Re: [nemo] Re: don't deprecate DHAAD

Alexandru Petrescu <alexandru.petrescu@motorola.com> Thu, 16 March 2006 17:48 UTC

Message-ID: <4419A4F4.6070306@motorola.com>
Date: Thu, 16 Mar 2006 18:48:36 +0100
From: Alexandru Petrescu <alexandru.petrescu@motorola.com>
User-Agent: Thunderbird 1.5 (Windows/20051201)
MIME-Version: 1.0
To: Francis Dupont <Francis.Dupont@point6.net>
Subject: Re: [nemo] Re: don't deprecate DHAAD
References: <200603101809.k2AI9mlF051322@givry.rennes.enst-bretagne.fr>
In-Reply-To: <200603101809.k2AI9mlF051322@givry.rennes.enst-bretagne.fr>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: nemo@ietf.org
Precedence: list
Errors-To: nemo-bounces@ietf.org

Francis Dupont wrote:
>  In your previous mail you wrote:
> 
>    > [...] and there has also been a talk about deprecating DHAAD (I
>    > disagree with deprecating DHAAD).
>    
> => it seems it was a good idea to change the subject (:-)
> 
>    I disagree too with deprecating DHAAD.
>    
> => there are two basic issues with DHAAD:
>  - the needed function is more HA assignment than HA discovery.

I don't see the difference (?).

>  - the current anycast DHAAD mechanism can't be made secure.
> Please note the current DHAAD is optional.

And if the "anycast" part is removed from the DHAAD mechanism 
altoghether then it would become more securisable, I believe.

>    I think there is one draft dhaad-harmful.
>    
> => yes, I am its editor. The proposal is to switch to the DNS SRV RR
> from the bootstrapping DT. BTW I believe it is useful to work on
> all kinds of HA switching mechanisms too.

This may bind an IP discovery mechanism to the existence of above IP 
(DNS) data presence.  It seems unreal for the IP discovery mechanism to 
need level-7 data be present.  In a similar mechanism which is DHCP, 
discovery works ok without DNS data being present, and the DNS data can 
be updated by DHCP after it has finished its discovery phase.

>    But there is draft-arkko-mip6-3775bis-ndmobext-00 which clearly mentions
>    the HA list and it being maintained by DHAAD.
>    
> => is your argument about the function or about the mechanism?

I am not sure I understand the difference between "function" and 
"mechanism" in this context.

>    There is at least one implementation of non-anycast DHAAD which works 
>    just fine (although not yet secure).
>    
> => this comment suggests the function.

I suggest that there is at least one implementation with rfc3775 DHAAD 
messaging (RAs and DHAAD) that works just fine.  It's true that it uses 
"anycast"-format addresses.  But these addresses get no special 
"anycast" treatment by the stack.  It's just that the dedicated 
"anycast" address is assigned to several same-link HAs and all the HAs 
receive the DHAAD Request.  However, only one HA replies back.

Alex

[nemo] I-D ACTION:draft-ietf-nemo-dhcpv6-pd-01.txt Internet-Drafts
Re: [nemo] I-D ACTION:draft-ietf-nemo-dhcpv6-pd-0… Vijay Devarapallli
RE: [nemo] I-D ACTION:draft-ietf-nemo-dhcpv6-pd-0… Pascal Thubert (pthubert)
Re: [nemo] I-D ACTION:draft-ietf-nemo-dhcpv6-pd-0… Vijay Devarapallli
[nemo] Re: don't deprecate DHAAD (was: I-D ACTION… Alexandru Petrescu
Re: [nemo] Re: don't deprecate DHAAD (was: I-D AC… Francis Dupont
Re: [nemo] Re: don't deprecate DHAAD Alexandru Petrescu
Re: [nemo] Re: don't deprecate DHAAD Francis Dupont
Re: [nemo] Re: don't deprecate DHAAD Alexandru Petrescu
Re: [nemo] Re: don't deprecate DHAAD Francis Dupont