[Hipsec-rg] 答复: Key Revocation Issue
swb at employees.org (Scott Brim) Thu, 22 January 2009 13:29 UTC
From: "swb at employees.org"
Date: Thu, 22 Jan 2009 08:29:50 -0500
Subject: [Hipsec-rg] 答复: Key Revocation Issue
In-Reply-To: <002001c97c3b$255a9d60$480c6f0a@china.huawei.com>
References: <alpine.LFD.2.00.0901211720370.17180@stargazer.pc.infrahip.net> <002001c97c3b$255a9d60$480c6f0a@china.huawei.com>
Message-ID: <20090122132950.GA1342@cisco.com>
Excerpts from Zhang Dacheng on Thu, Jan 22, 2009 10:43:02AM +0800: > I agree that it is an intuitive solution to solve the key revocation issue > with DNS. However, my concern is whether it is reasonable for us to assume > that every host has a FQDN. If yes, the importance of HIP is largely > weakened. We can use FQDN rather than HI to achieve the separation of ID > from Locator. As far as I can see this isn't true. Different "identification" functions have different needs. You can use a FQDN as an identifier for initial discovery of a location, but you cannot use it for session authentication or control. To start with you would be subject to man-in-the-middle attacks. Scott
- [Hipsec-rg] Hierarchical HITs Xu Xiaohu
- [Hipsec-rg] 答复: Key Revocation Issue Zhang Dacheng
- [Hipsec-rg] Key Revocation Issue Henderson, Thomas R
- [Hipsec-rg] re: 答复: 答复: Key Revocation Issue Xu Xiaohu
- [Hipsec-rg] 答复: 答复: Key Revocation Issue Andrew McGregor
- [Hipsec-rg] 答复: 答复: Key Revocation Issue Zhang Dacheng
- [Hipsec-rg] 答复: Key Revocation Issue Scott Brim
- [Hipsec-rg] 答复: Key Revocation Issue Zhang Dacheng
- [Hipsec-rg] Hierarchical HITs JiangSheng 66104
- [Hipsec-rg] Key Revocation Issue Oleg Ponomarev
- [Hipsec-rg] Hierarchical HITs Oleg Ponomarev
- [Hipsec-rg] 答复: Key Revocation Issue Zhang Dacheng
- [Hipsec-rg] 答复: Key Revocation Issue Zhang Dacheng
- [Hipsec-rg] Key Revocation Issue Miika Komu
- [Hipsec-rg] Key Revocation Issue Zhang Dacheng
- [Hipsec-rg] 答复: Hierarchical HITs Zhang Dacheng
- [Hipsec-rg] 答复: Hierarchical HITs Teemu Koponen
- [Hipsec-rg] Hierarchical HITs JiangSheng 66104
- [Hipsec-rg] Hierarchical HITs Oleg Ponomarev
- [Hipsec-rg] 答复: Hierarchical HITs Zhang Dacheng
- [Hipsec-rg] Hierarchical HITs JiangSheng 66104
- [Hipsec-rg] Hierarchical HITs Julien Laganier
- [Hipsec-rg] Hierarchical HITs Julien Laganier
- [Hipsec-rg] 答复: Hierarchical HITs Julien Laganier
- [Hipsec-rg] Hierarchical HITs Oleg Ponomarev
- [Hipsec-rg] 答复: Hierarchical HITs Sheng Jiang
- [Hipsec-rg] 答复: 答复: Hierarchical HITs Sheng Jiang
- [Hipsec-rg] 答复: Hierarchical HITs Sheng Jiang
- [Hipsec-rg] Hierarchical HITs Oleg Ponomarev
- [Hipsec-rg] Hierarchical HITs (Was: reverse DNS l… JiangSheng 66104
- [Hipsec-rg] Key Revocation Issue Zhang Dacheng
- [Hipsec-rg] Key Revocation Issue Henderson, Thomas R