On Tue, Jul 18, 2000 at 06:20:34AM +0900, itojun@iijlab.net wrote:
> 	due to key distribution issue, you'd need to configure ipsec manual
> 	keys into all routers.
I don't see that as a serious problem for startup; some amount of
initial configuration needs to be performed for bootstrapping after
you unpack the box no matter what scheme you think of. Problem may be 
that the one unpacking the box may not always be one you trust with
*the* key to your network infrastructure.

It is a major drawback for changing the key later to keep them fresh, 
or to deal with the case that you know or suspect that your current key 
has been compromised. A public key based scheme would be a lot nicer and
simpler to manage. Hmmm, maybe that would make a nice
student-assignment here ;).
 
> 	please speak up in ipngwg, i did not define it :-)
I'll dig up the draft again and try to think things over a bit and
maybe write some comments.

> 	if we use global unicast,
> 	(1) outsiders can transmit you a router renumbering command messages
To me, that's a non-issue really. You always have to assume they are
able to do that; either due to spoofing attacks or because one of your
hosts in the network has been compromised (which is often a near
trivial thing in a large network). So, relying on site-local
addressing only gives the illusion of added security, not much more.

> 	(2) during the renumbering process, you will remove global address
> 	    from ISP A and add one from ISP B.  if you remove A first,
> 	    you will be hosed (and it is possible to do)
don't shoot yourself in the foot ;}. Proper use of lifetimes of
prefixes should help here though.

> 	(3) how can we maintain list of routers address?
I think that's orthogonal problem to the protocol itself. Some piece
of network management software needs to be written that maintains the
network addressing plan and  uses the protocol to make propogate and
test updates into the network.

Feico.