Service Identity (Re: Machine Identity)
Jeroen Massar <jeroen@unfix.org> Thu, 28 February 2008 13:46 UTC
Return-Path: <discuss-bounces@ietf.org>
X-Original-To: ietfarch-discuss-archive@core3.amsl.com
Delivered-To: ietfarch-discuss-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3BCF73A6EAF; Thu, 28 Feb 2008 05:46:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Kb-actNtDIvW; Thu, 28 Feb 2008 05:46:36 -0800 (PST)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0F1C13A6E95; Thu, 28 Feb 2008 05:46:36 -0800 (PST)
X-Original-To: discuss@core3.amsl.com
Delivered-To: discuss@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CBF623A6E95 for <discuss@core3.amsl.com>; Thu, 28 Feb 2008 05:46:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DFTBF1Zm719x for <discuss@core3.amsl.com>; Thu, 28 Feb 2008 05:46:31 -0800 (PST)
Received: from abaddon.unfix.org (abaddon.unfix.org [194.1.163.39]) by core3.amsl.com (Postfix) with ESMTP id A95093A6B95 for <discuss@apps.ietf.org>; Thu, 28 Feb 2008 05:46:30 -0800 (PST)
Received: from [IPv6:2001:41e0:ff42:b00:216:cfff:fe00:e7d0] (spaghetti.ch.unfix.org [IPv6:2001:41e0:ff42:b00:216:cfff:fe00:e7d0]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: jeroen) by abaddon.unfix.org (Postfix) with ESMTPSA id C820C40202D; Thu, 28 Feb 2008 14:41:19 +0100 (CET)
Message-ID: <47C6BA02.9090000@spaghetti.zurich.ibm.com>
Date: Thu, 28 Feb 2008 14:41:22 +0100
From: Jeroen Massar <jeroen@unfix.org>
Organization: Unfix
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.12) Gecko/20080213 Thunderbird/2.0.0.12 Mnenhy/0.7.5.666
MIME-Version: 1.0
To: Balazs Lengyel <balazs.lengyel@ericsson.com>
Subject: Service Identity (Re: Machine Identity)
References: <20080226130527.GA1404@generic-nic.net> <20080228112318.GA23196@nic.fr> <20080228114656.GD8439@elstar.local> <Pine.SOL.4.64.0802281405360.10117@kekkonen.cs.hut.fi> <20080228124038.GA8852@elstar.local> <47C6B37F.2050505@ericsson.com>
In-Reply-To: <47C6B37F.2050505@ericsson.com>
X-Enigmail-Version: 0.95.6
OpenPGP: id=333E7C23
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="------------enig886B0A44846D6266E43E6055"
X-Virus-Scanned: ClamAV version 0.92.1, clamav-milter version 0.92.1 on abaddon.unfix.org
X-Virus-Status: Clean
Cc: discuss@apps.ietf.org
X-BeenThere: discuss@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: general discussion of application-layer protocols <discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/discuss>, <mailto:discuss-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:discuss@ietf.org>
List-Help: <mailto:discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/discuss>, <mailto:discuss-request@ietf.org?subject=subscribe>
Sender: discuss-bounces@ietf.org
Errors-To: discuss-bounces@ietf.org
Balazs Lengyel wrote: > IMHO virtualization, and programs like VmWare are one example where it > is hard to say what are you trying to identify. The physical box or the > virtual machine? One should identify the *service* That solves all the issues mentioned here. The service could be "your p2p app" but also "HTTP host a.example.com" or "HTTP host b.example.com" etc. SSH Keys are a good example of this, they identify the SSH service. You can find that service on IPv4 port 22 and IPv6 port 22, maybe on different other IP addresses or other port numbers. Everytime you connect to that service, you can communicate with it using the same public key, as it's private key remains the same. Now if another SSH service steals the IP address or port number, you will get a different key to talk with. Solving this with HIP, but instead of "Host" making it "Service" based would be great. Note that a lot of virtualization is service based, not really host based. For that matter, the larger sites actually only care about services: deploy 1000 HTTP proxies for site X, deploy 1000 crawler bots for purpose Z etc. They really can't care less about the host itself, that is just a place where the service runs. Greets, Jeroen
- Re: Machine Identity Dave Crocker
- Machine Identity Stephane Bortzmeyer
- Re: Machine Identity Jeroen Massar
- Re: Machine Identity Stephane Bortzmeyer
- Re: Machine Identity der Mouse
- Re: Machine Identity Stephane Bortzmeyer
- Re: Machine Identity Keith Moore
- Re: Machine Identity der Mouse
- Re: Machine Identity Dave Crocker
- Re: Machine Identity Keith Moore
- Re: Machine Identity Keith Moore
- Re: Machine Identity Dave Crocker
- Re: Machine Identity Dave Crocker
- Re: Machine Identity Keith Moore
- Re: Machine Identity Miika Komu
- Re: Machine Identity Stephane Bortzmeyer
- Re: Machine Identity Juergen Schoenwaelder
- Re: Machine Identity Miika Komu
- Re: Machine Identity Juergen Schoenwaelder
- Re: Machine Identity Balazs Lengyel
- Re: Machine Identity Miika Komu
- Service Identity (Re: Machine Identity) Jeroen Massar
- RE: Service Identity (Re: Machine Identity) David Harrington
- Re: Service Identity (Re: Machine Identity) Jeroen Massar
- Re: Machine Identity Stephane Bortzmeyer
- Re: Machine Identity Dave Crocker
- Re: Service Identity (Re: Machine Identity) Juergen Schoenwaelder
- Re: Machine Identity Stephane Bortzmeyer
- Re: Machine Identity Stephane Bortzmeyer
- Re: Machine Identity Jeroen Massar
- Re: Service Identity (Re: Machine Identity) Jeroen Massar
- Re: Machine Identity Stephane Bortzmeyer
- Re: Machine Identity Jeroen Massar
- Re: Machine Identity Miika Komu
- Re: Machine Identity Dave Crocker
- Re: Machine Identity Dave Crocker
- Re: Machine Identity Frank Ellermann
- Re: Machine Identity Jeroen Massar
- Re: Machine Identity der Mouse
- Re: Service Identity (Re: Machine Identity) Dave Crocker