Re: Machine Identity
Dave Crocker <dhc@dcrocker.net> Thu, 28 February 2008 16:01 UTC
Return-Path: <discuss-bounces@ietf.org>
X-Original-To: ietfarch-discuss-archive@core3.amsl.com
Delivered-To: ietfarch-discuss-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C6D9428C8BB; Thu, 28 Feb 2008 08:01:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.879
X-Spam-Level:
X-Spam-Status: No, score=-2.879 tagged_above=-999 required=5 tests=[AWL=-0.280, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IeydnVA5dQlf; Thu, 28 Feb 2008 08:01:42 -0800 (PST)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E66DB28C8AA; Thu, 28 Feb 2008 08:01:37 -0800 (PST)
X-Original-To: discuss@core3.amsl.com
Delivered-To: discuss@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id ADFE228C729 for <discuss@core3.amsl.com>; Thu, 28 Feb 2008 08:01:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jM929mCW67Zi for <discuss@core3.amsl.com>; Thu, 28 Feb 2008 08:01:33 -0800 (PST)
Received: from sbh17.songbird.com (unknown [IPv6:2001:470:1:76:0:ffff:4834:7146]) by core3.amsl.com (Postfix) with ESMTP id 5C37228C73D for <discuss@apps.ietf.org>; Thu, 28 Feb 2008 08:01:32 -0800 (PST)
Received: from [192.168.0.2] (adsl-68-122-124-32.dsl.pltn13.pacbell.net [68.122.124.32]) (authenticated bits=0) by sbh17.songbird.com (8.13.8/8.13.8) with ESMTP id m1SG1IMF002856 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 28 Feb 2008 08:01:23 -0800
Message-ID: <47C6DACE.1060506@dcrocker.net>
Date: Thu, 28 Feb 2008 08:01:18 -0800
From: Dave Crocker <dhc@dcrocker.net>
User-Agent: Thunderbird 2.0.0.12 (Windows/20080213)
MIME-Version: 1.0
To: Stephane Bortzmeyer <bortzmeyer@nic.fr>
Subject: Re: Machine Identity
References: <20080226130527.GA1404@generic-nic.net> <20080228112318.GA23196@nic.fr>
In-Reply-To: <20080228112318.GA23196@nic.fr>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: ClamAV 0.92/6024/Thu Feb 28 05:33:53 2008 on sbh17.songbird.com
X-Virus-Status: Clean
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0 (sbh17.songbird.com [72.52.113.17]); Thu, 28 Feb 2008 08:01:24 -0800 (PST)
Cc: discuss@apps.ietf.org
X-BeenThere: discuss@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: dcrocker@bbiw.net
List-Id: general discussion of application-layer protocols <discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/discuss>, <mailto:discuss-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:discuss@ietf.org>
List-Help: <mailto:discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/discuss>, <mailto:discuss-request@ietf.org?subject=subscribe>
Sender: discuss-bounces@ietf.org
Errors-To: discuss-bounces@ietf.org
Stephane Bortzmeyer wrote: > On Tue, Feb 26, 2008 at 02:05:27PM +0100, > Stephane Bortzmeyer <bortzmeyer@nic.fr> wrote > a message of 19 lines which said: > >> There are solutions for some protocols (SSH keys of RFC 4251 or Host >> Identifiers of HIP in RFC 4423 are two good examples) but no general >> "identity layer" in the Internet architecture. > > An example of an Use Case is given by IKE (RFC 4306). Section 3.5 > lists several possible identities for a machine, and there is not a > clear unique way to define this identity (identities like ID_IPV4_ADDR > are typically a poor way to define a machine on the network). What I found was: "used for policy lookup... may be used by an implementation to perform access control decisions" That means that the identifier must be persistent and public, I believe. It's unlikely that a statistically rare (rather than unique) identifier would be acceptable for this. That means a uniqueness registration process is required. Domain names satisfy these requirements. So what's wrong with using them for the applications you have in mind? d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net
- Re: Machine Identity Dave Crocker
- Machine Identity Stephane Bortzmeyer
- Re: Machine Identity Jeroen Massar
- Re: Machine Identity Stephane Bortzmeyer
- Re: Machine Identity der Mouse
- Re: Machine Identity Stephane Bortzmeyer
- Re: Machine Identity Keith Moore
- Re: Machine Identity der Mouse
- Re: Machine Identity Dave Crocker
- Re: Machine Identity Keith Moore
- Re: Machine Identity Keith Moore
- Re: Machine Identity Dave Crocker
- Re: Machine Identity Dave Crocker
- Re: Machine Identity Keith Moore
- Re: Machine Identity Miika Komu
- Re: Machine Identity Stephane Bortzmeyer
- Re: Machine Identity Juergen Schoenwaelder
- Re: Machine Identity Miika Komu
- Re: Machine Identity Juergen Schoenwaelder
- Re: Machine Identity Balazs Lengyel
- Re: Machine Identity Miika Komu
- Service Identity (Re: Machine Identity) Jeroen Massar
- RE: Service Identity (Re: Machine Identity) David Harrington
- Re: Service Identity (Re: Machine Identity) Jeroen Massar
- Re: Machine Identity Stephane Bortzmeyer
- Re: Machine Identity Dave Crocker
- Re: Service Identity (Re: Machine Identity) Juergen Schoenwaelder
- Re: Machine Identity Stephane Bortzmeyer
- Re: Machine Identity Stephane Bortzmeyer
- Re: Machine Identity Jeroen Massar
- Re: Service Identity (Re: Machine Identity) Jeroen Massar
- Re: Machine Identity Stephane Bortzmeyer
- Re: Machine Identity Jeroen Massar
- Re: Machine Identity Miika Komu
- Re: Machine Identity Dave Crocker
- Re: Machine Identity Dave Crocker
- Re: Machine Identity Frank Ellermann
- Re: Machine Identity Jeroen Massar
- Re: Machine Identity der Mouse
- Re: Service Identity (Re: Machine Identity) Dave Crocker