Re: sockets APIs extensions for Host Identity Protocol
Miika Komu <miika@iki.fi> Fri, 11 May 2007 06:19 UTC
Return-path: <discuss-bounces@apps.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HmOTn-0005yI-Op; Fri, 11 May 2007 02:19:51 -0400
Received: from discuss by megatron.ietf.org with local (Exim 4.43) id 1HmOTm-0005yA-Ht for discuss-confirm+ok@megatron.ietf.org; Fri, 11 May 2007 02:19:50 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HmOTm-0005y2-6P for discuss@apps.ietf.org; Fri, 11 May 2007 02:19:50 -0400
Received: from twilight.cs.hut.fi ([130.233.40.5]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HmOTj-0006La-Mn for discuss@apps.ietf.org; Fri, 11 May 2007 02:19:50 -0400
Received: by twilight.cs.hut.fi (Postfix, from userid 60001) id C3A082D12; Fri, 11 May 2007 09:19:46 +0300 (EEST)
X-Spam-Checker-Version: SpamAssassin 3.2.0-niksula20070322 (2007-05-01) on twilight.cs.hut.fi
X-Spam-Level:
X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=disabled version=3.2.0-niksula20070322
X-Spam-Niksula: No
Received: from kekkonen.cs.hut.fi (kekkonen.cs.hut.fi [130.233.41.50]) by twilight.cs.hut.fi (Postfix) with ESMTP id 61B442D0E; Fri, 11 May 2007 09:19:44 +0300 (EEST)
Date: Fri, 11 May 2007 09:19:44 +0300
From: Miika Komu <miika@iki.fi>
X-X-Sender: mkomu@kekkonen.cs.hut.fi
To: Keith Moore <moore@cs.utk.edu>
Subject: Re: sockets APIs extensions for Host Identity Protocol
In-Reply-To: <4643F873.3000501@cs.utk.edu>
Message-ID: <Pine.SOL.4.64.0705110851440.24038@kekkonen.cs.hut.fi>
References: <Pine.SOL.4.64.0705041801060.14418@kekkonen.cs.hut.fi> <20070507082737.GB21759@nic.fr> <46413DD7.8020702@cs.utk.edu> <20070509121703.GA21070@nic.fr> <4641CA52.70504@cs.utk.edu> <Pine.LNX.4.64.0705091449360.26169@hermes-1.csi.cam.ac.uk> <4641D94C.9070304@cs.utk.edu> <Pine.SOL.4.64.0705102013550.10049@kekkonen.cs.hut.fi> <46436B10.5090706@cs.utk.edu> <Pine.SOL.4.64.0705102159020.10049@kekkonen.cs.hut.fi> <4643F873.3000501@cs.utk.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 4b800b1eab964a31702fa68f1ff0e955
Cc: discuss@apps.ietf.org
X-BeenThere: discuss@apps.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: general discussion of application-layer protocols <discuss.apps.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/discuss>, <mailto:discuss-request@apps.ietf.org?subject=unsubscribe>
List-Post: <mailto:discuss@apps.ietf.org>
List-Help: <mailto:discuss-request@apps.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/discuss>, <mailto:discuss-request@apps.ietf.org?subject=subscribe>
Errors-To: discuss-bounces@apps.ietf.org
On Fri, 11 May 2007, Keith Moore wrote: Hi Keith, >>> offhand, I think you need to support both. HITs aren't very useful to >>> apps unless they are visible to them and globally-scoped. HIP is still >>> useful without HIT visibility, but less useful. >> >> It does not mean that the HIT fingerprint, or preferably even the >> corresponding public key, are completely invisible to the application >> with locally-scoped identifiers. It is just a question of an extra >> function call that translates the local-scope identifier to the >> desired format (HIT or public key). > > It strikes me that if I'm using opportunistic HIP, then I probably want > to use normal sockaddr_in* structures and do a setsockopt() that says > "give me HIP if both ends support it" before doing connect() or > listen(). In that case I'd want getpeername() to still return the > peer's (current) IP address, but I'd want additional functions to return > the peer's HIT. In that case I don't see any real value in having > locally-scoped pseudo-HITs. The reason for doing things this way is > that it would require fewer changes to legacy code to support > opportunistic HIP. We have implemented opportunistic mode in the HIPL implementation in the way you described. It required some tricks under the sockets API hood to get it working, but it is great for legacy apps. Even referrals work, assuming that you are behind a NAT or a firewall :) What about "native" HIP applications that are aware of HIP? The whole point of the locally scoped identifier was to provide single, unified end-point token to applications. Is it acceptable to handle both sockaddr_in and sockaddr_hip structures in HIP aware apps? I think a single identifier type would be simpler. > OTOH, if I'm doing "real" HIP then I want to use something like a > sockaddr_hip structure that lets me specify both the HIT (as the > "address") and a variable number of IP addresses (including both IPv4 > and IPv6 addresses) at which the peer named by the HIT might be > reachable (or at which a redirect to the actual peer might be > obtainable). The is certainly possible. One could also implement opportunistic mode by leaving out the HIT from sockaddr_hip and by specifying only the IP. However, there is an inherent problem with this approach as described below. > And then you probably want a HIP-specific replacement for > getaddrinfo() that will return not only addresses but also the HIT > associated with a DNS name and whatever other information is useful in a > form that's easily stuffed into a sockaddr_hip. Why this can't be done in the current resolver by specifying a flag? > really you want to be able to map a DNS name into multiple HITs, each of > which can have zero or more IPv* addresses associated with it.... and > you want a standard data structure that consists of a HIT + IP addresses > that can be passed around in referrals. The problem with this approach is that it will encourage developers to use the IP address directly from the socket address structure. The host corresponding to the HIT may have changed it's IP address at that point (independently of whether the structure describes the local or remote host). I believe that it is be much better to "force" the developer to obtain a valid IP address using a separate function call (see draft-ietf-shim6-multihome-shim-api). An extra call should not be a problem in a HIP aware application. -- Miika Komu http://www.iki.fi/miika/
- sockets APIs extensions for Host Identity Protocol Miika Komu
- Re: sockets APIs extensions for Host Identity Pro… Stephane Bortzmeyer
- Re: sockets APIs extensions for Host Identity Pro… Chris Newman
- Re: sockets APIs extensions for Host Identity Pro… der Mouse
- Re: sockets APIs extensions for Host Identity Pro… Keith Moore
- Re: sockets APIs extensions for Host Identity Pro… Keith Moore
- Re: sockets APIs extensions for Host Identity Pro… Keith Moore
- Re: sockets APIs extensions for Host Identity Pro… Stephane Bortzmeyer
- Re: sockets APIs extensions for Host Identity Pro… Keith Moore
- Re: sockets APIs extensions for Host Identity Pro… Keith Moore
- Re: sockets APIs extensions for Host Identity Pro… der Mouse
- Re: sockets APIs extensions for Host Identity Pro… Stephane Bortzmeyer
- Re: sockets APIs extensions for Host Identity Pro… Stephane Bortzmeyer
- Re: sockets APIs extensions for Host Identity Pro… Keith Moore
- Re: sockets APIs extensions for Host Identity Pro… Miika Komu
- RE: sockets APIs extensions for Host Identity Pro… Henderson, Thomas R
- Re: sockets APIs extensions for Host Identity Pro… Miika Komu
- Re: sockets APIs extensions for Host Identity Pro… Miika Komu
- Re: sockets APIs extensions for Host Identity Pro… Miika Komu
- Re: sockets APIs extensions for Host Identity Pro… Tony Finch
- Re: sockets APIs extensions for Host Identity Pro… Keith Moore
- Re: sockets APIs extensions for Host Identity Pro… Miika Komu
- Re: sockets APIs extensions for Host Identity Pro… Keith Moore
- Re: sockets APIs extensions for Host Identity Pro… Miika Komu
- Re: sockets APIs extensions for Host Identity Pro… Keith Moore
- Re: sockets APIs extensions for Host Identity Pro… der Mouse
- Re: sockets APIs extensions for Host Identity Pro… Miika Komu
- Re: sockets APIs extensions for Host Identity Pro… Keith Moore
- Re: sockets APIs extensions for Host Identity Pro… Keith Moore
- Re: sockets APIs extensions for Host Identity Pro… Miika Komu
- Re: sockets APIs extensions for Host Identity Pro… der Mouse
- Re: sockets APIs extensions for Host Identity Pro… Keith Moore
- Re: sockets APIs extensions for Host Identity Pro… Miika Komu
- Re: sockets APIs extensions for Host Identity Pro… Miika Komu
- Re: sockets APIs extensions for Host Identity Pro… Keith Moore
- Re: sockets APIs extensions for Host Identity Pro… Keith Moore
- Re: sockets APIs extensions for Host Identity Pro… Keith Moore
- Re: sockets APIs extensions for Host Identity Pro… Miika Komu
- Re: sockets APIs extensions for Host Identity Pro… Keith Moore
- RE: sockets APIs extensions for Host Identity Pro… Chris Newman
- Re: sockets APIs extensions for Host Identity Pro… Chris Newman
- Re: sockets APIs extensions for Host Identity Pro… Chris Newman
- Re: sockets APIs extensions for Host Identity Pro… Miika Komu
- Re: sockets APIs extensions for Host Identity Pro… der Mouse
- Re: sockets APIs extensions for Host Identity Pro… der Mouse
- Re: sockets APIs extensions for Host Identity Pro… der Mouse
- Re: sockets APIs extensions for Host Identity Pro… Miika Komu
- Re: sockets APIs extensions for Host Identity Pro… der Mouse
- Re: sockets APIs extensions for Host Identity Pro… Miika Komu
- Re: sockets APIs extensions for Host Identity Pro… Keith Moore
- Re: sockets APIs extensions for Host Identity Pro… Tony Finch
- Re: sockets APIs extensions for Host Identity Pro… der Mouse
- Re: sockets APIs extensions for Host Identity Pro… Keith Moore
- Re: sockets APIs extensions for Host Identity Pro… Miika Komu
- Re: sockets APIs extensions for Host Identity Pro… der Mouse
- Re: sockets APIs extensions for Host Identity Pro… Tony Finch
- Re: sockets APIs extensions for Host Identity Pro… der Mouse
- Re: sockets APIs extensions for Host Identity Pro… Miika Komu