Re: [Hipsec] HIT to IP in DNS
"Henderson, Thomas R" <thomas.r.henderson@boeing.com> Wed, 21 January 2009 16:10 UTC
Return-Path: <hipsec-bounces@ietf.org>
X-Original-To: hip-archive@lists.ietf.org
Delivered-To: ietfarch-hip-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3B2243A6BE7; Wed, 21 Jan 2009 08:10:24 -0800 (PST)
X-Original-To: hipsec@core3.amsl.com
Delivered-To: hipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7A31028C154 for <hipsec@core3.amsl.com>; Wed, 21 Jan 2009 08:10:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.689
X-Spam-Level:
X-Spam-Status: No, score=-5.689 tagged_above=-999 required=5 tests=[AWL=0.910, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dmyapImqcB+7 for <hipsec@core3.amsl.com>; Wed, 21 Jan 2009 08:10:17 -0800 (PST)
Received: from stl-smtpout-01.boeing.com (stl-smtpout-01.boeing.com [130.76.96.56]) by core3.amsl.com (Postfix) with ESMTP id 860513A699F for <hipsec@ietf.org>; Wed, 21 Jan 2009 08:10:17 -0800 (PST)
Received: from blv-av-01.boeing.com (blv-av-01.boeing.com [130.247.48.231]) by stl-smtpout-01.ns.cs.boeing.com (8.14.0/8.14.0/8.14.0/SMTPOUT) with ESMTP id n0LG9lWq011027 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Wed, 21 Jan 2009 10:09:48 -0600 (CST)
Received: from blv-av-01.boeing.com (localhost [127.0.0.1]) by blv-av-01.boeing.com (8.14.0/8.14.0/DOWNSTREAM_RELAY) with ESMTP id n0LG9kk6014982; Wed, 21 Jan 2009 08:09:46 -0800 (PST)
Received: from XCH-NWBH-11.nw.nos.boeing.com (xch-nwbh-11.nw.nos.boeing.com [130.247.55.84]) by blv-av-01.boeing.com (8.14.0/8.14.0/UPSTREAM_RELAY) with ESMTP id n0LG9jQ1014893; Wed, 21 Jan 2009 08:09:46 -0800 (PST)
Received: from XCH-NW-5V1.nw.nos.boeing.com ([130.247.55.44]) by XCH-NWBH-11.nw.nos.boeing.com with Microsoft SMTPSVC(6.0.3790.3959); Wed, 21 Jan 2009 08:09:35 -0800
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Date: Wed, 21 Jan 2009 08:09:34 -0800
Message-ID: <77F357662F8BFA4CA7074B0410171B6D07B0BCD6@XCH-NW-5V1.nw.nos.boeing.com>
In-Reply-To: <alpine.LFD.2.00.0901200059400.17180@stargazer.pc.infrahip.net>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [Hipsec] HIT to IP in DNS
Thread-Index: Acl6i7U8OYR9FCdDQ1S1+W33gCAO4wBVG4Fg
References: <alpine.LFD.2.00.0901200059400.17180@stargazer.pc.infrahip.net>
From: "Henderson, Thomas R" <thomas.r.henderson@boeing.com>
To: Oleg Ponomarev <oleg.ponomarev@hiit.fi>, hipsec@ietf.org
X-OriginalArrivalTime: 21 Jan 2009 16:09:35.0328 (UTC) FILETIME=[A71CD600:01C97BE2]
Subject: Re: [Hipsec] HIT to IP in DNS
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/hipsec>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: hipsec-bounces@ietf.org
Errors-To: hipsec-bounces@ietf.org Hi Oleg,
A few comments below. > -----Original Message----- > From: Oleg Ponomarev [mailto:oleg.ponomarev@hiit.fi] > Sent: Monday, January 19, 2009 3:14 PM > To: hipsec@ietf.org > Subject: [Hipsec] HIT to IP in DNS > > Hi! > > I just submitted an initial version of a draft[1] to specify > one of the > methods used in HIPL[2] to do the HIT->current IP addresses > resolution. > This is needed to run legacy applications. I disagree that this is strictly needed to run legacy applications. Perhaps "may be useful" instead of "needed"? > > Briefly: query A/AAAA > 8.7.6.5.4.3.2.1.0.f.e.d.c.b.a.9.8.7.6.5.4.3.2.1.0.1. > 0.0.1.0.0.2.hit-to-ip.example.net. and allow their changes from the > corresponding HIT. > > Your comments are appreciated as usual. You are really talking about defining domain names based on HITs and storing them in a well known domain. Maybe the title could be simplified to "Storing HITs as domain names in the DNS". What if the target end system uses an RVS? 2.1. Preconfigured Domain The systems using this method MUST have the same domain pre- configured, for example hit-to-ip.example.net. It seems like this could be slightly relaxed to state that systems MUST share at least one top-level domain storing the HITs, since it is conceivable that more than one server (name service provider) could be used, and records could be looked up at multiple places. 2.4 Managing the Records The system MAY send DNS UPDATE[RFC2136] to the server provided by SOA MNAME field of the domain. The system MUST use HIT as the source address in this case. Can you clarify what "source address" you are talking about above? The system MAY add or delete A/AAAA or CNAME records for its own HIT representation. The domain provided in SOA MNAME field of the preconfigured domain MUST have Host Identity of the server stored in DNS, the IP addresses MUST be listed in that domain using suggested method and the server MUST accept DNS UPDATE messages, which add or delete A/AAAA or CNAME records for the HIT representation of the client after successfull HIP base exchange. It might be helpful to clarify that the HIP base exchange here serves to authenticate the origin of the DNS UPDATE, from the server's perspective. Also, DHTs are an alternative lookup mechanism that can be used in this scenario; it would be helpful to reference that draft: http://tools.ietf.org/html/draft-ahrenholz-hiprg-dht-03 - Tom _______________________________________________ Hipsec mailing list Hipsec@ietf.org https://www.ietf.org/mailman/listinfo/hipsec
- [Hipsec] HIT to IP in DNS Oleg Ponomarev
- Re: [Hipsec] HIT to IP in DNS Henderson, Thomas R