Subject: Re: IPv6 Router Renumbering
To: None <>
From: Feico Dillema <>
List: current-users
Date: 07/17/2000 18:54:09
On Tue, Jul 18, 2000 at 01:02:54AM +0900, wrote:
> 	receiver side code: in usr.sbin/rtadvd (need -R to enable it)
> 	sender side code: compile kame rrenumd, should need no modification
Ok, thanks.

> 	again, it is next  to impossible to configure it in secure manner,
> 	due to ipsec configuration twist (multicast ipsec is almost
> 	impractical, site-local IPv6 routing is also impractical, router
> 	renumbering requires BOTH!).  i just do not feel like putting it
> 	into the tree.
Ah, I didn't know (remember) that it depended on site-local routing.
That sounds bad to me too; there isn't much consenses on the
site-local routing issue in the IETF groups yet, or is there? 

Why is multicast ipsec impractical (never looked at it, so am
ignorant on it). Is it a configuration nightmare (is it fundamentally
different than for unicast IPSEC?), or is it impractical
from a security perspective (one compromised router, compromises all
kinda thing?). Wouldn't it be feasible to have a renumbering protocol 
based on global-address unicast only. It may be a bit less functional,
but more practical and I'd think sufficient for *re*-numbering
(instead of also for bootstrap auto-configuration).