IETF Logo Mail Archive

Re: [hiprg] draft-ahrenholz-hiprg-dht-05

Andrei Gurtov <gurtov@hiit.fi> Mon, 26 October 2009 09:00 UTC

Return-Path: <gurtov@hiit.fi>
X-Original-To: hiprg@core3.amsl.com
Delivered-To: hiprg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8F57F28C208 for <hiprg@core3.amsl.com>; Mon, 26 Oct 2009 02:00:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ihCgvAe0GP8Z for <hiprg@core3.amsl.com>; Mon, 26 Oct 2009 02:00:29 -0700 (PDT)
Received: from argo.otaverkko.fi (argo.otaverkko.fi [212.68.0.2]) by core3.amsl.com (Postfix) with ESMTP id 1DB7428C19C for <hiprg@irtf.org>; Mon, 26 Oct 2009 02:00:27 -0700 (PDT)
Received: from [88.193.91.76] (dsl-hkibrasgw3-ff5bc100-76.dhcp.inet.fi [88.193.91.76]) by argo.otaverkko.fi (Postfix) with ESMTP id 6175A25ED0E; Mon, 26 Oct 2009 11:00:39 +0200 (EET)
Message-ID: <4AE56537.9010309@hiit.fi>
Date: Mon, 26 Oct 2009 11:00:39 +0200
From: Andrei Gurtov <gurtov@hiit.fi>
User-Agent: Thunderbird 2.0.0.22 (Windows/20090605)
MIME-Version: 1.0
To: "Henderson, Thomas R" <thomas.r.henderson@boeing.com>
References: <0DF156EE7414494187B087A3C279BDB404AD7C9D@XCH-NW-6V1.nw.nos.boeing.com> <AAF2CBF9D2573B45A7ED75C4FFD9883F4B9515A0E7@XCH-NW-10V.nw.nos.boeing.com>
In-Reply-To: <AAF2CBF9D2573B45A7ED75C4FFD9883F4B9515A0E7@XCH-NW-10V.nw.nos.boeing.com>
X-Enigmail-Version: 0.96.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Cc: Ken Rimey <rimey@hiit.fi>, "hiprg@irtf.org" <hiprg@irtf.org>
Subject: Re: [hiprg] draft-ahrenholz-hiprg-dht-05
X-BeenThere: hiprg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "Host Identity Protocol \(HIP\) Research Group" <hiprg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/listinfo/hiprg>, <mailto:hiprg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/hiprg>
List-Post: <mailto:hiprg@irtf.org>
List-Help: <mailto:hiprg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/hiprg>, <mailto:hiprg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Oct 2009 09:00:31 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Thanks for comments, Tom.
To me this draft looks quite mature and ready for publication.
Ken Rimey also implemented this draft as an interface for a GoogleApp as
well as standalone server. So it should be quite reasonable interface.
Do you Ken have any change requests or suggestions?

Andrei

Henderson, Thomas R wrote:
> 
>> -----Original Message-----
>> From: Ahrenholz, Jeffrey M
>> Sent: Wednesday, September 09, 2009 12:10 PM
>> To: hiprg@irtf.org
>> Subject: [hiprg] draft-ahrenholz-hiprg-dht-05
>>
>> The DHT draft has been updated to
>> draft-ahrenholz-hiprg-dht-05. Here are
>> the changes:
>> - Reordered Sections 3.2 and 3.1, since the HIT lookup normally occurs
>>   before the address lookup.
>> - Added text about why two separate lookups are defined.
>> - Added text pertaining to the OpenDHT service retiring.
> 
> Jeff,
> Here are a few questions/comments on the DHT draft:
> 
> 1) "The current DNS system does not provide a suitable lookup mechanism for these flat, random values, and has been heavily optimized for address lookup."
> 
> Oleg Ponomarev's draft (draft-ponomarev-hip-hit2ip-04.txt) suggests that DNS could be used in some situations, so maybe this statement needs to be relaxed, and a reference added.
> 
> 2) In section 3, regarding the HIT lookup service, should we allow somehow for the possible extension that a user could put a name record that also had a certificate that bound the name to a HIT?  This may allow security to be introduced into this service, such as:  1) when the server authenticates the put() based on certificate, or 2) when the client authenticates the name-to-HIT binding based on certificate retrieved.
> 
> 3) is it possible for a put() to fail?  If so, how should an implementation handle that event?
> 
> 4) Section 4:  "Note that this HDRR format is different than the HIP RR used by the Domain Name System as defined in [RFC5205]."  It may be helpful to mention here that the reason it is different is that it is a different record from a functional point of view:  in DNS, the query key is a FQDN, and the return value is a HIT, while here, the query key is a HIT.
> 
> 5) Should the reader of this HDRR verify that the SRC HIT and DST HIT values are correct, and discard if not, or be permissive about these values?
> 
> 6) In the last paragraph of section 4, it starts to describe HIP-aware DHT behavior, but then says that it is out of scope.  What would be required to go ahead and specify the HIP aware interface in this draft?  In this case, the put() may fail (see #3 above) and this failure would need to be conveyed to the client somehow.  Is there anything else required to extend the scope to also allow for HIP-aware DHT servers?
> 
> 7) Section 5's title could probably just be simplified to read "Use Cases"
> 
> - Tom
> _______________________________________________
> hiprg mailing list
> hiprg@irtf.org
> https://www.irtf.org/mailman/listinfo/hiprg
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkrlZTcACgkQP7jp0uceFkRdiACg2s4dWHH5Z0XFtXHrvGXJmu5W
l2cAnA3Z2wiihY2W5dzt8THyveAt0OEZ
=Iz3/
-----END PGP SIGNATURE-----

v2.23.0 | Report a Bug | By Email