IETF Logo Mail Archive

Re: sockets APIs extensions for Host Identity Protocol

Keith Moore <moore@cs.utk.edu> Fri, 11 May 2007 20:09 UTC

Return-path: <discuss-bounces@apps.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HmbQo-0006Le-2N; Fri, 11 May 2007 16:09:38 -0400
Received: from discuss by megatron.ietf.org with local (Exim 4.43) id 1HmbQm-0006LZ-NL for discuss-confirm+ok@megatron.ietf.org; Fri, 11 May 2007 16:09:36 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HmbQl-0006L5-TB for discuss@apps.ietf.org; Fri, 11 May 2007 16:09:35 -0400
Received: from ka.cs.utk.edu ([160.36.56.221]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HmbQj-0007P2-Fh for discuss@apps.ietf.org; Fri, 11 May 2007 16:09:35 -0400
Received: from localhost (localhost [127.0.0.1]) by ka.cs.utk.edu (Postfix) with ESMTP id 05B04CB3D9; Fri, 11 May 2007 16:09:32 -0400 (EDT)
X-Virus-Scanned: by amavisd-new with ClamAV and SpamAssasin at cs.utk.edu
Received: from ka.cs.utk.edu ([127.0.0.1]) by localhost (ka.cs.utk.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6ERfAfN8qLdz; Fri, 11 May 2007 16:09:28 -0400 (EDT)
Received: from lust.indecency.org (user-119b1dm.biz.mindspring.com [66.149.133.182]) by ka.cs.utk.edu (Postfix) with ESMTP id 5EB6DCB3D8; Fri, 11 May 2007 16:09:27 -0400 (EDT)
Message-ID: <4644CD76.10900@cs.utk.edu>
Date: Fri, 11 May 2007 16:09:26 -0400
From: Keith Moore <moore@cs.utk.edu>
User-Agent: Thunderbird 2.0.0.0 (Macintosh/20070326)
MIME-Version: 1.0
To: Miika Komu <miika@iki.fi>
Subject: Re: sockets APIs extensions for Host Identity Protocol
References: <Pine.SOL.4.64.0705041801060.14418@kekkonen.cs.hut.fi> <20070507082737.GB21759@nic.fr> <46413DD7.8020702@cs.utk.edu> <20070509121703.GA21070@nic.fr> <4641CA52.70504@cs.utk.edu> <Pine.LNX.4.64.0705091449360.26169@hermes-1.csi.cam.ac.uk> <4641D94C.9070304@cs.utk.edu> <Pine.SOL.4.64.0705102013550.10049@kekkonen.cs.hut.fi> <46436B10.5090706@cs.utk.edu> <Pine.SOL.4.64.0705102159020.10049@kekkonen.cs.hut.fi> <4643F873.3000501@cs.utk.edu> <Pine.SOL.4.64.0705110851440.24038@kekkonen.cs.hut.fi> <46442588.7020405@cs.utk.edu> <Pine.SOL.4.64.0705111344130.16213@kekkonen.cs.hut.fi> <4644779F.60805@cs.utk.edu> <Pine.SOL.4.64.0705111801430.8816@kekkonen.cs.hut.fi>
In-Reply-To: <Pine.SOL.4.64.0705111801430.8816@kekkonen.cs.hut.fi>
X-Enigmail-Version: 0.95.0
OpenPGP: id=E1473978
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.1 (/)
X-Scan-Signature: 73734d43604d52d23b3eba644a169745
Cc: discuss@apps.ietf.org
X-BeenThere: discuss@apps.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: general discussion of application-layer protocols <discuss.apps.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/discuss>, <mailto:discuss-request@apps.ietf.org?subject=unsubscribe>
List-Post: <mailto:discuss@apps.ietf.org>
List-Help: <mailto:discuss-request@apps.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/discuss>, <mailto:discuss-request@apps.ietf.org?subject=subscribe>
Errors-To: discuss-bounces@apps.ietf.org

>> the same argument applies.  If I want to specify that I'm connecting to
>> a HIT, I don't want to use a sockaddr_in6 structure to do that and have
>> it somehow magically know the difference between a HIT and an IPv6
>> address.  I want to use a sockaddr_hit structure for that.  That way, I
>> get a clean separation of layers, with all that that implies - better
>> ability to distinguish errors from different layers and handle each
>> appropriately, clearer visibility to the programmer as to what's
>> happening underneath the API, etc.
>
> Ok. Would you be fine with having a new address family (AF_HIP) to
> separate between sockaddr_hip and sockaddr_in6?
yes, I think that would be appropriate.
>>>> I must have missed the point of locally-scoped identifiers.  I thought
>>>> it was so that you could fit a pseudo-HIT into 32 bits and pretend it
>>>> was an IPv4 address for the sake of backward compatibility.
>>>
>>> Yes. There can be two types of "pseudo-HITs":
>>>
>>> Local Scope Identifier (HIP legacy apps draft):
>>> * Looks like an IPv4 address
>>> * Might even have a locally configured prefix to separate between a LSI
>>>   and non-LSI address
>>>
>>> Endpoint descriptor (HIP native apps draft):
>>> * Looks more like a FD (increasing or random number)
>>> * No prefix
>>
>> I don't immediately see the purpose of the latter type of pseudo-HIT?
>> (guess I should go dig up the draft...)
>
> I don't see any reason to give HIP aware applications LSIs that look
> like IPv4 addresses but are actually presenting HITs. Here's also a
> couple of short slide sets:
>
> http://www3.ietf.org/proceedings/05aug/slides/apparea-3.pdf
> http://www3.ietf.org/proceedings/06jul/slides/hip-2.pdf
>
> And some future research extensions for the endpoint descriptors:
>
> http://kathrin.dagstuhl.de/files/Materials/06/06441/06441.KomuMiika.Abstract.txt
>
> http://kathrin.dagstuhl.de/files/Materials/06/06441/06441.KomuMiika.Slides.pdf
>

thanks, I'll take a look.
>>> What kind of redirect servers are we talking about?
>>
>> I haven't keep track of the HIP discussions on this topic, so I don't
>> know what they're being called.  but at one time there was an idea that
>> you could have a server that could be associated with a HIT that would
>> securely be updated with current IP addresses for that HIT, and which
>> could securely tell peers of that HIT when the host associated with the
>> HIT had moved.  (those servers would need to be located at relatively
>> stable addresses).  you'd want to be able to discover those servers
>> through DNS or a similar mechanism.
>
> I think you are talking about rendezvous server that are similar to
> the home agents in MobileIP.
yes, I think that's the term that was being used last time I heard it
mentioned.
>> we're a very long way from being able to trust a kernel to make
>> effective address selection across a wide variety of network
>> environments and application requirements.  until we get there, the
>> addresses need to be exposed to the application, and the application
>> needs to be able to specify which addresses are allowed to be used.  if
>> nothing else, you're going to need that for diagnostics.  if some user
>> tells his sysadmin that his program can't connect to HIT xxxx, the
>> sysadmin has no way to know how to debug the problem.  if instead the
>> message is "cannot connect to HIT xxxx at address yyyy", a traceroute to
>> yyyy might yield some useful information.
>>
>> granted, however, that the sockaddr_hit structure can only communicate
>> the IP addresses at which the peer with that HIT might initially be
>> found.   once the connection is established, all assumptions about the
>> HIT-to-IP bindings that were established in sockaddr_hit are invalid.
>
> Are you fine with a sockaddr_hit structure that contains only the HIT
> and letting a getsockopt() call to figure out the IP addresses in the
> context of HIP aware applications? (I think getsockname and
> getpeername should return the HITs.) 
if the sockaddr_hit structure contains only the HIT, how is the kernel
going to know where it can contact that peer?  It has to get one or more
IP addresses from somewhere. 

Keith

v2.23.0 | Report a Bug | By Email