On 2010-01-22 23:40, Patrick Frejborg wrote:
...
> The architectural question is - do the ID authentication issue belong
> to the network or to the hosts (or the application they use), where
> should the ID authentication be applied?
It seems to me that fraud mainly occurs at application level, or at least
at the level of games played with DNS names. So authentication at those
levels is needed quite regardless of what is done at network level.
On that view, authenticating a network or transport ID is irrelevant.
I think that authentication at the network ID level is important to
to ensure that the physical origin of unwanted traffic can be checked
and/or proved. This does seem to be more of an issue when there's a
loc/id split, because the locator becomes a free parameter, and the
combination of ingress filtering and locator RPF doesn't help prove
an ID.
Brian
_______________________________________________
rrg mailing list
[email protected]
http://www.irtf.org/mailman/listinfo/rrg
