[Hipsec] Question about multiple HIs for a single host
WongErnuz <runzewong@hotmail.com> Wed, 06 August 2008 07:24 UTC
Return-Path: <hipsec-bounces@ietf.org>
X-Original-To: hip-archive@lists.ietf.org
Delivered-To: ietfarch-hip-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EB1B73A691E; Wed, 6 Aug 2008 00:24:21 -0700 (PDT)
X-Original-To: hipsec@core3.amsl.com
Delivered-To: hipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E24D43A6820 for <hipsec@core3.amsl.com>; Wed, 6 Aug 2008 00:19:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 2.452
X-Spam-Level: **
X-Spam-Status: No, score=2.452 tagged_above=-999 required=5 tests=[BAYES_50=0.001, HTML_MESSAGE=0.001, MIME_CHARSET_FARAWAY=2.45]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Jh5IwjG-+ca1 for <hipsec@core3.amsl.com>; Wed, 6 Aug 2008 00:19:48 -0700 (PDT)
Received: from bay0-omc1-s21.bay0.hotmail.com (bay0-omc1-s21.bay0.hotmail.com [65.54.246.93]) by core3.amsl.com (Postfix) with ESMTP id 155143A6AA5 for <hipsec@ietf.org>; Wed, 6 Aug 2008 00:19:31 -0700 (PDT)
Received: from BAY117-W22 ([207.46.8.57]) by bay0-omc1-s21.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959); Wed, 6 Aug 2008 00:19:30 -0700
Message-ID: <BAY117-W22C0B0DAD338067FA572D8A87A0@phx.gbl>
X-Originating-IP: [218.2.216.25]
From: WongErnuz <runzewong@hotmail.com>
To: hipsec@ietf.org
Date: Wed, 06 Aug 2008 15:19:30 +0800
Importance: Normal
MIME-Version: 1.0
X-OriginalArrivalTime: 06 Aug 2008 07:19:30.0853 (UTC) FILETIME=[C4C51550:01C8F794]
Subject: [Hipsec] Question about multiple HIs for a single host
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/hipsec>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============2056618350=="
Sender: hipsec-bounces@ietf.org
Errors-To: hipsec-bounces@ietf.org
Hi! I've been reading drafts on HIP and related papaers, and I kinda got the idea that it is OK for a single host to possess multiple HIs (is that really possible?). If so, I think there has to be a one-to-one binding relationship between a certain HI and a FQDN, otherwise, when a peer host needs to extract the sender's HI from the DNS according to the received FQDN to check the signature, wouldn't it be possible for the host to obtain multiple HIs all at once? (since the sender has many HIs itself) Therefore, how is the host supposed to know which one to use? If HIP RR contains HIT in addition to HI, the receiver can compare the HIT received in the header with each of the HITs obtained from DNS to find the corresponding HI the sender is currently using with the FQDN. However, since HIT provision is optional in DNS, I think it is necessary to recommend each host use a unique HI for a particular FQDN to avoid the one-to-many mapping. Am I right? I'm sorry if the quesiton seems stupid; I'm new on this... _________________________________________________________________ 快来看看这些猫咪有多逗,爆笑! http://cnweb.search.live.com/video/results.aspx?q=%E5%8F%AF%E7%88%B1%E7%8C%AB%E5%92%AA&Form=MEVHAA
_______________________________________________ Hipsec mailing list Hipsec@ietf.org https://www.ietf.org/mailman/listinfo/hipsec
- [Hipsec] Question about multiple HIs for a single… WongErnuz
- [Hipsec] Question about multiple HIs for a single… WongErnuz
- Re: [Hipsec] Question about multiple HIs for a si… Jan Mikael Melen