Re: [shim6] I-D Action:draft-xu-name-shim6-00.txt

Brian E Carpenter <brian.e.carpenter@gmail.com> Sun, 17 October 2010 04:04 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: shim6@core3.amsl.com
Delivered-To: shim6@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C10883A6984; Sat, 16 Oct 2010 21:04:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.404
X-Spam-Level:
X-Spam-Status: No, score=-102.404 tagged_above=-999 required=5 tests=[AWL=0.195, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gYPKoKsgl5ok; Sat, 16 Oct 2010 21:04:44 -0700 (PDT)
Received: from mail-yx0-f172.google.com (mail-yx0-f172.google.com [209.85.213.172]) by core3.amsl.com (Postfix) with ESMTP id AA9BF3A686B; Sat, 16 Oct 2010 21:04:44 -0700 (PDT)
Received: by yxk30 with SMTP id 30so1073583yxk.31 for <multiple recipients>; Sat, 16 Oct 2010 21:06:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :organization:user-agent:mime-version:to:cc:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=sEvVipZ6IRecXGFk3fOQnLtHA7qR7YCmyr3BUFzgQRI=; b=BrIBFeBnjxGzaA5r7YVshuLjv3qkojWzBdKCKt9mruHoeapLwAfqZGbm+HoyN6J1ny crr+kvJsvIBDHzunRmbFEhiP19X588hZcKWmhfBuqSA086llpovNkB8EB8dbgUkWmKAs mN+rHx5S8XB9NVkV1mgWKsKmthxrIIEpBDMcI=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:organization:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; b=LLgVQ5nv958clw+XDE9x694rvOZh9PasXui0JtGThszZn+mL7zZhhU1f8c/1ByCC/m sR8M130yI87/MuFBhGPhzqHD3SnE3tV3dz+sNd90QWkHCuzYpDYE/aiqrL/yLrE1ekgb v4vcyZHYG1787KqSdSbmDU5tn//xydrnG13io=
Received: by 10.100.45.1 with SMTP id s1mr1429785ans.86.1287288369491; Sat, 16 Oct 2010 21:06:09 -0700 (PDT)
Received: from [10.1.1.4] ([121.98.142.15]) by mx.google.com with ESMTPS id d15sm19187985ana.20.2010.10.16.21.06.07 (version=SSLv3 cipher=RC4-MD5); Sat, 16 Oct 2010 21:06:08 -0700 (PDT)
Message-ID: <4CBA762D.5010506@gmail.com>
Date: Sun, 17 Oct 2010 17:06:05 +1300
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: shim6-wg <shim6@ietf.org>
References: <20100917140002.065FD3A69D3@core3.amsl.com>
In-Reply-To: <20100917140002.065FD3A69D3@core3.amsl.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Cc: nbs@ietf.org
Subject: Re: [shim6] I-D Action:draft-xu-name-shim6-00.txt
X-BeenThere: shim6@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: SHIM6 Working Group Mailing List <shim6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/shim6>, <mailto:shim6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/shim6>
List-Post: <mailto:shim6@ietf.org>
List-Help: <mailto:shim6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/shim6>, <mailto:shim6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 17 Oct 2010 04:04:45 -0000

> Abstract
> 
>    This document describes and defines shim6 as a mobility solution for
>    name-based sockets.  

My most general comment is that I think the draft should explain both
how NBS works in the original shim6 scenario (multihoming without
mobility) and then how it also works in the mobile case. I think
it's a very neat trick if it really does extend shim6 to support
mobility, but let's not forget the basics.

> 3.1.  Introduction
...
>    The traditional Shim6 defined in RFC5533 [RFC5533] does not aim to
>    solve mobility problem, so changes need to be made to the existing
>    Shim6 protocol.  One of the reasons for not supporting mobility is
>    that Shim6 uses a specific IP address as the identifier of the upper
>    lay protocol.  To avoid confusion, communication must be stopped when
>    this IP address becomes unavailable.  

Small but important change: unavailable ==> invalid. You say this correctly
later. "Unavailable" is confusing, since it might be understood to mean
"unreachable"; actually it's quite normal that the ULID goes unreachable.

> 4.1.1.  Brief overview of changes
...
>    Name Based Sockets suggest using the name of a host as the
>    identifier.  This solves the above problems, as a name is valid for
>    as long as a host wishes it to be. 

I don't think that's accurate. I think it would be accurate to
say "a name is valid for as long as it exists in the DNS."
If a name vanishes completely from the DNS, it seems that it is
just as invalid as an expired IP address; it is simply a much
rarer event.

On a related point, I think that you need a discussion somewhere
of the latency for DNS updates to propagate, and how that affects
the speed of recovery of a mobile connection. This point might
make or break this whole solution. If the time to get an updated
DNS RR is greater than the TCP session timeout, there's a problem.

> 5.  Security Considerations

The security of shim6 depends on using HBA/CGA addresses (including
the initial ULID). How do we get equivalent security here?
Is secure dynamic DNS update plus DNSSEC sufficient?

Regards
   Brian Carpenter