Keith Moore wrote: > > > there has emerged a need to encode functional, security related > > semantics into IP addresses > > I strongly disagree. > > there has been a longstanding need to encode functional security > related semantics into IP packets. > > but the address is entirely the wrong place for these. > I must say I don't understand the reference to RFC2437... presumably you mean 2374, which will be obsoleted anyway.
In which case, I violently agree with Keith. We've already overloaded IP addresses with two functions - locator and identifier. We've been rebuffing various suggestions for yet more overloading for years (the porno bit for example) and this is in the same category - not the right place to put a security hint. It's quite inappropriate to damage the opaqueness of a pure ID field in such a way. If a security hint is needed, it should be somewhere else. On a practical point, I don't see how this fits with the addressing architecture (draft-ietf-ipngwg-addr-arch-v3-07.txt) which requires that "For all unicast addresses, except those that start with binary value 000, Interface IDs are required to be 64 bits long and to be constructed in Modified EUI-64 format." It also doesn't fit with the RFC 3041 privacy extensions. Brian -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
