[Hipsec] Question about multiple HIs for a single host
WongErnuz <runzewong@hotmail.com> Wed, 06 August 2008 07:49 UTC
Return-Path: <hipsec-bounces@ietf.org>
X-Original-To: hip-archive@lists.ietf.org
Delivered-To: ietfarch-hip-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5767A3A6916; Wed, 6 Aug 2008 00:49:28 -0700 (PDT)
X-Original-To: hipsec@core3.amsl.com
Delivered-To: hipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E62E33A6916 for <hipsec@core3.amsl.com>; Wed, 6 Aug 2008 00:49:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 2.405
X-Spam-Level: **
X-Spam-Status: No, score=2.405 tagged_above=-999 required=5 tests=[AWL=-0.047, BAYES_50=0.001, HTML_MESSAGE=0.001, MIME_CHARSET_FARAWAY=2.45]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mLQGncaPFvzq for <hipsec@core3.amsl.com>; Wed, 6 Aug 2008 00:49:25 -0700 (PDT)
Received: from bay0-omc1-s32.bay0.hotmail.com (bay0-omc1-s32.bay0.hotmail.com [65.54.246.104]) by core3.amsl.com (Postfix) with ESMTP id EB4853A67AD for <hipsec@ietf.org>; Wed, 6 Aug 2008 00:49:25 -0700 (PDT)
Received: from BAY117-W38 ([207.46.8.73]) by bay0-omc1-s32.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959); Wed, 6 Aug 2008 00:49:22 -0700
Message-ID: <BAY117-W38A2898040E1D15AB5C91DA87A0@phx.gbl>
X-Originating-IP: [218.2.216.25]
From: WongErnuz <runzewong@hotmail.com>
To: hipsec@ietf.org
Date: Wed, 06 Aug 2008 15:49:22 +0800
Importance: Normal
MIME-Version: 1.0
X-OriginalArrivalTime: 06 Aug 2008 07:49:22.0739 (UTC) FILETIME=[F0D13030:01C8F798]
Subject: [Hipsec] Question about multiple HIs for a single host
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/hipsec>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============1372469054=="
Sender: hipsec-bounces@ietf.org
Errors-To: hipsec-bounces@ietf.org
Hi! I've been reading drafts on HIP and related papaers, and I kinda got the idea that it is OK for a single host to possess multiple HIs (is that really possible?). If so, I think there has to be a one-to-one binding relationship between a certain HI and a FQDN, otherwise, when a peer host needs to extract the sender's HI from the DNS according to the received FQDN to check the signature, wouldn't it be possible for the host to obtain multiple HIs all at once? (since the sender has many HIs itself) Therefore, how is the host supposed to know which one to use? If HIP RR contains HIT in addition to HI, the receiver can compare the HIT received in the header with each of the HITs obtained from DNS to find the corresponding HI the sender is currently using with the FQDN. However, since HIT provision is optional in DNS, I think it is necessary to recommend each host use a unique HI for a particular FQDN to avoid the one-to-many mapping. Am I right? I'm sorry if the quesiton seems stupid; I'm new on this... _________________________________________________________________ 看MSN史诗巨片,票选人气角色,赢取PSP等诸多好礼! http://im.msn.cn/
_______________________________________________ Hipsec mailing list Hipsec@ietf.org https://www.ietf.org/mailman/listinfo/hipsec
- [Hipsec] Question about multiple HIs for a single… WongErnuz
- [Hipsec] Question about multiple HIs for a single… WongErnuz
- Re: [Hipsec] Question about multiple HIs for a si… Jan Mikael Melen