Christian;
> > But that architecture (hosts having multiple addresses
> > representing a site's multiple aggregation prefixes and
> > selecting among them) requires some method of identifying
> > hosts when they switch from one address to another
> > mid-connection. I would assume that what people have in
> > mind for this are the mobility mechanisms? (The alternative
> > is 8+8 or some variant, which I understand to be contentious
> > enough that it is a defacto non-starter.)
8+8 is not strictly necessary here unless you use locally scoped
addresses. As you can see, DNS reverse and, then, forward look
up is working fine for IPv4 hosts to know all the addresses of
other hosts with weak security.
Mobility, which does not work when home is unreachable, is no rubust
and, as is often the case with a psuedo multihoming proposal, does
not satisfy people needing multihoming. To make mobility rubust,
it is, instead, necessary to make mobile hosts multihomed.
> The rubbing point is that identifying is not quite enough -- you need
> "secure identifying" in order to avoid connection hijacking, probably
> through some variation of IPSEC. Which brings us back to NATs not being
> terribly helpful...
Wrong.
Use of complex and time consuming mechanisms such as IPSEC makes the
system insecure vulnerable to DoS attacks.
To avoid connection hijacking, cookies, such as TCP port and sequence
numbers, is enough, if they are long enough.
You may use optional IPSEC over it for extra security (it is more
secure primarily because IPSEC keys are long cookies), but you
don't need it.
Masataka Ohta
