[Hipsec-rg] Hierarchical HITs

[shengjiang at huawei.com (JiangSheng 66104)]

Hi, Julien,

First of all, I have no objection that DNS names may be used as host identifiers in some scenarios.

Then, comparing with DNS, there are at least two major advantages HHIT has, as far as I understand and consider, one, HHIT has embedded security information and easy for verification; two, HHIT is numeric with fixed length. It is much simpler and more effective for a host to process.

Cheers,

Sheng

----- Original Message -----
From: Julien Laganier <julien.laganier.ietf at googlemail.com>
Date: Saturday, January 17, 2009 6:42 am
Subject: Re: [Hipsec-rg]  Hierarchical HITs
To: Sheng Jiang <shengjiang at huawei.com>
Cc: hipsec-rg at listserv.cybertrust.com

> Sheng,
> 
> Sheng Jiang wrote:
> >> This is exactly the point; If a HHIT has the limitation that:
> >>
> >> - it is bound with one entity in the hierarchy compared to a 
> plain HIT
> >> (like a DNS name is)
> >>
> >> - is not human readable compared to a DNS name (like a HIT is)
> >>
> >> Then why should I use a HHIT as a host identifier? I'm getting 
> all of
> >> the disadvantages of HIT (not readable) or DNS name (bound to an 
> entity>> in the hierarchy) but none of their respective advantages, 
> i.e., not
> >> being bound to an entity, or being readble...
> > 
> > I don't think bound to an entity in the hierarchy is a 
> disadvantage at all.
> 
> You haven't replied to my previous question which was "My question 
> was,If my identifier is bound with one entity in the hierarchy, 
> what would
> be the advantage of using HHIT as host identifiers, compared to using
> DNS names as host identifiers? "
> 
> Now if this is not a disadvantage, and if it's actually the
> functionality that you're searching for, why can't you simply use 
> domainnames as host identifiers. They have the advantage of being 
> humanreadable, and I do not see any domain name drawback to HHIT...
> 
> --julien
>