> -----邮件原件----- > 发件人: RJ Atkinson [mailto:[email protected]] > 发送时间: 2010年6月25日 21:26 > 收件人: Xu Xiaohu > 抄送: [email protected] > 主题: Re: [rrg] ILNP Identifiers > > > On 22 Jun 2010, at 22:39 , Xu Xiaohu wrote: > > If not, should the normal behavior of routers > > be changed so as to allow more than one hosts > > owning the same IPv6 address to coexist within a subnet? > > > I'll make several observations. > > 1) IPv4 does NOT permit more than one host with the > same IPv4 address to exist within a subnet. ARP > enforces this in its ordinary operation. > > 2) IPv6 does NOT permit more than one host with the > same IPv6 address to exist within a subnet. IPv6 > ND enforces this in its ordinary operation.
Yes, these two items are obvious. > 3) ILNP is carefully engineered to be fully backwards > compatible with IPv[4,6] and also with ARP/IPv6 ND, > and to do so in a way with no changes being required > to any router prior to ILNP deployment. It seems that your answer to the following question is "YES": "If an attacker who steals your identifier accesses a subnet which you would access later during mobility, to avoid your established session from being broken, should your identifier be changed?" Then my doubt is why not directly use the Nonce value as an identifier since the current identifier (i.e., the rightmost 64 bits of the IPv6 address) can not be ensured to be permanent during a session in the above case of mobility. > 4) The need to deploy new IPv6 routers was and > is an barrier to IPv6 deployment. > > 5) There is widespread agreement that any proposal in > the IRTF Routing RG needs to be backwards compatible > with IP. > > 6) There is no new operational issue and no new security > issue with ILNP as compared with IPv[4,6]. For Mobile IP, the home address can be ensured stable since the CoA can be any of the available addresses within the foreign subnet. However, for ILNP, when there is an already allocated IPv6 address within the foreign subnet, which is conflicted with the to-be-formed (L, I) pair for a mobile ILNP node just attaching the above subnet, to be fully backwards compatible with IPv[4,6] and also with ARP/IPv6 ND, the I value (i.e., identifier) would have to be changed during a session. Best wishes, Xiaohu > There is no obvious functional requirement for that change. > The deployment/operational cost of that change would be high. > > Yours, > > Ran _______________________________________________ rrg mailing list [email protected] http://www.irtf.org/mailman/listinfo/rrg
