IETF Logo Mail Archive

[Hipsec-rg] reverse DNS lookups of HITs

andrew at indranet.co.nz (Andrew McGregor) Tue, 13 January 2009 09:38 UTC

From: "andrew at indranet.co.nz"
Date: Tue, 13 Jan 2009 22:38:19 +1300
Subject: [Hipsec-rg] reverse DNS lookups of HITs
In-Reply-To: <alpine.LFD.2.00.0901130935560.17180@stargazer.pc.infrahip.net>
References: <E1LMUy5-00069S-00@alva.home> <alpine.LFD.2.00.0901130935560.17180@stargazer.pc.infrahip.net>
Message-ID: <BC5BEFD4-1EFC-43DB-BD37-55E12F00408E@indranet.co.nz>

On 13/01/2009, at 9:27 PM, Oleg Ponomarev wrote:

> Hello! On Mon, 12 Jan 2009, Tim Shepard wrote:
>
>> I view HITs as very similar to SSH host keys.  And just like we  
>> have no need for a network-wide way of looking up an ssh host key  
>> to find out what host it corresponds to, perhaps we can do without  
>> any network-wide way of looking up a HIT (or HI).
>
> I might have a mistaken view, but usually we only check the presence  
> of the key in the list of authorized/known keys, so we do not need  
> such a lookup.

I think that was exactly the point... we don't need such lookups.

>
>
>
>> I think we (myself included) should all go read the FARA paper again:
>>
>> FARA: Reorganizing the Addressing Architecture ( the first of 3  
>> papers at http://www.isi.edu/newarch/fara.html )
>
> I guess it would take some time to deploy a solution which requires  
> new network architecture, when we need something to use now.

Those papers represent some serious research into the implications of  
the architecture.  We've implemented something with HIP, but it seems  
there is disagreement as to the architecture... if reverse lookups are  
even desirable is an architectural question, after all.  Personally, I  
think there is no need for reverse lookups.

Andrew

v2.39.1 | Report a Bug | By Email | System Status