Hi,
in the last week I proposed the idea of personal life-time EID-prefixes.
What worried me most was a infrastructure (LIRs?) to assign EID-prefixes
to natural persons.
Now, I have an idea to solve the assignment problem: EIDs hashed of
public RSA-keys.
Each device can generate a 4096-bit RSA-key pair and use a 128-bit hash
of the public RSA-key as EID. Using 128 bit would allow to blend in the
hashed EID into the IPv6 address space.
Security would also be improved as the RSA-key pair can be used to
authenticate a device by calculating if the EID matches the public
RSA-key of the device and the EID-RLOC-mapping entry on the map servers
can be signed with the RSA-key pair of the device.
Currently I'm considering the following two solutions:
1. /32 IPv6-prefix + 96-bit hash, low risk of EID collisions but bloats
mapping tables, suitable for single mobile devices
2. /8 IPv6-prefix + 56-bit hash, high risk of EID collisions but goes
easy on mapping tables, suitable for a /64 subnet behind a PxTR
3. Both
Please comment the idea.
Renne
--
Best regards,
Rene Bartsch, B. Sc. Informatics
_______________________________________________
lisp mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/lisp
