Re: [hiprg] RG last call on the DHT draft

Ari Keranen <ari.keranen@nomadiclab.com> Mon, 19 July 2010 11:02 UTC

Return-Path: <ari.keranen@nomadiclab.com>
X-Original-To: hiprg@core3.amsl.com
Delivered-To: hiprg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B50CD3A6872 for <hiprg@core3.amsl.com>; Mon, 19 Jul 2010 04:02:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.497
X-Spam-Level:
X-Spam-Status: No, score=-2.497 tagged_above=-999 required=5 tests=[AWL=0.102, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TFc65FJYzlNC for <hiprg@core3.amsl.com>; Mon, 19 Jul 2010 04:02:22 -0700 (PDT)
Received: from gw.nomadiclab.com (unknown [IPv6:2001:14b8:400:101::2]) by core3.amsl.com (Postfix) with ESMTP id 2F5BC3A6861 for <hiprg@irtf.org>; Mon, 19 Jul 2010 04:02:21 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by gw.nomadiclab.com (Postfix) with ESMTP id 213474E6D5; Mon, 19 Jul 2010 14:02:32 +0300 (EEST)
X-Virus-Scanned: amavisd-new at nomadiclab.com
Received: from gw.nomadiclab.com ([127.0.0.1]) by localhost (inside.nomadiclab.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0NsqiaalcIzt; Mon, 19 Jul 2010 14:02:31 +0300 (EEST)
Received: from [IPv6:2001:14b8:400:101:21c:23ff:fe45:a6c1] (unknown [IPv6:2001:14b8:400:101:21c:23ff:fe45:a6c1]) by gw.nomadiclab.com (Postfix) with ESMTP id 90DE04E6CF; Mon, 19 Jul 2010 14:02:31 +0300 (EEST)
Message-ID: <4C4430C7.7060807@nomadiclab.com>
Date: Mon, 19 Jul 2010 14:02:31 +0300
From: Ari Keranen <ari.keranen@nomadiclab.com>
User-Agent: Thunderbird 2.0.0.24 (X11/20100411)
MIME-Version: 1.0
To: "Henderson, Thomas R" <thomas.r.henderson@boeing.com>, "Ahrenholz, Jeffrey M" <jeffrey.m.ahrenholz@boeing.com>
References: <7CC566635CFE364D87DC5803D4712A6C4CE9716436@XCH-NW-10V.nw.nos.boeing.com> <4C4060CD.4040306@nomadiclab.com>
In-Reply-To: <4C4060CD.4040306@nomadiclab.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: "hiprg@irtf.org" <hiprg@irtf.org>
Subject: Re: [hiprg] RG last call on the DHT draft
X-BeenThere: hiprg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "Host Identity Protocol \(HIP\) Research Group" <hiprg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/listinfo/hiprg>, <mailto:hiprg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/hiprg>
List-Post: <mailto:hiprg@irtf.org>
List-Help: <mailto:hiprg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/hiprg>, <mailto:hiprg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Jul 2010 11:02:23 -0000

Hi,

Here's some more comments on the rest of the DHT draft.


4. HDRR - the HIP DHT Resource Record

    The only other TLV used with the HIT lookup service is an optional
    CERT parameter containing a certificate for validating the name that
    is used as the DHT key.

Missing a reference to the CERT draft.


    The HOST_ID parameter and HIP_SIGNATURE parameter MUST be used with
    the HDRR so that HIP clients receiving the record can validate the
    sender and the included LOCATOR parameter.
[...]
    The client that receives the HDRR from the DHT response MUST perform
    the signature and HIT_KEY verification.

More instances of RFC 2119 language.


5. Use cases

    Also, when there is a change in
    preferred address, usually associated with sending UPDATE packets
    with included locator parameters, the host should update its HDRR
    with the DHT.  The old HDRR should be removed using the rm operation,
    if a secret value was used in the put.

If a secret value was not used, shouldn't the old HDRR be still removed?


    Addresses from the private address space should not be published to
    the DHT.  If the host is located behind a NAT, for example, the host
    could publish the address of its RVS to the DHT if that is how it is
    reachable.

Abbreviations are not expanded (RVS, and perhaps NAT too) and missing a 
reference to the RVS RFC. Since we're talking about NATs, could also 
mention HIP relay and RFC 5770.


Cheers,
Ari