Subject: Re: IPv6 Router Renumbering
To: None <firstname.lastname@example.org>
From: Feico Dillema <email@example.com>
Date: 07/17/2000 18:54:09
On Tue, Jul 18, 2000 at 01:02:54AM +0900, firstname.lastname@example.org wrote:
> receiver side code: in usr.sbin/rtadvd (need -R to enable it)
> sender side code: compile kame rrenumd, should need no modification
> again, it is next to impossible to configure it in secure manner,
> due to ipsec configuration twist (multicast ipsec is almost
> impractical, site-local IPv6 routing is also impractical, router
> renumbering requires BOTH!). i just do not feel like putting it
> into the tree.
Ah, I didn't know (remember) that it depended on site-local routing.
That sounds bad to me too; there isn't much consenses on the
site-local routing issue in the IETF groups yet, or is there?
Why is multicast ipsec impractical (never looked at it, so am
ignorant on it). Is it a configuration nightmare (is it fundamentally
different than for unicast IPSEC?), or is it impractical
from a security perspective (one compromised router, compromises all
kinda thing?). Wouldn't it be feasible to have a renumbering protocol
based on global-address unicast only. It may be a bit less functional,
but more practical and I'd think sufficient for *re*-numbering
(instead of also for bootstrap auto-configuration).