Re: Machine Identity

Jeroen Massar <jeroen@unfix.org> Tue, 26 February 2008 13:17 UTC

Return-Path: <discuss-bounces@ietf.org>
X-Original-To: ietfarch-discuss-archive@core3.amsl.com
Delivered-To: ietfarch-discuss-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4F09B3A6839; Tue, 26 Feb 2008 05:17:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cBhJXN49dx+6; Tue, 26 Feb 2008 05:17:52 -0800 (PST)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 195C428C205; Tue, 26 Feb 2008 05:17:52 -0800 (PST)
X-Original-To: discuss@core3.amsl.com
Delivered-To: discuss@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4EA8728C2EF for <discuss@core3.amsl.com>; Tue, 26 Feb 2008 05:17:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ecIgjGqDMovj for <discuss@core3.amsl.com>; Tue, 26 Feb 2008 05:17:34 -0800 (PST)
Received: from abaddon.unfix.org (abaddon.unfix.org [194.1.163.39]) by core3.amsl.com (Postfix) with ESMTP id C94CA28C2FA for <discuss@apps.ietf.org>; Tue, 26 Feb 2008 05:17:03 -0800 (PST)
Received: from [IPv6:2001:41e0:ff42:b00:216:cfff:fe00:e7d0] (spaghetti.ch.unfix.org [IPv6:2001:41e0:ff42:b00:216:cfff:fe00:e7d0]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: jeroen) by abaddon.unfix.org (Postfix) with ESMTPSA id DF04740200F; Tue, 26 Feb 2008 14:11:53 +0100 (CET)
Message-ID: <47C4101B.6050206@spaghetti.zurich.ibm.com>
Date: Tue, 26 Feb 2008 14:11:55 +0100
From: Jeroen Massar <jeroen@unfix.org>
Organization: Unfix
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.9) Gecko/20071031 Thunderbird/2.0.0.9 Mnenhy/0.7.5.666
MIME-Version: 1.0
To: Stephane Bortzmeyer <bortzmeyer@nic.fr>
Subject: Re: Machine Identity
References: <20080226130527.GA1404@generic-nic.net>
In-Reply-To: <20080226130527.GA1404@generic-nic.net>
X-Enigmail-Version: 0.95.6
OpenPGP: id=333E7C23
Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig763525FBFA290276908F9B8A"
X-Virus-Scanned: ClamAV version 0.92.1, clamav-milter version 0.92.1 on abaddon.unfix.org
X-Virus-Status: Clean
Cc: discuss@apps.ietf.org
X-BeenThere: discuss@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: general discussion of application-layer protocols <discuss.ietf.org>
List-Unsubscribe: <http://www.ietf.org/mailman/listinfo/discuss>, <mailto:discuss-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:discuss@ietf.org>
List-Help: <mailto:discuss-request@ietf.org?subject=help>
List-Subscribe: <http://www.ietf.org/mailman/listinfo/discuss>, <mailto:discuss-request@ietf.org?subject=subscribe>
Sender: discuss-bounces@ietf.org
Errors-To: discuss-bounces@ietf.org

Stephane Bortzmeyer wrote:
[..]
> There are solutions for some protocols (SSH keys of RFC 4251 or Host
> Identifiers of HIP in RFC 4423 are two good examples) but no general
> "identity layer" in the Internet architecture.

IMHO HIP (RFC4423) is that exact identity layer and additionally solves 
a number of other issues that it was made for.

The big problem though is that actually getting programs to use this is 
cumbersome, simply because a lot of programmers don't know about it.

Same goes for the use of SRV records, IMHO, instead of point to AAAA/A 
records for a service, one should *always* use SRV records.

SRV records solve loadbalancing, failover and a lot of other issues 
mostly already in DNS.

Webbrowsers for instance don't do SRV yet. One of their arguments is 
'lookup time', the same reason that some 'webdevelopers' used IP 
addresses in their websites as that would skip the resolving step...

This is more about educating programmers than anything else...

Greets,
  Jeroen