Mike, Just catching up on this thread, a couple of questions below.
> So here's a most-likely crazy idea: why can't we > treat the ingress filtering router like a CN which > must first be sent a BU which it verifies in > whatever manner the CN would? This already has a > requirement to not be bound to mythical PKI's, > etc. Given FMIP, the access routers are probably > going to end up having to process things like BU's > anyway. => Let me understand what this would do: what happens after the MN sends a BU ? Does the default router look though each packet to verify the HAO ? > > Also: if we have ingress filtering taken care of > directly, is there any reason to preserve the HAO > at all? I thought its entire raison d'etre was to > provide a means of coexisting with ingress > filtering -- => Well, no, it is a form of tunnelling, (combined with RH) if you remove it you'd have to tunnel right ? I feel like I misunderstood a few things in your text. Hesham -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
