[Hipsec-rg] Key Revocation Issue
thomas.r.henderson at boeing.com (Henderson, Thomas R) Fri, 06 February 2009 15:58 UTC
From: "thomas.r.henderson at boeing.com"
Date: Fri, 06 Feb 2009 07:58:02 -0800
Subject: [Hipsec-rg] Key Revocation Issue
In-Reply-To: <003f01c98410$f93282b0$480c6f0a@china.huawei.com>
References: <77F357662F8BFA4CA7074B0410171B6D07B0BD39@XCH-NW-5V1.nw.nos.boeing.com> <003f01c98410$f93282b0$480c6f0a@china.huawei.com>
Message-ID: <77F357662F8BFA4CA7074B0410171B6D07B0BD96@XCH-NW-5V1.nw.nos.boeing.com>
> -----Original Message----- > From: Zhang Dacheng [mailto:zhangdacheng at huawei.com] > Sent: Saturday, January 31, 2009 6:01 PM > To: Henderson, Thomas R; hipsec-rg at listserv.cybertrust.com > Subject: ??: [Hipsec-rg] Key Revocation Issue > > Hi, > > Very happy to get your feedback. Actually, the requirements > of HIT mapping > are not limited to ACLs. There are still some other scenarios > where HIT > mapping is needed. For example, the components of a current business > application can be developed independently, maintained by different > organizations, combined at runtime, and communicate with asynchronous > messages. A typical collaboration between such two > components can last from > days to months. Therefore, in such a scenario, change of HITs can be > common.(Please refer to the literature of SaaS (software as a > service) and > SOA (service oriented architecture) for more details.) When a > host changes > its HIT, there should be a way to inform other collaborating > asynchronous > hosts of the change. DNS is a potential solution. But my > concern is whether > every host in the HIP architecture should be associated with > a FQDN. In this > point, I agree with Andrew. > https://listserv.cybertrust.com/pipermail/hipsec-rg/2009-Janua > ry/000616.html > . If a host only consumes services provided by other hosts, it is not > reasonable to force the host to apply and maintain an FQDN. > > > > Currently, I am thinking whether > > it is a good > > > way to achieve this objective by extending the functionality of > > > Rendezvous servers. DNS can also be a candidate. > > As I mentioned previously, I am not trying to introduce a > "new" third party. > It is fantastic if DNS service can be provided. But in the > cases there is no > FQDN, we can try to solve the HIT mapping issue by extending the > functionality of Rendezvous servers. In addition, a HIT can > only last for a > very short period (maybe minutes), while it may take time for DNS to > refresh information. In this case, the idea of extending of > Rendezvous > servers seems to be more valuable. > > What do you think about it? Sorry for the delay in responding... I agree that there will be a need to deal with HIT changes in any practical deployment. What I was observing is that, if the HIT is transient, this is all the more reason not to base ACLs on them, but to use rather the long-term stable name. This may also mean that guidance similar to RFC 1958 section 4.1 may apply to HITs, in such use cases: 4.1 Avoid any design that requires addresses to be hard coded or stored on non-volatile storage (except of course where this is an essential requirement as in a name server or configuration server). In general, user applications should use names rather than addresses. Also, if HITs truly need to be revoked due to key compromise, it seems problematic to try to define a framework where one HIT is linked somehow to another so holders of the old HIT can securely find the new HIT, based on HIP mechanisms alone. Tom Tom
- [Hipsec-rg] Hierarchical HITs Xu Xiaohu
- [Hipsec-rg] 答复: Key Revocation Issue Zhang Dacheng
- [Hipsec-rg] Key Revocation Issue Henderson, Thomas R
- [Hipsec-rg] re: 答复: 答复: Key Revocation Issue Xu Xiaohu
- [Hipsec-rg] 答复: 答复: Key Revocation Issue Andrew McGregor
- [Hipsec-rg] 答复: 答复: Key Revocation Issue Zhang Dacheng
- [Hipsec-rg] 答复: Key Revocation Issue Scott Brim
- [Hipsec-rg] 答复: Key Revocation Issue Zhang Dacheng
- [Hipsec-rg] Hierarchical HITs JiangSheng 66104
- [Hipsec-rg] Key Revocation Issue Oleg Ponomarev
- [Hipsec-rg] Hierarchical HITs Oleg Ponomarev
- [Hipsec-rg] 答复: Key Revocation Issue Zhang Dacheng
- [Hipsec-rg] 答复: Key Revocation Issue Zhang Dacheng
- [Hipsec-rg] Key Revocation Issue Miika Komu
- [Hipsec-rg] Key Revocation Issue Zhang Dacheng
- [Hipsec-rg] 答复: Hierarchical HITs Zhang Dacheng
- [Hipsec-rg] 答复: Hierarchical HITs Teemu Koponen
- [Hipsec-rg] Hierarchical HITs JiangSheng 66104
- [Hipsec-rg] Hierarchical HITs Oleg Ponomarev
- [Hipsec-rg] 答复: Hierarchical HITs Zhang Dacheng
- [Hipsec-rg] Hierarchical HITs JiangSheng 66104
- [Hipsec-rg] Hierarchical HITs Julien Laganier
- [Hipsec-rg] Hierarchical HITs Julien Laganier
- [Hipsec-rg] 答复: Hierarchical HITs Julien Laganier
- [Hipsec-rg] Hierarchical HITs Oleg Ponomarev
- [Hipsec-rg] 答复: Hierarchical HITs Sheng Jiang
- [Hipsec-rg] 答复: 答复: Hierarchical HITs Sheng Jiang
- [Hipsec-rg] 答复: Hierarchical HITs Sheng Jiang
- [Hipsec-rg] Hierarchical HITs Oleg Ponomarev
- [Hipsec-rg] Hierarchical HITs (Was: reverse DNS l… JiangSheng 66104
- [Hipsec-rg] Key Revocation Issue Zhang Dacheng
- [Hipsec-rg] Key Revocation Issue Henderson, Thomas R