Re: Machine Identity

Keith Moore <moore@network-heretics.com> Tue, 26 February 2008 16:24 UTC

Return-Path: <discuss-bounces@ietf.org>
X-Original-To: ietfarch-discuss-archive@core3.amsl.com
Delivered-To: ietfarch-discuss-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 40CC93A6D4F; Tue, 26 Feb 2008 08:24:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.407
X-Spam-Level:
X-Spam-Status: No, score=-1.407 tagged_above=-999 required=5 tests=[AWL=1.193, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8j5Y13anBguR; Tue, 26 Feb 2008 08:24:22 -0800 (PST)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0C6163A6D1A; Tue, 26 Feb 2008 08:24:22 -0800 (PST)
X-Original-To: discuss@core3.amsl.com
Delivered-To: discuss@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6E29F3A6CC0 for <discuss@core3.amsl.com>; Tue, 26 Feb 2008 08:24:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ISWTOk1+SKy5 for <discuss@core3.amsl.com>; Tue, 26 Feb 2008 08:24:15 -0800 (PST)
Received: from m1.imap-partners.net (m1.imap-partners.net [64.13.152.131]) by core3.amsl.com (Postfix) with ESMTP id 1E76A3A68F3 for <discuss@apps.ietf.org>; Tue, 26 Feb 2008 08:24:15 -0800 (PST)
Received: from lust.indecency.org (user-119b1dm.biz.mindspring.com [66.149.133.182]) by m1.imap-partners.net (MOS 3.8.4-GA) with ESMTP id AMV84940 (AUTH admin@network-heretics.com) for discuss@apps.ietf.org; Tue, 26 Feb 2008 08:24:06 -0800 (PST)
Message-ID: <47C43D24.6070006@network-heretics.com>
Date: Tue, 26 Feb 2008 11:24:04 -0500
From: Keith Moore <moore@network-heretics.com>
User-Agent: Thunderbird 2.0.0.9 (Macintosh/20071031)
MIME-Version: 1.0
To: Jeroen Massar <jeroen@unfix.org>
Subject: Re: Machine Identity
References: <20080226130527.GA1404@generic-nic.net> <47C4101B.6050206@spaghetti.zurich.ibm.com>
In-Reply-To: <47C4101B.6050206@spaghetti.zurich.ibm.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: discuss@apps.ietf.org
X-BeenThere: discuss@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: general discussion of application-layer protocols <discuss.ietf.org>
List-Unsubscribe: <http://www.ietf.org/mailman/listinfo/discuss>, <mailto:discuss-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:discuss@ietf.org>
List-Help: <mailto:discuss-request@ietf.org?subject=help>
List-Subscribe: <http://www.ietf.org/mailman/listinfo/discuss>, <mailto:discuss-request@ietf.org?subject=subscribe>
Sender: discuss-bounces@ietf.org
Errors-To: discuss-bounces@ietf.org


Jeroen Massar wrote:
> Stephane Bortzmeyer wrote:
> [..]
>> There are solutions for some protocols (SSH keys of RFC 4251 or Host
>> Identifiers of HIP in RFC 4423 are two good examples) but no general
>> "identity layer" in the Internet architecture.
> 
> IMHO HIP (RFC4423) is that exact identity layer and additionally solves 
> a number of other issues that it was made for.
> 
> The big problem though is that actually getting programs to use this is 
> cumbersome, simply because a lot of programmers don't know about it.

I like HIP.  But if there is any OS that ships with HIP support, I 
haven't heard about it.  And as soon as we get a "machine identity" I 
suspect we'll realize that what people want to identify isn't exactly a 
"machine" anymore.

> Same goes for the use of SRV records, IMHO, instead of point to AAAA/A 
> records for a service, one should *always* use SRV records.

NO.  SRV records can only be used with applications that are specified 
to use SRV records - otherwise you'll break compatibility with legacy 
applications.  And there are very few of these.

> SRV records solve loadbalancing, failover and a lot of other issues 
> mostly already in DNS.

Yeah, and they create a tussle between DNS operators and users.

> Webbrowsers for instance don't do SRV yet. One of their arguments is 
> 'lookup time', the same reason that some 'webdevelopers' used IP 
> addresses in their websites as that would skip the resolving step...
> 
> This is more about educating programmers than anything else...

Seems like IETFers need education at least as much as programmers do...

Keith