[Hipsec-rg] meeting minutes posted

oleg.ponomarev at hiit.fi (Oleg Ponomarev) Mon, 12 January 2009 16:15 UTC

From: "oleg.ponomarev at hiit.fi"
Date: Mon, 12 Jan 2009 18:15:39 +0200
Subject: [Hipsec-rg] meeting minutes posted
In-Reply-To: <77F357662F8BFA4CA7074B0410171B6D07B0BC6B@XCH-NW-5V1.nw.nos.boeing.com>
References: <77F357662F8BFA4CA7074B0410171B6D07B0BBE5@XCH-NW-5V1.nw.nos.boeing.com> <alpine.LFD.2.00.0901071641330.12787@stargazer.pc.infrahip.net> <77F357662F8BFA4CA7074B0410171B6D07B0BC6B@XCH-NW-5V1.nw.nos.boeing.com>
Message-ID: <alpine.LFD.2.00.0901121802320.17180@stargazer.pc.infrahip.net>

Hi! On Mon, 12 Jan 2009, Henderson, Thomas R wrote:

> There was some discussion of this about two years ago, when the HIP
> drafts went through secdir review.  See, for instance, this thread:

Thanks for the refs!

>> Actually it would be useful to have IPv6 address space
>> reserved for HIP
>> only, then we could have ip6.arpa pointers etc
>
> In some sense, we have some address space reserved in 2001:10::/28
> (RFC4843).

Yes, but it is common for any types of ORCHID. Therefore if HIP is 
required to modify the ip6.arpa records, it may cause troubles.

> But how do you view that delegation might work in this space, using 
> HITs?

I implemented an access policy for BIND9 (small patch from HIPL source 
needed) that allows DNS updates to 1.0.0.1.0.0.2.ip6.arpa iff they are 
sent from HITs. So Host Identifiers itself are used as keys to 
authenticate the updater.

For example, only 2001:1e:574e:2505:264a:b360:d8cc:1d75 is allowed to 
modify 5.7.d.1.c.c.8.d.0.6.3.b.a.4.6.2.5.0.5.2.e.4.7.5.e.1.0.0.1.0.0.2.IP6.ARPA
PTRs

/* aeris.hiit-nrg.net runs named with that patch */

-- 
Regards, Oleg.

[Hipsec-rg] meeting minutes posted Henderson, Thomas R
[Hipsec-rg] reverse DNS lookups of HITs Henderson, Thomas R
[Hipsec-rg] reverse DNS lookups of HITs Oleg Ponomarev
[Hipsec-rg] reverse DNS lookups of HITs Miika Komu
[Hipsec-rg] reverse DNS lookups of HITs Oleg Ponomarev
[Hipsec-rg] reverse DNS lookups of HITs Andrew McGregor
[Hipsec-rg] reverse DNS lookups of HITs Oleg Ponomarev
[Hipsec-rg] reverse DNS lookups of HITs Andrew McGregor
[Hipsec-rg] reverse DNS lookups of HITs Oleg Ponomarev
[Hipsec-rg] reverse DNS lookups of HITs Xu Xiaohu
[Hipsec-rg] reverse DNS lookups of HITs Henderson, Thomas R
[Hipsec-rg] reverse DNS lookups of HITs Tim Shepard
[Hipsec-rg] reverse DNS lookups of HITs Oleg Ponomarev
[Hipsec-rg] reverse DNS lookups of HITs Henderson, Thomas R
[Hipsec-rg] reverse DNS lookups of HITs Oleg Ponomarev
[Hipsec-rg] reverse DNS lookups of HITs (was RE: … Henderson, Thomas R
[Hipsec-rg] meeting minutes posted Oleg Ponomarev
[Hipsec-rg] meeting minutes posted Henderson, Thomas R
[Hipsec-rg] meeting minutes posted Oleg Ponomarev
[Hipsec-rg] meeting minutes posted Henderson, Thomas R
[Hipsec-rg] reverse DNS lookups of HITs Miika Komu
[Hipsec-rg] meeting minutes posted Oleg Ponomarev