In your previous mail you wrote: > => don't forget you still can use a bidirectional tunnel with your home > agent, so this is a constraint for the standard mode of MIPv6, > not the anti-optimized but optionaly really secure mode ((secure) bidir > tunnel). We have already some problems with the (route) optimized mode, > I believe we shouldn't like to lost standard mode too. AAA-based solution would allow you to keep the standard mode, but at a cost which would propably prevent some good size fraction of nodes from using the optimised mode. The BCE check solution allows you to keep the optimised mode in wide usage, but does force you to go back to bidirectional tunneling if you didn't do RO. Take your pick what is the right tradeoff here, but my preference is the last one. => your argument is based on the bet that full CN function will be implemented by everybody and enabled everywhere. IMHO this is a very dangerous bet...
> or my access-paid-by-visa WLAN. > > => I believe this is not a WLAN but a network of WLANs (i.e. a WWAN made > with WLANs). In this case the problem is very easy to use, even > statically (i.e. with a home address bound to the VISA account). > Of course I expect the mobile support will be in the offered service list, > something we all like to get but perhaps is not understood by operators... Right. You expect the support to be there. => the "even statically" is only an example of what can be done. So, instead of me turning on MIPv6 when my code supports it and your code supports it, => this (when your code supports it) is the real question... we have to wait five years before VISA deploys the technology for both of us. => not VISA, our ISPs (and far less than five years). And for that, we get to pay a montly service fee! => if it is VISA, we'll pay a monthly fee for no service (:-)! By the way, didn't we already decide that a global infrastructure linking people to their home addresses was out of the question? => not exactly, the key term is "rely on". I don't think it matters whether the acronym for this infrastructure was PKI, DNS, or AAA? => I agree but it is not forbidden to get advantages of it, only to rely on it. As we don't rely on ingress filtering for defense against DDoS, I can't see a problem to propose to use AAA in order to improve ingress filtering. Regards [EMAIL PROTECTED] -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
