[Hipsec-rg] 答复: Key Revocation Issue
zhangdacheng at huawei.com (Zhang Dacheng) Thu, 22 January 2009 02:43 UTC
From: "zhangdacheng at huawei.com"
Date: Thu, 22 Jan 2009 10:43:02 +0800
Subject: [Hipsec-rg] 答复: Key Revocation Issue
In-Reply-To: <alpine.LFD.2.00.0901211720370.17180@stargazer.pc.infrahip.net>
Message-ID: <002001c97c3b$255a9d60$480c6f0a@china.huawei.com>
Hi: I agree that it is an intuitive solution to solve the key revocation issue with DNS. However, my concern is whether it is reasonable for us to assume that every host has a FQDN. If yes, the importance of HIP is largely weakened. We can use FQDN rather than HI to achieve the separation of ID from Locator. If no, we need to consider the key revocation issue for the hosts which do not have FQDNs since every host more or less needs to deal with this problem. That is why I mentioned that maybe the functionality of RVS server needs to be enhanced. It is just my personal opinions. Hope to have further discussions on this topic. Best regards Dacheng > -----????----- > ???: Oleg Ponomarev [mailto:oleg.ponomarev at hiit.fi] > ????: 2009?1?21? 23:31 > ???: Zhang Dacheng > ??: hipsec-rg at listserv.cybertrust.com > ??: Re: [Hipsec-rg] Key Revocation Issue > > Hello! On Wed, 21 Jan 2009, Zhang Dacheng wrote: > > > DNS server cannot directly be used to help a user holding a antique > > HIT access the host whose HIT has been changed, unless the user has > > got the FQDN (by reverse DNS lookup of HITs maybe) in advance. > > Why _user_ would need to access the host by its HIT? This is > required for legacy applications, but people should operate > with domain names, IMHO. > > -- > Regards, Oleg. >
- [Hipsec-rg] Hierarchical HITs Xu Xiaohu
- [Hipsec-rg] 答复: Key Revocation Issue Zhang Dacheng
- [Hipsec-rg] Key Revocation Issue Henderson, Thomas R
- [Hipsec-rg] re: 答复: 答复: Key Revocation Issue Xu Xiaohu
- [Hipsec-rg] 答复: 答复: Key Revocation Issue Andrew McGregor
- [Hipsec-rg] 答复: 答复: Key Revocation Issue Zhang Dacheng
- [Hipsec-rg] 答复: Key Revocation Issue Scott Brim
- [Hipsec-rg] 答复: Key Revocation Issue Zhang Dacheng
- [Hipsec-rg] Hierarchical HITs JiangSheng 66104
- [Hipsec-rg] Key Revocation Issue Oleg Ponomarev
- [Hipsec-rg] Hierarchical HITs Oleg Ponomarev
- [Hipsec-rg] 答复: Key Revocation Issue Zhang Dacheng
- [Hipsec-rg] 答复: Key Revocation Issue Zhang Dacheng
- [Hipsec-rg] Key Revocation Issue Miika Komu
- [Hipsec-rg] Key Revocation Issue Zhang Dacheng
- [Hipsec-rg] 答复: Hierarchical HITs Zhang Dacheng
- [Hipsec-rg] 答复: Hierarchical HITs Teemu Koponen
- [Hipsec-rg] Hierarchical HITs JiangSheng 66104
- [Hipsec-rg] Hierarchical HITs Oleg Ponomarev
- [Hipsec-rg] 答复: Hierarchical HITs Zhang Dacheng
- [Hipsec-rg] Hierarchical HITs JiangSheng 66104
- [Hipsec-rg] Hierarchical HITs Julien Laganier
- [Hipsec-rg] Hierarchical HITs Julien Laganier
- [Hipsec-rg] 答复: Hierarchical HITs Julien Laganier
- [Hipsec-rg] Hierarchical HITs Oleg Ponomarev
- [Hipsec-rg] 答复: Hierarchical HITs Sheng Jiang
- [Hipsec-rg] 答复: 答复: Hierarchical HITs Sheng Jiang
- [Hipsec-rg] 答复: Hierarchical HITs Sheng Jiang
- [Hipsec-rg] Hierarchical HITs Oleg Ponomarev
- [Hipsec-rg] Hierarchical HITs (Was: reverse DNS l… JiangSheng 66104
- [Hipsec-rg] Key Revocation Issue Zhang Dacheng
- [Hipsec-rg] Key Revocation Issue Henderson, Thomas R