IETF Logo Mail Archive

Re: [hiprg] draft-ahrenholz-hiprg-dht-05

"Ahrenholz, Jeffrey M" <jeffrey.m.ahrenholz@boeing.com> Mon, 09 November 2009 20:20 UTC

Return-Path: <jeffrey.m.ahrenholz@boeing.com>
X-Original-To: hiprg@core3.amsl.com
Delivered-To: hiprg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B66A63A6907 for <hiprg@core3.amsl.com>; Mon, 9 Nov 2009 12:20:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.299
X-Spam-Level:
X-Spam-Status: No, score=-6.299 tagged_above=-999 required=5 tests=[AWL=-0.300, BAYES_00=-2.599, J_CHICKENPOX_33=0.6, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BUJXstnzfX7T for <hiprg@core3.amsl.com>; Mon, 9 Nov 2009 12:20:19 -0800 (PST)
Received: from stl-smtpout-01.boeing.com (stl-smtpout-01.boeing.com [130.76.96.56]) by core3.amsl.com (Postfix) with ESMTP id C303E3A67E4 for <hiprg@irtf.org>; Mon, 9 Nov 2009 12:20:19 -0800 (PST)
Received: from slb-av-01.boeing.com (slb-av-01.boeing.com [129.172.13.4]) by stl-smtpout-01.ns.cs.boeing.com (8.14.0/8.14.0/8.14.0/SMTPOUT) with ESMTP id nA9KKjf0023084 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <hiprg@irtf.org>; Mon, 9 Nov 2009 14:20:45 -0600 (CST)
Received: from slb-av-01.boeing.com (localhost [127.0.0.1]) by slb-av-01.boeing.com (8.14.0/8.14.0/DOWNSTREAM_RELAY) with ESMTP id nA9KKidT020304 for <hiprg@irtf.org>; Mon, 9 Nov 2009 12:20:45 -0800 (PST)
Received: from XCH-NWHT-08.nw.nos.boeing.com (xch-nwht-08.nw.nos.boeing.com [130.247.25.112]) by slb-av-01.boeing.com (8.14.0/8.14.0/UPSTREAM_RELAY) with ESMTP id nA9KKiSL020292 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=OK) for <hiprg@irtf.org>; Mon, 9 Nov 2009 12:20:44 -0800 (PST)
Received: from XCH-NW-12V.nw.nos.boeing.com ([130.247.25.248]) by XCH-NWHT-08.nw.nos.boeing.com ([130.247.25.112]) with mapi; Mon, 9 Nov 2009 12:20:44 -0800
From: "Ahrenholz, Jeffrey M" <jeffrey.m.ahrenholz@boeing.com>
To: "Henderson, Thomas R" <thomas.r.henderson@boeing.com>, "hiprg@irtf.org" <hiprg@irtf.org>
Date: Mon, 09 Nov 2009 12:20:43 -0800
Thread-Topic: [hiprg] draft-ahrenholz-hiprg-dht-05
Thread-Index: AcoxeSJ1sL9W6wDySdyPnxQar4OWqgAB0zbgB9n+ZJAEIbpo8A==
Message-ID: <FD98F9C3CBABA74E89B5D4B5DE0263B93781303035@XCH-NW-12V.nw.nos.boeing.com>
References: <0DF156EE7414494187B087A3C279BDB404AD7C9D@XCH-NW-6V1.nw.nos.boeing.com> <AAF2CBF9D2573B45A7ED75C4FFD9883F4B9515A0E7@XCH-NW-10V.nw.nos.boeing.com>
In-Reply-To: <AAF2CBF9D2573B45A7ED75C4FFD9883F4B9515A0E7@XCH-NW-10V.nw.nos.boeing.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [hiprg] draft-ahrenholz-hiprg-dht-05
X-BeenThere: hiprg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "Host Identity Protocol \(HIP\) Research Group" <hiprg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/listinfo/hiprg>, <mailto:hiprg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/hiprg>
List-Post: <mailto:hiprg@irtf.org>
List-Help: <mailto:hiprg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/hiprg>, <mailto:hiprg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Nov 2009 20:20:20 -0000

Tom,

Thanks for your comments, all should be addressed by draft-ahrenholz-hiprg-dht-06.

> Oleg Ponomarev's draft (draft-ponomarev-hip-hit2ip-04.txt) 
> suggests that DNS could be used in some situations, so maybe 
> this statement needs to be relaxed, and a reference added.

relaxed that statement and referenced Oleg's draft

> 2) In section 3, regarding the HIT lookup service, should we 
> allow somehow for the possible extension that a user could 
> put a name record that also had a certificate that bound the 
> name to a HIT?  This may allow security to be introduced into 
> this service, such as:  1) when the server authenticates the 
> put() based on certificate, or 2) when the client 
> authenticates the name-to-HIT binding based on certificate retrieved.

changed the HIT lookup service to use a HDRR with optional CERT TLV

> 3) is it possible for a put() to fail?  If so, how should an 
> implementation handle that event?

added a failure code for the case when HIT verification fails; the other OpenDHT return codes are also covered in the draft
 
> 4) Section 4:  "Note that this HDRR format is different than 
> the HIP RR used by the Domain Name System as defined in 
> [RFC5205]."  It may be helpful to mention here that the 
> reason it is different is that it is a different record from 
> a functional point of view:  in DNS, the query key is a FQDN, 
> and the return value is a HIT, while here, the query key is a HIT.

added this clarification text

> 5) Should the reader of this HDRR verify that the SRC HIT and 
> DST HIT values are correct, and discard if not, or be 
> permissive about these values?

yes, SRC HIT must match HIT_KEY and HI, and DST HIT is NULL

> 6) In the last paragraph of section 4, it starts to describe 
> HIP-aware DHT behavior, but then says that it is out of 
> scope.  What would be required to go ahead and specify the 
> HIP aware interface in this draft?  In this case, the put() 
> may fail (see #3 above) and this failure would need to be 
> conveyed to the client somehow.  Is there anything else 
> required to extend the scope to also allow for HIP-aware DHT servers? 

added such text to the latest draft
for the put(HIT, HDRR), the server verifies that the HIT and SIGNATURE match the include HOST_ID; the server can also verify the optional certificate for the name lookup

> 7) Section 5's title could probably just be simplified to 
> read "Use Cases"

fixed

-Jeff

v2.30.2 | Report a Bug | By Email | System Status