On Mon, 7 Jan 2002, Francis Dupont wrote: > Nothing prevents from applying some kind of RR tests to HAO (without BU) > use too. The HAO implementation would just be a .. little .. more > complicated.. but then again it hasn't been defined in the spec anyway. > > => I believe the ".. little .. more complicated.." is a joke, isn't it?
Of course. :-) [snip] > I won't get into this more here, because I must say I agree almost 100% > with comments from Pekka Nikander, Jari Arkko et al. (You should be very, > very afraid if you ever venture in Finland, Francis ;-). > > => so you agree to kill triangular routing? What's the point of it, really? If you don't want routing optiomization, nothing prevents you from establishing tunnels to your home agent: no need for HAO etc. either then. This is probably better for TCP and the like which like symmetric propagation properties. > One point I've made before: perhaps the check is trivial, but IMO _the > most important thing_ is that *every* site could easily check from > incoming packets with HAO, whether the HAO is is spoofed to belong to > *destination site in question* or some other site the destination site > trust at some level. > > => so the easiest solution for someone which doesn't want to implement > or enable RO is just to drop HAOs. In France we have an expression for > that: "la politique du pire". Sure, if that only means the connections will break if the MN moves. -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems. Networks. Security. -- Robert Jordan: A Crown of Swords -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
