-----BEGIN PGP SIGNED MESSAGE----- Tony Hain [mailto:alh-ietf@tndh.net] wrote: [?Does this need to keep going to both ietf@ietf.org & ipng@sunroof?] > Jeroen Massar wrote: > > ... As far as it stands I think that HIP > > is going the best way there is. LIN6 is flawed as it won't > > scale and can't be deployed easily. Next to those I got my > > own odd idea and I will probably work it out and implement it > > as a proof of concept. Though timing on when and how may be > > completely unknown. > > What I was trying to point out is that HIP/etc. is only part of the > solution. What an identity protocol needs is a point in the > stack which is being identified. We can try to stuff it into each > of the transport protocols, but we will have to do that over for > each, and there would need to be complex api options if apps > wanted to avoid the identity / topology mapping. It will be > much simpler to leave the existing api path for the apps > that want that service, and provide a layer above transport > to manage the mappings. My current idea puts it at the resolver level. The application gets the 128bits identifier, which actuall is a IPv6 address, either given out from a special registry or simply from an /48 that is already assigned to you. This address can be used for both routing and identification purposes and can easily be assigned to hosts by using RA. The stack/API then maintains a list of routing IP's that are associated by that "IdentifierIP" and then replaces it before it enters the network with the routing IP that is to be used for actually routing the packet. On initial communication there could be an extra header sent along which says "this packet originates from this Identifier IP" along with a signature, verifyable through eg DNS to check it is really it. HIP is much further there though. This way apps don't need to know about it, they only need to know about IPv6. One could also pass this along to IPv4 except then it needs an extra magic packet for the IDIP. See HIP again. And I am thinking about using the above for solving a little problem for dynamic hosts in the SixXS project. Greets, Jeroen -----BEGIN PGP SIGNATURE----- Version: Unfix PGP for Outlook Alpha 13 Int. Comment: Jeroen Massar / jeroen@unfix.org / http://unfix.org/~jeroen/ iQA/AwUBP0znSSmqKFIzPnwjEQJiqACfem9Xk2LFRgFNM/wb67MXSmO4UEUAoJla C7Xsb0R5XDzB2qC900ki1SUx =I6ut -----END PGP SIGNATURE-----