Hi Iljitsch,
|> To date, folks have claimed that the return routability of the |> address was |> 'enough' security. However, that depends on routing being secure. |> I hope |> the folks in this group are aware of the reality in that regard. | |Security is in the eye of the beholder. Indeed. Understanding the state of BGP security is necessary and sufficient to understand the level of security being offered by the return routability check. |In other words: in a loc/id solution you lose the return routability |check on the identifiers so new security mechanisms are needed that |are at least as strong as the (fairly weak) return routability check. |These need to be easier to work with and more efficient than IPsec, |though. More precisely: in a loc/id solution, just filtering on the id is insufficient. One can emulate the previous (insecure) semantics by filtering on the (loc, id) tuple. If folks feel that IPsec is unwieldy, then they're free to propose something else. Obviously, that's a bit out of our scope. Tony -- to unsubscribe send a message to [EMAIL PROTECTED] with the word 'unsubscribe' in a single line as the message text body. archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg
