On 2008-07-24 19:58, Iljitsch van Beijnum wrote: > On 24 jul 2008, at 6:53, Tony Li wrote: > >> What happens >> when the aggregation mechanism doesn't match your desired identifier >> block? >> Not everyone is clever enough to allocate addresses to match their >> security >> policies and the results are predictable: really long ACLs. > > If we accept the desire to base security policies on identifier > semantics as a requirement we're going to get nowhere fast.
Agreed. After all, if you do a serious job on trust mechanisms and verifiable identities, you'll end up re-inventing X.509 certificate semantics, and that probably won't fit into 128 bits. I haven't followed HIP for quite a while, but something tells me those people must have had this conversation a few years ago. Bria -- to unsubscribe send a message to [EMAIL PROTECTED] with the word 'unsubscribe' in a single line as the message text body. archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg
