IETF Logo Mail Archive

Re: [dhcwg] DUID on a Virtual Host

Ted Lemon <Ted.Lemon@nominum.com> Fri, 02 March 2007 00:58 UTC

Return-path: <dhcwg-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HMw67-0004rf-IM; Thu, 01 Mar 2007 19:58:11 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HMw65-0004rX-GN for dhcwg@ietf.org; Thu, 01 Mar 2007 19:58:09 -0500
Received: from shell-ng.nominum.com ([81.200.64.181]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HMw64-0004Cz-7C for dhcwg@ietf.org; Thu, 01 Mar 2007 19:58:09 -0500
Received: from mail.nominum.com (mail.nominum.com [81.200.64.186]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by shell-ng.nominum.com (Postfix) with ESMTP id C214956951; Thu, 1 Mar 2007 16:58:07 -0800 (PST) (envelope-from Ted.Lemon@nominum.com)
X-Spam-Status: No, hits=0.0 required=8.4 tests=AWL: -0.657,BAYES_99: 4.07,CUSTOM_RULE_FROM: ALLOW, TOTAL_SCORE: 3.413
X-Spam-Level:
Received: from [10.0.0.190] ([66.93.162.128]) (authenticated user mellon@nominum.com) by mail.nominum.com (using TLSv1/SSLv3 with cipher AES128-SHA (128 bits)); Thu, 1 Mar 2007 16:58:06 -0800
In-Reply-To: <20070302004546.GF20815@isc.org>
References: <8E296595B6471A4689555D5D725EBB21035095C8@xmb-rtp-20a.amer.cisco.com> <200702201524.l1KFOQO4026527@cichlid.raleigh.ibm.com> <39C363776A4E8C4A94691D2BD9D1C9A101774702@XCH-NW-7V2.nw.nos.boeing.com> <45DB65B8.7080107@us.ibm.com> <E8F789A0-772A-4B56-9AFF-D0925A0FF5EC@nominum.com> <20070301234628.GD20815@isc.org> <986E53D9-2A76-480E-8098-8F7466378E87@nominum.com> <20070302004546.GF20815@isc.org>
Mime-Version: 1.0 (Apple Message framework v752.3)
Content-Type: text/plain; charset="US-ASCII"; delsp="yes"; format="flowed"
Message-Id: <37AA4D8B-BA12-434A-83D0-FBFE4C709C07@nominum.com>
Content-Transfer-Encoding: 7bit
From: Ted Lemon <Ted.Lemon@nominum.com>
Subject: Re: [dhcwg] DUID on a Virtual Host
Date: Thu, 01 Mar 2007 17:57:51 -0700
To: "David W. Hankins" <David_Hankins@isc.org>
X-Mailer: Apple Mail (2.752.3)
X-Spam-Score: 0.0 (/)
X-Scan-Signature: de4f315c9369b71d7dd5909b42224370
Cc: DHC WG <dhcwg@ietf.org>
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: dhcwg.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
Errors-To: dhcwg-bounces@ietf.org

On Mar 1, 2007, at 5:45 PM, David W. Hankins wrote:
> It would be perfectly acceptable to use a derivative of a key as a
> DUID.  If you actually wanted to make use of the key of course,
> in authentication or encryption or what have you, there would need
> to be some additional mechanism to transfer its content.

No, we didn't agree on that.   You assert that the key is unique, and  
that therefore the fingerprint (derivative) is unique, but in fact  
nothing of the sort is true - the only reason the fingerprint works  
as an identifier is that there are additional disambiguation  
mechanisms that (a) make the likelihood of an undetected collision  
acceptably small and (b) provide a path for both detecting and  
dealing with a collision.   Unfortunately, these mechanisms require  
the intervention of an intelligent agent (a person) and can't really  
be automated in the way you're suggesting.



_______________________________________________
dhcwg mailing list
dhcwg@ietf.org
https://www1.ietf.org/mailman/listinfo/dhcwg

v2.30.2 | Report a Bug | By Email | System Status