Re: [nbs] NBS and TCP connection identification

Rémi Després <remi.despres@free.fr> Thu, 14 October 2010 07:11 UTC

Return-Path: <remi.despres@free.fr>
X-Original-To: nbs@core3.amsl.com
Delivered-To: nbs@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E01883A6778 for <nbs@core3.amsl.com>; Thu, 14 Oct 2010 00:11:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.497
X-Spam-Level:
X-Spam-Status: No, score=-0.497 tagged_above=-999 required=5 tests=[AWL=-0.407, BAYES_20=-0.74, HELO_EQ_FR=0.35, MIME_8BIT_HEADER=0.3]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X77oc2xLqeoy for <nbs@core3.amsl.com>; Thu, 14 Oct 2010 00:11:03 -0700 (PDT)
Received: from smtp23.services.sfr.fr (smtp23.services.sfr.fr [93.17.128.20]) by core3.amsl.com (Postfix) with ESMTP id 1A0A13A63EC for <nbs@ietf.org>; Thu, 14 Oct 2010 00:11:03 -0700 (PDT)
Received: from filter.sfr.fr (localhost [127.0.0.1]) by msfrf2309.sfr.fr (SMTP Server) with ESMTP id 3467D7000081; Thu, 14 Oct 2010 09:12:21 +0200 (CEST)
Received: from [192.168.0.20] (per92-10-88-166-221-144.fbx.proxad.net [88.166.221.144]) by msfrf2309.sfr.fr (SMTP Server) with ESMTP id E30BA7000088; Thu, 14 Oct 2010 09:12:20 +0200 (CEST)
X-SFR-UUID: 20101014071220930.E30BA7000088@msfrf2309.sfr.fr
Mime-Version: 1.0 (Apple Message framework v1081)
Content-Type: text/plain; charset=iso-8859-1
From: =?iso-8859-1?Q?R=E9mi_Despr=E9s?= <remi.despres@free.fr>
In-Reply-To: <C0F28CE9-B47D-416A-907D-394AC2FAF487@ericsson.com>
Date: Thu, 14 Oct 2010 09:12:19 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <0631EE7A-FC0D-4130-AC87-397299CA4594@free.fr>
References: <4C97D9A8.2050001@oracle.com> <ACE9611A-9107-46EC-ADD2-56E553DC1C3A@ericsson.com> <4C9826D0.2060703@oracle.com> <1285067950.2068.59.camel@bit> <4C98D525.1030808@oracle.com> <DC2EB1A1-B9BE-49B0-B443-B513873B9AF2@ericsson.com> <EBB53DE6-2EEB-43C2-9451-0A38EBD10BAA@free.fr> <CD376A37-C756-47E5-BBC7-205595F523AB@ericsson.com> <C3056CB3-DDD3-4B13-A80F-552350031FEF@free.fr> <C0F28CE9-B47D-416A-907D-394AC2FAF487@ericsson.com>
To: Christian Vogt <christian.vogt@ericsson.com>
X-Mailer: Apple Mail (2.1081)
Cc: "nbs@ietf.org" <nbs@ietf.org>
Subject: Re: [nbs] NBS and TCP connection identification
X-BeenThere: nbs@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Name based sockets discussion list <nbs.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/nbs>, <mailto:nbs-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/nbs>
List-Post: <mailto:nbs@ietf.org>
List-Help: <mailto:nbs-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nbs>, <mailto:nbs-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Oct 2010 07:11:05 -0000

Christian,

The semantics of the IP address at the socket API can, and IMHO should, remain unchanged during the connection.
I see no need to invent synthetic names just for the application to be able to find again the initial address.
If the name of the connection initiator is not given received in the connection-accepting host, this one should not accept the connection if it imposes to have the initiator's name (one that can be checked in the DNS).

Regards,
RD 

Le 12 oct. 2010 à 18:58, Christian Vogt a écrit :

> 
> You wrote:
> 
>>> Needless to say, if the initiator does not provide a name -- e.g., because it does not have a name registered in the DNS --, the responder would generate a name for the initiator based on the initiator's IP address.  Such a "synthesized" name does not have to be verified; it already provides the same level of security that we have today.
>> 
>> It isn't clear to me that synthesized names are needed. 
>> NBS APIs could instead continue to provide, in their binary format, addresses found in session originating packets, and let application ignore them if they aren't interested.
> 
> Remi:
> 
> The reason why I think we do need synthesized names is because of their semantics:  They name the host that was located at the encoded IP address at the time of session initiation.  Unlike the semantics of an IP address, which can name the host that /currently/ is located at the address, a synthesized name could be stable across a session.

> 
> Does this make sense?
> 
> - Christian
>