[Hipsec-rg] discussion of draft-lee-hip-object-01

Dear All

Origianlly I proposed the extension of "endpoint" to all of objects so that
each object would be a host. So, I suggested new object identity for
replacing host identity.

However, I am not in favor with specific solutions. The most important thing
is to accomplish the same goals for object-to-object communications.

If the our proposal has some problems in particular security aspects and we
want to keep the exisiting Host_ID, as Tom suggested, to specify a new
Domain Identifier format for the Object ID can be one of good solutions for
the same objective. In this case, we can also get mapping information for
each object.

Gyu Myoung Lee

-----Original Message-----
From: hipsec-rg-bounces at listserv.cybertrust.com
[mailto:hipsec-rg-bounces at listserv.cybertrust.com] On Behalf Of Miika Komu
Sent: Thursday, December 11, 2008 9:45 AM
To: Henderson, Thomas R
Cc: skjo at etri.re.kr; jkchoi at icu.ac.kr; Gyu Myoung Lee;
hipsec-rg at listserv.cybertrust.com
Subject: Re: [Hipsec-rg] discussion of draft-lee-hip-object-01

Henderson, Thomas R wrote:

Hi,

>> -----Original Message-----
>> From: Gyu Myoung Lee [mailto:gmlee at nist.gov] 
>> Sent: Monday, December 08, 2008 11:36 PM
>> To: miika.komu at hiit.fi; hipsec-rg at listserv.cybertrust.com
>> Cc: jkchoi at icu.ac.kr; skjo at etri.re.kr; gurtov at hiit.fi; 
>> Henderson, Thomas R
>> Subject: RE: [Hipsec-rg] discussion of draft-lee-hip-object-01
>>
>>
>> Dear All,
>>
>> As I already presented at Minneapolis meeting, there are 
>> recent trends in
>> order to specify the object-to-object communications in relevant
>> standardization bodies for future challenging work. Regarding 
>> this, although
>> we have alternative solutions, I believe that to extend the 
>> current HIP for
>> supporting all of objects is right direction.
>>
>> Currently the basic concept and several considerations, etc 
>> are already
>> specified in this document. However, for more technical 
>> details, I expect
>> many experts to actively participate in the drafting work 
>> after adopting as
>> one of RG items.
> 
> I have a question about this draft, for the authors.
> 
> If I understand correctly, one way to restate the problem is that you
> are interested in extending HIP to allow for objects other than host
> TCP/IP stacks to be named; that you really would like HIP to be extended
> such that "Host" could be extended to include "Object" or as suggested
> at the RG meeting, "Endpoint".  Please clarify if this is an incorrect
> perspective on what you are requesting.
> 
> However (and I think Bob and Andrew made this point at the RG meeting),
> it seems that rather than replace the host identifier with an object
> identifier (which may or may not have cryptographic properties), one
> could perhaps instead ensure that the thing put into the Host Identity
> of the HOST_ID parameter was still a public key, and that the Domain
> Identifier could be changed.
> 
> That is, your draft proposes the following:
> 
>    o Object_ID (newly defined from HOST_ID of HIP) 
> 
>     0                   1                   2                   3 
>     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 
>     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 
>     |             Type              |             Length            | 
>     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 
>     |          OI Length            |DI-type|      DI Length        | 
>     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 
>     |                        Object Identity                        / 
>     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 
>     /                               |         Domain Identifier     / 
>     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 
>     /                                               |    Padding    | 
>     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 
> 
> 
> However, an alternative would be to keep the existing HOST_ID:
> 
> 5.2.8.  HOST_ID
> 
>        0                   1                   2                   3
>        0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
>       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>       |             Type              |             Length            |
>       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>       |          HI Length            |DI-type|      DI Length        |
>       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>       |                         Host Identity                         /
>       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>       /                               |         Domain Identifier     /
>       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>       /                                               |    Padding    |
>       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
> 
> and add the following new DI-type:
> 
>    The following DI-types have been defined:
> 
>           Type                    Value
>           none included           0
>           FQDN                    1
>           NAI                     2
> +         Object ID               3
> 
> and then specify a new Domain Identifier format for the Object ID.
> 
> Would that accomplish the same goal, and if not, why not?  Because if it
> were to accomplish your goal, then HIP (security properties) would not
> really need to be changed as drastically.

I would be in favor of reusing the current format of host ids as 
suggested by Tom.

_______________________________________________
Hipsec-rg mailing list
Hipsec-rg at listserv.cybertrust.com
https://listserv.cybertrust.com/mailman/listinfo/hipsec-rg