IETF Logo Mail Archive

[Hipsec-rg] meeting minutes posted

oleg.ponomarev at hiit.fi (Oleg Ponomarev) Mon, 12 January 2009 19:38 UTC

From: "oleg.ponomarev at hiit.fi"
Date: Mon, 12 Jan 2009 21:38:24 +0200
Subject: [Hipsec-rg] meeting minutes posted
In-Reply-To: <77F357662F8BFA4CA7074B0410171B6D07B0BC70@XCH-NW-5V1.nw.nos.boeing.com>
References: <77F357662F8BFA4CA7074B0410171B6D07B0BBE5@XCH-NW-5V1.nw.nos.boeing.com> <alpine.LFD.2.00.0901071641330.12787@stargazer.pc.infrahip.net> <77F357662F8BFA4CA7074B0410171B6D07B0BC6B@XCH-NW-5V1.nw.nos.boeing.com> <alpine.LFD.2.00.0901121802320.17180@stargazer.pc.infrahip.net> <77F357662F8BFA4CA7074B0410171B6D07B0BC70@XCH-NW-5V1.nw.nos.boeing.com>
Message-ID: <alpine.LFD.2.00.0901122112420.17180@stargazer.pc.infrahip.net>

Greetings! On Mon, 12 Jan 2009, Henderson, Thomas R wrote:

>> For example, only 2001:1e:574e:2505:264a:b360:d8cc:1d75 is allowed to 
>> modify 5.7.d.1.c.c.8.d.0.6.3.b.a.4.6.2.5.0.5.2.e.4.7.5.e.1.0.0.1.0.0. 
>> 2.IP6.ARPA PTRs
>
> Functionally, I see how that can work, but operationally, do you propose 
> that the five root servers of ip6.arpa implement and maintain this? Or, 
> presuming that there is a HIP-specific allocation in the future, that 
> there is a global root nameserver or set of nameservers for this HIT 
> space?

The latter, i.e. get delegation for 1.0.0.1.0.0.2.IP6.ARPA (or whatever):
1.0.0.1.0.0.2.IP6.ARPA. 172800	IN	NS	A.OUR-SERVERS.NET.
1.0.0.1.0.0.2.IP6.ARPA. 172800	IN	NS	B.OUR-SERVERS.NET.
1.0.0.1.0.0.2.IP6.ARPA. 172800	IN	NS	C.OUR-SERVERS.NET.

The ip6.arpa nameservers already get those queries when there is HIP 
connection, they just reply with NXDOMAIN.

Why do we need reverse mapping for HITs in general? I would prefer to see 
symbolic domain in logs instead of hex addresses, or put *.my-org.com to 
some access list instead of comma-separated list of HITs and so on.

-- 
Regards, Oleg.

v2.39.1 | Report a Bug | By Email | System Status