On Tue, 2 Aug 2005, Joe Touch wrote:
Case 1: Tunnelling a protocol over itself
==========================================
Examples of this include IPsec in tunnel mode, GTP, and other forms of
IP-over-IP tunnelling. My basic concern with this kind of tunnelling
is that it enforces two different _semantics_ to a single identifier
space, and therefore makes the system more brittle. Conversely, the
architecture should provide functionality so that such overloaded
semantics and brittleness is not needed.
The address spaces are different, so different semantics are OK. The
address inside the tunnel is (or should be) interpreted in the context
of the tunnel, just as an applications memory address is interpreted in
the context of the page table.
I think Pekka N.'s point here was "why do we need different address
spaces?" or "why do users want different address spaces?"
Now, my response to that is..
You can certainly see that as an architectural issue, but personally
and pragmatically, the answer probably is that the cost/benefit of any
other solution (e.g., for simple access controls etc.) is too high.
That is, there could be other solutions which allow the users the
same benefits as separate address spaces, but getting them used and
deployed is probably too costly to be useful -- and the simpler
approach is to just embrace the separate address spaces in the
architecture (to some extent in any case).
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
_______________________________________________
Int-area mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/int-area
