[Hipsec-rg] 答复: Key Revocation Issue

zhangdacheng at huawei.com (Zhang Dacheng) Thu, 22 January 2009 02:43 UTC

From: "zhangdacheng at huawei.com"
Date: Thu, 22 Jan 2009 10:43:02 +0800
Subject: [Hipsec-rg] 答复: Key Revocation Issue
In-Reply-To: <alpine.LFD.2.00.0901211720370.17180@stargazer.pc.infrahip.net>
Message-ID: <002001c97c3b$255a9d60$480c6f0a@china.huawei.com>


I agree that it is an intuitive solution to solve the key revocation issue
with DNS. However, my concern is whether it is reasonable for us to assume
that every host has a FQDN. If yes, the importance of HIP is largely
weakened. We can use FQDN rather than HI to achieve the separation of ID
from Locator. If no, we need to consider the key revocation issue for the
hosts which do not have FQDNs since every host more or less needs to deal
with this problem. That is why I mentioned that maybe the functionality of
RVS server needs to be enhanced.

It is just my personal opinions. Hope to have further discussions on this

Best regards


> -----????-----
> ???: Oleg Ponomarev [mailto:oleg.ponomarev at hiit.fi] 
> ????: 2009?1?21? 23:31
> ???: Zhang Dacheng
> ??: hipsec-rg at listserv.cybertrust.com
> ??: Re: [Hipsec-rg] Key Revocation Issue
> Hello! On Wed, 21 Jan 2009, Zhang Dacheng wrote:
> > DNS server cannot directly be used to help a user holding a antique 
> > HIT access the host whose HIT has been changed, unless the user has 
> > got the FQDN (by reverse DNS lookup of HITs maybe) in advance.
> Why _user_ would need to access the host by its HIT? This is 
> required for legacy applications, but people should operate 
> with domain names, IMHO.
> --
> Regards, Oleg.