Pekka, > This is something that I was getting at. If BU processing is not > > implemented, then wouldn't all packets be routed via the HA? > > Not necessarily, AFAICS (if HAO-option is used). Depends > on how strict > your requirement on mobility (in this context, requirement for > non-breaking connections if IP changes; depends a lot on > how architecture > is designed) is. > > Do you see any flaws in my reasoning (this wasn't commented > on) -- I think > this should answer some questions..
=> Your understanding is correct, but I disagree with the conclusion (if the above is a conclusion). It's clear to me (and many) that there are security hazards associated with the HAO (thanks to your draft). But rather than redefining mobility, or relaxing the requirements on mobility, I think we should work on something that fixes the problem. So my point is, let's fix the problem instead of redefining the original goal. Breaking connections was always a no no ! Hesham > > --8<-- > Date: Tue, 16 Oct 2001 16:15:19 +0300 (EEST) > From: Pekka Savola <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Subject: Re: [mobile-ip] WG Last Call on Threat Model and Security > Requirements for MIP v6 (fwd) > > Am I right by saying: > > - with Home Address, without BU: the route will be suboptimal, but > mobility (connections break if MN changes IP address) will > still work. > - with Home Address, with BU: route will be optimal and > mobility works. > - without Home Address, without BU: the route will be optimal and > mobility will not work > - without Home Address, with BU: route will be optimal but > mobility will > not work. > > That is, > > if HAO > mobility > if BU > route optimization > fi > else > route optimization > fi > > From above, the only reason why HAO should be useful for a > dummy node not > implementing BU is mobility (non-breaking connections). Is > that scenario > relevant enough to justify non-authorized HAO usage? > --8<-- > > -- > Pekka Savola "Tell me of difficulties surmounted, > Netcore Oy not those you stumble over and fall" > Systems. Networks. Security. -- Robert Jordan: A Crown of Swords > > -------------------------------------------------------------------- > IETF IPng Working Group Mailing List > IPng Home Page: http://playground.sun.com/ipng > FTP archive: ftp://playground.sun.com/pub/ipng > Direct all administrative requests to [EMAIL PROTECTED] > -------------------------------------------------------------------- > -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
