[Hipsec-rg] Hierarchical HITs

julien.laganier.ietf at googlemail.com (Julien Laganier) Sat, 17 January 2009 06:02 UTC

From: "julien.laganier.ietf at googlemail.com"
Date: Fri, 16 Jan 2009 23:02:59 -0700
Subject: [Hipsec-rg] Hierarchical HITs
In-Reply-To: <D8E864423971478CBA743BECAE60EB4E@JiangXiong>
References: <f832f99e32cca.32ccaf832f99e@huawei.com> <alpine.LFD.2.00.0901152346540.17180@stargazer.pc.infrahip.net> <1CC9CAD8FB744ADA82C9A6F4C2AC8B03@JiangXiong> <49715DE2.9010603@laposte.net> <D8E864423971478CBA743BECAE60EB4E@JiangXiong>
Message-ID: <49717493.4010104@googlemail.com>

Sheng Jiang wrote:
>> Sheng Jiang wrote:
>>>> [...]
>>>>
>>>> I just do not see the reasons to have a new hierarchical space of
>>>> identifiers. We already have the Internet address space, domain names, SSL
>>>> certificates and so on. Of course, I might be wrong.
>>>
>>> Yes, we have so many hierarchical identifiers already. They are hierarchical
>>> for reasons: aggregative, even more important for management purpose. This
>>> is particularly important for host identity. Will any country allow entrance
>>> of a man whose identity card is issued by himself only? Will BT give
>>> services access to a host/device that has its own arbitrary identity?
>>> The purpose of an identity is to identify itself, the most important, its
>>> belonging. Our proposal embeds this belonging information into HIT, make
>>> the HIT meaningful. The receiver or network management plane can easily
>>> validate it.
>>
>> If my identifier is bound with one entity in the hierarchy, then I'm
>> wondering what would be the advantage of using HHIT over traditional DNS
>> names?
> 
> Good question, Julien. However, why do we have to using HHIT over DNS? 

You might have misunderstood my question. My question was, If my
identifier is bound with one entity in the hierarchy, what would be the
advantage of using HHIT as host identifiers, compared to using DNS names
as host identifiers?

> For my understanding, because flat-structure HIT is lack of hierarchy, the best
> way to use it is with hierarchical domain name system. It is different for
> HHIT case. The Hierarchical HIT can be used alone. With its HIP management
> tag, a HHIT can have most of meaning of a domain name only except that it is
> non-human-readable. 

This is exactly the point; If a HHIT has the limitation that:

- it is bound with one entity in the hierarchy compared to a plain HIT
(like a DNS name is)

- is not human readable compared to a DNS name (like a HIT is)

Then why should I use a HHIT as a host identifier? I'm getting all of
the disadvantages of HIT (not readable) or DNS name (bound to an entity
in the hierarchy) but none of their respective advantages, i.e., not
being bound to an entity, or being readble...

> It can be mapped to locator directly.

Not sure I understand what you mean by 'directly' here... If you mean
that I do not need to interogate more than one system to be able to
contact a node, AFAICS a plain domain name also has this property.

Cheers,

--julien