HIP, which as I know is also protected. (Encrypted but not authenticated?)

How is HID different from the PKI you described? Do they have the same problem as PKI? I thought the main objective of HIP was to solve the fast mobility problem, so their idea of HID(and so HIT) would not hinder fast mobility, only if the rendezvous operation is efficient enough.

Both identifiers can be used concurrently, if the context of the
session is sensitive then use the session identifier for mobility and
to identify the remote endpoint after the transition authenticate
again the endpoints by the PKI infrastructure.

Also bought.

If the content is not sensitive - do you need to authenticate the
remote endpoint again? Probably not, but mobility might be required
and for that the session identifier is good enough - usually it is the
client that moves around and the server is fixed. Or if both endpoints
moves around you would need a rendezvous server - but I think has been
solved on the application layer already, e.g. SIP registrar&proxy,
Skype, Instant Message solutions, peer-to-peer applications etc.

OK.

The problem is that some applications uses IP addresses to identify
the session, because there is no session layer in the TCP/IP-model
(the OSI model and Appletalk do have) - the lack of the session layer
is in my opinion the problem. So if the application could identify the
session with the help of a token much better mobility could be
achieved.

I'm a bit surprised that, in this Internet community, there're some people ready to borrow an idea from OSI... :-). Or is it from Apple Talk?
I'm personally an admirer of Apple or more correctly Jobs.
 
Unfortunately it would require changes to some applications - but it
is the right place to fix the problem. If the application can not be
changed and mobility is required, then use Mobile IP.
A simple session layer would make the networking so much easier.

Introducing the session ID would require a lot of change in the current Internet operation. In the attempt of my proposal, I'd tried to minimize the disturbance to the current Internet infrastructure. So, I chose to make compromises even if it would not perfectly match a more ideal architecture of my belief. If this discussion would be with the Future Internet community, I'd have proposed a more drastically different idea.

--
Regards,

DY
http://cnu.kr/~dykim

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.