> none of those three things is acceptable, not even as a compromise.
The current solution I see for this is still IPv6. Except that one moves
the complete 'Independence' problem a layer higher. Enter:HIP: Host Identity Protocol:
Host Identity Protocol (hip)
this level of complexity seems a little high for anything to be universal.
(let me put it this way: A6/DNAME was shot down because of complexity, and
it was simpler than this.)
> > none of those three things is acceptable, not even as a compromise.
>
> The current solution I see for this is still IPv6. Except that one moves
> the complete 'Independence' problem a layer higher. Enter:
>
> HIP: Host Identity Protocol:
> Host Identity Protocol (hip)this level of complexity seems a little high for anything to be universal.
It depends all on what one wants, either one gets a lot of routes and
thus what we currently have in IPv4 or it is done completely different,
like that. As for it not being universal, there are quite a number of
working implementation already that seem to be proven to work quite
reliable. One of the alternatives of course is something similar as
MIPv6 etc.
(let me put it this way: A6/DNAME was shot down because of complexity, and
it was simpler than this.)
Wasn't it more because a single A6 lookup could cause one (the resolver
that is 
to have to follow a overly long chain of A6/DNAME chains,
which thus could cause maybe somewhat infinite lookups?
I rather like DNAME btw: "ip6.int DNAME ip6.arpa", which works quite
fine. A6 is fortunately not supported any more by BIND.
1. A6/DNAME were great idea, I'm really disappointed they are not going
forward...
It is, except maybe for the above noted 'problem'. Most of the time though
a site will have only a limited number of DNS servers, thus A6/DNAME would
be on the same server and the administrator could IMHO quite easily do the
simple replace trick on the configuration.
2. Level of complexity is a very relative thing. To me the important is
not to overwhelm any single protocol and allow clear separation between
different levels.. In that sense if we actually are able to create new
"host identity" layer we can solve the problem with not only dynamicly
changing ip addresses but with simplified multihoming for end-user
sites.
For most people on this globe the concept of 'IP' or even the phone system
is already magic 
Depends on bit who looks at it.
What is bad however is that IETF instead of pursuing it as
one effort has several of them including MULTI6, HIP, etc.
The fun of politics
BTW - regarding why these effots while being ip-independet would not
work for Ipv6, the reason is addressing. We need new kind of addresses
and they all require "id" that TCP can use for establishing connection
and that ID can not be limited to 32 bit so we end up considering reusing
part of IPv6 space for this new kind of "non-ip" addresses. I think
given large amount of available IPv6 space that is acceptable - if we
cut the pool to 1/4 we'd still have enough.
No issue there then now is there
Greets,
Jeroen
1. A6/DNAME were great idea, I'm really disappointed they are not going
forward...
2. Level of complexity is a very relative thing. To me the important is
not to overwhelm any single protocol and allow clear separation between
different levels.. In that sense if we actually are able to create new
"host identity" layer we can solve the problem with not only dynamicly
changing ip addresses but with simplified multihoming for end-user
sites. What is bad however is that IETF instead of pursuing it as
one effort has several of them including MULTI6, HIP, etc.
BTW - regarding why these effots while being ip-independet would not
work for Ipv6, the reason is addressing. We need new kind of addresses
and they all require "id" that TCP can use for establishing connection
and that ID can not be limited to 32 bit so we end up considering reusing
part of IPv6 space for this new kind of "non-ip" addresses. I think
given large amount of available IPv6 space that is acceptable - if we
cut the pool to 1/4 we'd still have enough.
BTW - regarding why these effots while being ip-independet would not
work for Ipv6, the reason is addressing. We need new kind of addresses
and they all require "id" that TCP can use for establishing connection
and that ID can not be limited to 32 bit so we end up considering reusing
part of IPv6 space for this new kind of "non-ip" addresses. I think
given large amount of available IPv6 space that is acceptable - if we
cut the pool to 1/4 we'd still have enough.
Correcting myself... Its not that you can not use multi6 with IPv4 - you
can but your ip stack will need to be IPv6 capable in order to do it and
programs and service should be prepared to deal with 128bit addresses for
TCP/UDP connections. So upgrade to support IPv6 will still be necessary,
but its not a requirement to actually run ipv6 network. Of course to
support something like HIP or Multi6 you will need yet another upgrade to
your ip stack and we really should have been pushing these upgrades
together with IPv6 itself.
jeroen@unfix.org (Jeroen Massar) wrote:
> > The current solution I see for this is still IPv6. Except that one moves
> > the complete 'Independence' problem a layer higher. Enter:
> >
> > HIP: Host Identity Protocol:
> > Host Identity Protocol (hip)
>
> this level of complexity seems a little high for anything to be universal.It depends all on what one wants, either one gets a lot of routes and
thus what we currently have in IPv4 or it is done completely different,
like that.
That's the point of view of an Internet technician (ok, who's on this list,
after all...). It is not the point of a user, a manager or a corporation.
HIP is too complicated, it relies on too many parts. It will never be used
widely, unless someone find a way to _entirely_ hide it from the end-user.
I cannot see a way to do that, starting with the certificates and for a
long time not ending with server and client implementations.
It is nice in theory, it streamlines protocol interaction, adds security,
makes you mobile, but it uses too many parts in complex interconnection.
I consider it impractical on the large, although it may fit the bill for
small, technically-oriented user groups.
Elmar.
> > > The current solution I see for this is still IPv6. Except that one moves
> > > the complete 'Independence' problem a layer higher. Enter:
> > >
> > > HIP: Host Identity Protocol:
> > > Host Identity Protocol (hip)
> >
> > this level of complexity seems a little high for anything to be universal.
>
> It depends all on what one wants, either one gets a lot of routes and
> thus what we currently have in IPv4 or it is done completely different,
> like that.That's the point of view of an Internet technician (ok, who's on this list,
after all...). It is not the point of a user, a manager or a corporation.
I am actually a user, though I tend to try to solve the problems I come
across when wanting to do something from a variety of perspectives, all
of which you mentioned above and probably a lot more.
HIP is too complicated, it relies on too many parts. It will never be used
widely, unless someone find a way to _entirely_ hide it from the end-user.
I cannot see a way to do that, starting with the certificates and for a
long time not ending with server and client implementations.
Does Jane Doe even know that DNS exists? No, they go to wall-mart or so,
get themselves a computer ("expensive toy with a lotttt of buttons"),
because that, just like a phone, is used to communicate to other people,
or a tv to look at pretty things ("Tell Sell made interactive!"), they
plug it into that cable coming out of the wall, or most of the time let
some 'engineer' ("that creepy fellow that came only after I called them
a lot of times when they finally came around") 'install' it. Then Jane
can press that round button and using that thing they call a mouse ("I
have to press the eyes and the tail is on the wrong side"). MSN or
whatever that came pre-installed pops up and gives them some default
links. Most of them don't even know they can *type* url's.... let alone
that they are called url's or that they form a hierarchy... they really
don't care about DNS and they also do not want to know.
As for your 'certificates' part, never used http://www.bank.com ?
They come pre-installed. 25 years ago you didn't get a computer with a
pre-installed browser (they didn't exist), that might take time, but it
will come hopefully.
That something at this moment doesn't look viable or far in the future
doesn't mean one must simply throw it away...
Btw... the funniest part about most people who say they 'multihome' is
always that they have quite a number of SPOF's in their 'network'
Greets,
Jeroen
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
(catching up)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1