[Hipsec-rg] discussion of draft-lee-hip-object-01

gmlee at icu.ac.kr (Gyu Myoung Lee) Mon, 15 December 2008 12:11 UTC

From: "gmlee at icu.ac.kr"
Date: Mon, 15 Dec 2008 13:11:53 +0100
Subject: [Hipsec-rg] discussion of draft-lee-hip-object-01
In-Reply-To: <77F357662F8BFA4CA7074B0410171B6D07B0BBB9@XCH-NW-5V1.nw.nos.boeing.com>
References: <77F357662F8BFA4CA7074B0410171B6D07B0BB86@XCH-NW-5V1.nw.nos.boeing.com> <493D5698.9090307@hiit.fi> <002701c959d0$ba69df20$2f3d9d60$@gov> <77F357662F8BFA4CA7074B0410171B6D07B0BBB0@XCH-NW-5V1.nw.nos.boeing.com> <4940D304.8030706@hiit.fi> <004101c95b80$aa95b810$ffc12830$@ac.kr> <77F357662F8BFA4CA7074B0410171B6D07B0BBB9@XCH-NW-5V1.nw.nos.boeing.com>
Message-ID: <023301c95eae$532cb890$f98629b0$@ac.kr>

Dear All

See detailed answers on questions.

- who (which software processes) is communicating with whom?  A software
process on an RFID reader talking with a centralized controller or
inventory manager, for instance?

HIP Initiator can be a RFID reader which is connected to a RFID tag (object)
using air interface and HIP Responder can be the information server which
stores all information of RFID tags. And then, if this information server
has a role of HIP rendezvous server, a client can directly connect to an
object behind RFID reader.

- does the RFID reader have a host identity that maps to many object
identities, or is it one-to-one?

The RFID reader has one-to-many mapping relationship. So, a host identity of
RFID reader maps onto many object identities.

- how is the binding between object identity and host identity secured,
if at all?

For this point, I do not have any idea at this moment.

- what would be the syntax of representing the Object ID (RFID) in the
HIP protocol data structures?

There is an EPC (Electronic Product Code) for RFID tag. An EPC is simply a
number assigned to an RFID tag representative of an actual electronic
product code. Their value is that they have been carefully characterized and
categorized to embed certain meanings within their structure which include
header, EPC manager number, object class number, and serial number.

- are you concerned about the use case of HIP running over a network
that is not IP-based?  If so, what is HIP establishing if not IPsec
security associations?

For IPsec security associations, HIP will definitely be terminated at the
RFID reader because HIP should be tightly coupled with network layer.
Similar with objects inside server, although each object is located remotely
through air interface with RFID reader, we would like to consider RFID
reader and tag as the same node virtually. 
In this case, we can consider two solutions. 
The one is to put new name space (i.e., object identity) on top of HIP with
RFID reader. This is the same with case #1 in our document. 
The other is that object identity replaces host identity on top of network
layer of RFID reader as we originally suggested (case #2). However, if we
keep the existing Host_ID as we discussed, this one should be reviewed one
more time.

Gyu Myoung Lee

-----Original Message-----
From: Henderson, Thomas R [mailto:thomas.r.henderson at boeing.com] 
Sent: Friday, December 12, 2008 5:36 PM
To: Gyu Myoung Lee
Cc: skjo at etri.re.kr; jkchoi at icu.ac.kr; hipsec-rg at listserv.cybertrust.com
Subject: RE: [Hipsec-rg] discussion of draft-lee-hip-object-01


 

> -----Original Message-----
> From: Gyu Myoung Lee [mailto:gmlee at icu.ac.kr] 
> Sent: Thursday, December 11, 2008 3:07 AM
> To: miika.komu at hiit.fi; Henderson, Thomas R
> Cc: skjo at etri.re.kr; jkchoi at icu.ac.kr; gmlee at icu.ac.kr; 
> hipsec-rg at listserv.cybertrust.com
> Subject: RE: [Hipsec-rg] discussion of draft-lee-hip-object-01
> 
> 
> Dear All
> 
> Origianlly I proposed the extension of "endpoint" to all of 
> objects so that
> each object would be a host. So, I suggested new object identity for
> replacing host identity.
> 
> However, I am not in favor with specific solutions. The most 
> important thing
> is to accomplish the same goals for object-to-object communications.
> 
> If the our proposal has some problems in particular security 
> aspects and we
> want to keep the exisiting Host_ID, as Tom suggested, to specify a new
> Domain Identifier format for the Object ID can be one of good 
> solutions for
> the same objective. In this case, we can also get mapping 
> information for
> each object.

OK, then, a next question I have is how you would envision a specific
use case to be handled.  You had mentioned previously an RFID tag as an
example object.  Typically, these are read by an RFID reader, which I
presume would be the endpoint of communications.  

- who (which software processes) is communicating with whom?  A software
process on an RFID reader talking with a centralized controller or
inventory manager, for instance?
- does the RFID reader have a host identity that maps to many object
identities, or is it one-to-one?
- how is the binding between object identity and host identity secured,
if at all?
- what would be the syntax of representing the Object ID (RFID) in the
HIP protocol data structures?
- are you concerned about the use case of HIP running over a network
that is not IP-based?  If so, what is HIP establishing if not IPsec
security associations?

I think that if you could sketch out with some detail how you envision
one of these specific use cases for your proposal, it would help me and
others to better understand what you would like to see specified.

Tom

[Hipsec-rg] discussion of draft-lee-hip-object-01 Henderson, Thomas R
[Hipsec-rg] discussion of draft-lee-hip-object-01 Gyu Myoung Lee
[Hipsec-rg] discussion of draft-lee-hip-object-01 Henderson, Thomas R
[Hipsec-rg] discussion of draft-lee-hip-object-01 Gyu Myoung Lee
[Hipsec-rg] discussion of draft-lee-hip-object-01 Miika Komu
[Hipsec-rg] discussion of draft-lee-hip-object-01 Henderson, Thomas R
[Hipsec-rg] discussion of draft-lee-hip-object-01 Gyu Myoung Lee
[Hipsec-rg] discussion of draft-lee-hip-object-01 Miika Komu
[Hipsec-rg] discussion of draft-lee-hip-object-01 Henderson, Thomas R