RE: [ipv6-wg@ripe.net] IPv6, future internet, hierarchy
Christian,
Michel Py: No we *don't*. The IETF standards are decided by consensus, and the IID bits are not yours to play with for routing purposes. There are other legitimate uses for these 64 bits, such as embedding some crypto in theIID or privacy extensions.
Christian Schild wrote: please, we are talking about point-to-point links here. Michel, what you say (and what is written in the draft) is perfectly reasonable, when thinking about a 'real' link. I think a PtP link is some kind of an exception. There is nothing 'inside' a PtP link, just a source and a destination. The only reason to use a subnet for such a link, is a better management. So why should a piece of software or a software developer rely on the fact, that there is a /64 on a PtP link. Again, it is correct to expect this from a usual link, but not from a PtP link.
I don't agree. Look at a supposedly private cross-country frame-relay link. It _appears_ to be a point-to-point link. From the router's standpoint, you don't know if there's one frame-relay switch between you and the other end, or twenty; you don't know if traffic stays within the frame-relay cloud or is tunneled into IP or carried over ATM. You don't even know how many carriers are involved. It's not a lot more secure than going over the public internet and if you are security conscious you will encrypt end-to-end traffic and use the BGP MD5 option. These ptp links are the exact target of work being done that include things such as embedding the crypto key or part of it in the MAC address. Michel.
please, we are talking about point-to-point links here. Michel, what you say (and what is written in the draft) is perfectly reasonable, when thinking about a 'real' link. I think a PtP link is some kind of an exception. There is nothing 'inside' a PtP link, just a source and a destination. The only reason to use a subnet for such a link, is a better management. So why should a piece of software or a software developer rely on the fact, that there is a /64 on a PtP link. Again, it is correct to expect this from a usual link, but not from a PtP link.
I don't agree. Look at a supposedly private cross-country frame-relay link. It _appears_ to be a point-to-point link. From the router's standpoint, you don't know if there's one frame-relay switch between you and the other end, or twenty; you don't know if traffic stays within the frame-relay cloud or is tunneled into IP or carried over ATM. You don't even know how many carriers are involved. It's not a lot more secure than going over the public internet and if you are security conscious you will encrypt end-to-end traffic and use the BGP MD5 option. These ptp links are the exact target of work being done that include things such as embedding the crypto key or part of it in the MAC address.
How did security end up in this thread? We are talking about numbering p-t-p links... - kurtis -
participants (2)
-
Kurt Erik Lindqvist -
Michel Py