Francis Dupont writes:
> In your previous mail you wrote:
>
> > So here's a most-likely crazy idea: why can't we
> > treat the ingress filtering router like a CN which
> > must first be sent a BU which it verifies in
> > whatever manner the CN would? This already has a
> > requirement to not be bound to mythical PKI's,
> > etc. Given FMIP, the access routers are probably
> > going to end up having to process things like BU's
> > anyway.
>
> I was drifting into this direction myself. But how?
> Introduce a new ICMP message saying: send me a BU
> if you want to use HAO?
>
> => no, Michael's idea is to look at packets going through
> access routers in order to find BUs (i.e. this is passive).
> And if you'd like to use an active scheme, why not the
> network access control?
No, actually, it was to have the MN send the
BU's directly to the access router. On a router
the BU just has an additional effect of removing
any restrictions on source addresses it will
let through. Hence Pekka's question about use
of ICMP was correct.
Mike
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
