Re: Machine Identity

Miika Komu <miika@iki.fi> Tue, 26 February 2008 22:28 UTC

Return-Path: <discuss-bounces@ietf.org>
X-Original-To: ietfarch-discuss-archive@core3.amsl.com
Delivered-To: ietfarch-discuss-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0FD1728C460; Tue, 26 Feb 2008 14:28:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.739
X-Spam-Level:
X-Spam-Status: No, score=-4.739 tagged_above=-999 required=5 tests=[AWL=1.860, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L3Fwc+UeFSO2; Tue, 26 Feb 2008 14:28:50 -0800 (PST)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D70A83A67E7; Tue, 26 Feb 2008 14:28:50 -0800 (PST)
X-Original-To: discuss@core3.amsl.com
Delivered-To: discuss@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id ED3553A6878 for <discuss@core3.amsl.com>; Tue, 26 Feb 2008 14:28:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0DL8sUS11XqY for <discuss@core3.amsl.com>; Tue, 26 Feb 2008 14:28:49 -0800 (PST)
Received: from twilight.cs.hut.fi (twilight.cs.hut.fi [130.233.40.5]) by core3.amsl.com (Postfix) with ESMTP id E451C3A67E7 for <discuss@apps.ietf.org>; Tue, 26 Feb 2008 14:28:48 -0800 (PST)
Received: by twilight.cs.hut.fi (Postfix, from userid 60001) id CF4D72DEC; Wed, 27 Feb 2008 00:28:41 +0200 (EET)
X-Spam-Niksula: No
Received: from kekkonen (kekkonen.cs.hut.fi [130.233.41.50]) by twilight.cs.hut.fi (Postfix) with ESMTP id 5521B2DDF; Wed, 27 Feb 2008 00:28:40 +0200 (EET)
Date: Wed, 27 Feb 2008 00:28:40 +0200 (EET)
From: Miika Komu <miika@iki.fi>
X-X-Sender: mkomu@kekkonen.cs.hut.fi
To: Stephane Bortzmeyer <bortzmeyer@nic.fr>
Subject: Re: Machine Identity
In-Reply-To: <20080226142754.GA12093@nic.fr>
Message-ID: <Pine.SOL.4.64.0802270013060.16365@kekkonen.cs.hut.fi>
References: <20080226130527.GA1404@generic-nic.net> <47C4101B.6050206@spaghetti.zurich.ibm.com> <20080226142754.GA12093@nic.fr>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Cc: discuss@apps.ietf.org, Jeroen Massar <jeroen@unfix.org>, apps-discuss@ietf.org
X-BeenThere: discuss@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: general discussion of application-layer protocols <discuss.ietf.org>
List-Unsubscribe: <http://www.ietf.org/mailman/listinfo/discuss>, <mailto:discuss-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:discuss@ietf.org>
List-Help: <mailto:discuss-request@ietf.org?subject=help>
List-Subscribe: <http://www.ietf.org/mailman/listinfo/discuss>, <mailto:discuss-request@ietf.org?subject=subscribe>
Sender: discuss-bounces@ietf.org
Errors-To: discuss-bounces@ietf.org

On Tue, 26 Feb 2008, Stephane Bortzmeyer wrote:

Hi,

> On Tue, Feb 26, 2008 at 02:11:55PM +0100,
> Jeroen Massar <jeroen@unfix.org>; wrote
> a message of 47 lines which said:
>
>> IMHO HIP (RFC4423) is that exact identity layer
>
> I feel the same way but it does not seem that HIP interests many
> people?

_o/

>> The big problem though is that actually getting programs to use this
>> is cumbersome, simply because a lot of programmers don't know about
>> it.
>
> Via draft-ietf-hip-native-api? How many implementation? How could I
> use it on a machine which has no HIP in its kernel?

Yes, the native API is an explicit way of using HIP:

http://www.ietf.org/internet-drafts/draft-ietf-hip-native-api-04.txt

Fortunately, also legacy applications can also use HIP:

http://www.ietf.org/internet-drafts/draft-ietf-hip-applications-02.txt

While waiting for changes to libc, the DNS interaction can be accomplished 
by running a DNS proxy in the localhost that can do the HIP magic. The 
kernel support for the new beet mode is not mandatory because it can be 
implemented in userspace using tun/tap devices like OpenHIP does it 
already. Our project (InfraHIP) has contributed already the kernel patches 
to the Linux kernel and half of them have been accepted.

-- 
Miika Komu                                       http://www.iki.fi/miika/