[Hipsec-rg] 答复: Hierarchical HITs

julien.laganier.ietf at googlemail.com (Julien Laganier) Sat, 17 January 2009 06:02 UTC

From: "julien.laganier.ietf at googlemail.com"
Date: Fri, 16 Jan 2009 23:02:41 -0700
Subject: [Hipsec-rg] 答复: Hierarchical HITs
In-Reply-To: <1CC9CAD8FB744ADA82C9A6F4C2AC8B03@JiangXiong>
References: <f832f99e32cca.32ccaf832f99e@huawei.com> <alpine.LFD.2.00.0901152346540.17180@stargazer.pc.infrahip.net> <1CC9CAD8FB744ADA82C9A6F4C2AC8B03@JiangXiong>
Message-ID: <49717481.5030205@googlemail.com>

Sheng Jiang wrote:
>>>>>> I.e. when I change my network provider I will have to change the "HIP
>>>>>> management domain" part in HIT?
>> Sheng, thank you for such a long explanation, but I meant the following
>> example.
>>
>> A customer does not want to pay anymore to Provider_A, whose management
>> tag she has in her HHIT, but Provider_A does the mapping/etc service for
>> her HHIT. So the customer will have to change her identifier (HHIT) in
>> this case, right?
>>
>> I just do not see the reasons to have a new hierarchical space of
>> identifiers. We already have the Internet address space, domain names, SSL
>> certificates and so on. Of course, I might be wrong.
> 
> Yes, we have so many hierarchical identifiers already. They are hierarchical
> for reasons: aggregative, even more important for management purpose. This
> is particularly important for host identity. Will any country allow entrance
> of a man whose identity card is issued by himself only? Will BT give
> services access to a host/device that has its own arbitrary identity? The
> purpose of an identity is to identify itself, the most important, its
> belonging. Our proposal embeds this belonging information into HIT, make the
> HIT meaningful. The receiver or network management plane can easily validate
> it.

Hello Sheng,

If my identifier is bound with one entity in the hierarchy, then I'm
wondering what would be the advantage of using HHIT over traditional DNS
names?

--julien