[Hipsec-rg] reverse DNS lookups of HITs

shengjiang at huawei.com (JiangSheng 66104) Thu, 15 January 2009 11:05 UTC

From: "shengjiang at huawei.com"
Date: Thu, 15 Jan 2009 19:05:10 +0800
Subject: [Hipsec-rg] reverse DNS lookups of HITs
In-Reply-To: <77F357662F8BFA4CA7074B0410171B6D07B0BC7C@XCH-NW-5V1.nw.nos.boeing.com>
References: <f808bd0c3515b.3515bf808bd0c@huawei.com> <77F357662F8BFA4CA7074B0410171B6D07B0BC7C@XCH-NW-5V1.nw.nos.boeing.com>
Message-ID: <f9f6908d31016.31016f9f6908d@huawei.com>

> Regarding your proposal:
> 
>   For index and resolution purposes, HITs are aggregatable with 
>   management domain tags of arbitrary bit-length, similar to IPv4 
>   addresses under Classless Inter-Domain Routing [RFC4632]. 
> ...
>   The most important security property of HIT is that it is self-
>   certifying (i.e., given a HIT, it is computationally hard to 
> find a 
>   Host Identity key that matches the HIT). Although this document 
>   limits the hash output to be 94-bit long, it does not affect the 
> self
>   certifying security property. 
> 
> It seems to me that this self-certifying property is lost if one
> prepends an unsecured management domain tag.  There is nothing 
> stoppinga malicious node from using management domain tags of its 
> choosing to
> evade ACLs that are based on management domain tags.  

You are right here.

However, as it is a ongoing proposal, we are planning to improve this in the future version, by including management domain tag as a part of input for hash algorthim. This will bind management domain tag with other security properties, like what CGA does. Hence, the ACL that are based on managment domain tags can verify a HHIT (for example, using trust anchor, etc.) without recording every HIT in its list.

Best regards,

Sheng