> However, what Erik and the MIPv6 Design Team suggested is that > the "bit" is *reserved* at this time for future use.
I think that's the wrong way to solve the problem. either host A reliably knows the address of host B, or it doesn't. reliably knowing the address of host B implies either prior configuration of A, or DNSSEC. even the latter requires prior configuration of A to know DNSSEC keys or certs that allow it to verify DNSSEC sigs on B (the idea that just having the root keys will be sufficient to verify B's address is just fantasy). without A reliably knowing B's address, any scheme whose security depends on a bit from B's address is defeatable by a MitM. and if A has prior configuration of addresses on a per-host basis, it can just make that extra bit part of the configuration. the bit doesn't have to be in the address. OTOH if A is using DNSSEC, the problem is that the AAAA records don't have room for extra information. so rather than trying to squeeze a protocol negotiation bit into the address, maybe folks should be trying to add the necessary information to DNS so that it can be verified by DNSSEC. I realize it's ugly to add more frobs to DNS, but IMHO trying to further constrain the use of the IPv6 address space is far uglier. Keith -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
