[ppml] [narten at us.ibm.com: PI addressing in IPv6 advances in ARIN]
Geoff Huston
gih at apnic.net
Mon Apr 17 21:22:19 EDT 2006
>I personally think the middlebox approach is the easiest to deploy/
>least disruptive to end users/most familiar to ISPs technique to
>implement an end point identifier/routing locator split, but I'm
>cynical enough to be skeptical either approach will be taken...
And probably the highest potential risk, unfortunately.
From the packet's perspective what's the difference between the helpful
header rewriting that my middlebox performs and the evil rewriting that
your middlebox performs? i.e. how can you tell the boundary of a site? How
can you create a decent security association between the endpoints and the
middlebox?
Every approach in this space leads one into having to make some very hard
decisions!
regards,
Geoff
More information about the ARIN-PPML
mailing list