Hi Masataka, > -----Message d'origine----- > De : Masataka Ohta [mailto:[EMAIL PROTECTED] > Envoye : vendredi 1 aout 2003 05:45 > > 2- we could use anycast > > > > But it is not clear for me how we could use DNSSEC in such > scheme. There > > is still and perhaps a bigger issue there if we need to > distribute keys. > > (I do not argue that RA-based solution is better there ;+) > > Read the draft on security considerations and never say autoconfigured > security. > > Masataka Ohta >
I've just read quickly you draft. First point, I'm impressed that you dare say that you ask client to use no security. (I hope I have missed nothing). Indeed we are not using any security within current operational and commercial network for home residential customers, and that works, this is a fact. I do know if we should impose cryptography in all IP datagrams, but I feel that IETF want to propose the option if needed. Second point, I guess if Firewall will must be aware of anycast way of working, because incoming datagrams may not have a source address = to anycast destination address of outcoming datagrams. Did I miss something ? Third point, servers and client will must be able to manage anycast address in different manner if UPd or TCP is used. Is it easy to implement ? Luc #---------------------------------------------------------------------- # To unsubscribe, send a message to <[EMAIL PROTECTED]>.
