[Hipsec-rg] re: 答复: 答复: Key Revocation Issue

Hi Andrew,

> It isn't reasonable to assume that each host is associated 
> with a FQDN (unless we make it so, for instance by 
> constructing said FQDN out of the HIT), for the majority of 
> devices.  For example, is my cellphone associated with an 
> FQDN?  If so, is that FQDN at all useful for access, 
> identification or authorisation?  Probably not, since it is 
> under the control of the cellphone carrier; they might be 
> able to use it for some of those purposes, but I can't.
> 
> I believe it to be a design goal of HIP that it should be 
> useful without connectivity to the DNS; DNS record formats 
> and packets may be useful, but HIP itself should not require 
> that any host have an FQDN nor any ability to do DNS queries 
> (except perhaps by querying its immediate HIP peers... and 
> even then, only for information about those peers themselves, 
> in zeroconf style).

Thanks for your comment and I agree with your opinion. 

When source host got the HIT of the destination host,  the HIT needs to be
resolved  to locator through some id/locator mapping system. If the HIT has
no organizational structure, who will run this mapping system? Isn't it lack
of business incentive or security/trust boundary? 

Xiaohu

> > Hi,
> >
> > I absolutely agree that FQDNs cannot directly be used for session 
> > authentication etc.  But we need to clarify that the original 
> > objective of designing HIP is separation of IDs and locators rather 
> > than security. I agree security is an important 
> functionality provided 
> > by HIP. But I am not convinced that HITs cannot be taken placed by 
> > FQDNs just because HIT can be used for security purposes. 
> If so, why 
> > cannot we just associate with each FQDN with a PKI 
> certificate? There 
> > has been lots of work on session authentication using certificates. 
> > This solution seems much easier to be achieved than modifying the 
> > protocol stack.
> >
> > In addition, do you have any idea about whether it is reasonable to 
> > assume that each HIP host is associated with a FQDN?
> >
> > Best wishes,
> >
> > Dacheng Zhang
> >
> >
> >> Excerpts from Zhang Dacheng on Thu, Jan 22, 2009 10:43:02AM +0800:
> >>> I agree that it is an intuitive solution to solve the key
> >> revocation
> >>> issue with DNS. However, my concern is whether it is
> >> reasonable for us
> >>> to assume that every host has a FQDN. If yes, the
> >> importance of HIP is
> >>> largely weakened. We can use FQDN rather than HI to achieve the 
> >>> separation of ID from Locator.
> >>
> >> As far as I can see this isn't true.  Different "identification"
> >> functions have different needs.  You can use a FQDN as an 
> identifier 
> >> for initial discovery of a location, but you cannot use it for 
> >> session authentication or control.  To start with you would be 
> >> subject to man-in-the-middle attacks.
> >>
> >> Scott
> >> _______________________________________________
> >> Hipsec-rg mailing list
> >> Hipsec-rg at listserv.cybertrust.com
> >> https://listserv.cybertrust.com/mailman/listinfo/hipsec-rg
> >
> > _______________________________________________
> > Hipsec-rg mailing list
> > Hipsec-rg at listserv.cybertrust.com
> > https://listserv.cybertrust.com/mailman/listinfo/hipsec-rg
> >
> 
> _______________________________________________
> Hipsec-rg mailing list
> Hipsec-rg at listserv.cybertrust.com
> https://listserv.cybertrust.com/mailman/listinfo/hipsec-rg