Hi Tom, a question about this point...
El 05/06/2006, a las 7:35, Henderson, Thomas R escribió:
It is not only local handles where this matters; in fact, as you point out, it may not matter much there at all. However, think about using HITs instead of IPv6 addresses in ACLs;
I am not sure if i understand in which situations this can be practical...
there are at least two things that i am not sure how to deal with in this case: - First, HITs are not carried in every packet (as opposed to IP addresses) so you could only have ACLs based on HITs on the endsystem (meaning that you cannot have e.g. an ACL on a firewall that is inspecting traffic to verify what is filtered, right?) or are you considering the case where the firewall keeps track of the hip exchange? - Second, i guess that in order to be usefull it should be possible to aggregate the HITs so that you could define blocks in the ACL. I mean a plain namespace like HITs seem kind of unpractical since you would need to detail each and every host in the ACL. I guess that for this, the type 2 HITs would be really needed...
Regards, marcelo _______________________________________________ Int-area mailing list [email protected] https://www1.ietf.org/mailman/listinfo/int-area
