[Hipsec-rg] Hierarchical HITs
julien.laganier.ietf at googlemail.com (Julien Laganier) Sat, 17 January 2009 06:02 UTC
From: "julien.laganier.ietf at googlemail.com"
Date: Fri, 16 Jan 2009 23:02:59 -0700
Subject: [Hipsec-rg] Hierarchical HITs
In-Reply-To: <D8E864423971478CBA743BECAE60EB4E@JiangXiong>
References: <f832f99e32cca.32ccaf832f99e@huawei.com> <alpine.LFD.2.00.0901152346540.17180@stargazer.pc.infrahip.net> <1CC9CAD8FB744ADA82C9A6F4C2AC8B03@JiangXiong> <49715DE2.9010603@laposte.net> <D8E864423971478CBA743BECAE60EB4E@JiangXiong>
Message-ID: <49717493.4010104@googlemail.com>
Sheng Jiang wrote: >> Sheng Jiang wrote: >>>> [...] >>>> >>>> I just do not see the reasons to have a new hierarchical space of >>>> identifiers. We already have the Internet address space, domain names, SSL >>>> certificates and so on. Of course, I might be wrong. >>> >>> Yes, we have so many hierarchical identifiers already. They are hierarchical >>> for reasons: aggregative, even more important for management purpose. This >>> is particularly important for host identity. Will any country allow entrance >>> of a man whose identity card is issued by himself only? Will BT give >>> services access to a host/device that has its own arbitrary identity? >>> The purpose of an identity is to identify itself, the most important, its >>> belonging. Our proposal embeds this belonging information into HIT, make >>> the HIT meaningful. The receiver or network management plane can easily >>> validate it. >> >> If my identifier is bound with one entity in the hierarchy, then I'm >> wondering what would be the advantage of using HHIT over traditional DNS >> names? > > Good question, Julien. However, why do we have to using HHIT over DNS? You might have misunderstood my question. My question was, If my identifier is bound with one entity in the hierarchy, what would be the advantage of using HHIT as host identifiers, compared to using DNS names as host identifiers? > For my understanding, because flat-structure HIT is lack of hierarchy, the best > way to use it is with hierarchical domain name system. It is different for > HHIT case. The Hierarchical HIT can be used alone. With its HIP management > tag, a HHIT can have most of meaning of a domain name only except that it is > non-human-readable. This is exactly the point; If a HHIT has the limitation that: - it is bound with one entity in the hierarchy compared to a plain HIT (like a DNS name is) - is not human readable compared to a DNS name (like a HIT is) Then why should I use a HHIT as a host identifier? I'm getting all of the disadvantages of HIT (not readable) or DNS name (bound to an entity in the hierarchy) but none of their respective advantages, i.e., not being bound to an entity, or being readble... > It can be mapped to locator directly. Not sure I understand what you mean by 'directly' here... If you mean that I do not need to interogate more than one system to be able to contact a node, AFAICS a plain domain name also has this property. Cheers, --julien
- [Hipsec-rg] Hierarchical HITs Xu Xiaohu
- [Hipsec-rg] 答复: Key Revocation Issue Zhang Dacheng
- [Hipsec-rg] Key Revocation Issue Henderson, Thomas R
- [Hipsec-rg] re: 答复: 答复: Key Revocation Issue Xu Xiaohu
- [Hipsec-rg] 答复: 答复: Key Revocation Issue Andrew McGregor
- [Hipsec-rg] 答复: 答复: Key Revocation Issue Zhang Dacheng
- [Hipsec-rg] 答复: Key Revocation Issue Scott Brim
- [Hipsec-rg] 答复: Key Revocation Issue Zhang Dacheng
- [Hipsec-rg] Hierarchical HITs JiangSheng 66104
- [Hipsec-rg] Key Revocation Issue Oleg Ponomarev
- [Hipsec-rg] Hierarchical HITs Oleg Ponomarev
- [Hipsec-rg] 答复: Key Revocation Issue Zhang Dacheng
- [Hipsec-rg] 答复: Key Revocation Issue Zhang Dacheng
- [Hipsec-rg] Key Revocation Issue Miika Komu
- [Hipsec-rg] Key Revocation Issue Zhang Dacheng
- [Hipsec-rg] 答复: Hierarchical HITs Zhang Dacheng
- [Hipsec-rg] 答复: Hierarchical HITs Teemu Koponen
- [Hipsec-rg] Hierarchical HITs JiangSheng 66104
- [Hipsec-rg] Hierarchical HITs Oleg Ponomarev
- [Hipsec-rg] 答复: Hierarchical HITs Zhang Dacheng
- [Hipsec-rg] Hierarchical HITs JiangSheng 66104
- [Hipsec-rg] Hierarchical HITs Julien Laganier
- [Hipsec-rg] Hierarchical HITs Julien Laganier
- [Hipsec-rg] 答复: Hierarchical HITs Julien Laganier
- [Hipsec-rg] Hierarchical HITs Oleg Ponomarev
- [Hipsec-rg] 答复: Hierarchical HITs Sheng Jiang
- [Hipsec-rg] 答复: 答复: Hierarchical HITs Sheng Jiang
- [Hipsec-rg] 答复: Hierarchical HITs Sheng Jiang
- [Hipsec-rg] Hierarchical HITs Oleg Ponomarev
- [Hipsec-rg] Hierarchical HITs (Was: reverse DNS l… JiangSheng 66104
- [Hipsec-rg] Key Revocation Issue Zhang Dacheng
- [Hipsec-rg] Key Revocation Issue Henderson, Thomas R