IETF Logo Mail Archive

Re: [Hipsec] New HIP WG charter proposal

Jan Melen <jan.melen@nomadiclab.com> Wed, 05 May 2010 16:29 UTC

Return-Path: <jan.melen@nomadiclab.com>
X-Original-To: hipsec@core3.amsl.com
Delivered-To: hipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B17733A682E for <hipsec@core3.amsl.com>; Wed, 5 May 2010 09:29:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.001
X-Spam-Level:
X-Spam-Status: No, score=0.001 tagged_above=-999 required=5 tests=[BAYES_50=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DhcShtxwoF-N for <hipsec@core3.amsl.com>; Wed, 5 May 2010 09:29:24 -0700 (PDT)
Received: from gw.nomadiclab.com (unknown [IPv6:2001:14b8:400:101::2]) by core3.amsl.com (Postfix) with ESMTP id C0A823A67B7 for <hipsec@ietf.org>; Wed, 5 May 2010 09:29:21 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by gw.nomadiclab.com (Postfix) with ESMTP id EB1E44E6DE; Wed, 5 May 2010 19:29:06 +0300 (EEST)
X-Virus-Scanned: amavisd-new at nomadiclab.com
Received: from gw.nomadiclab.com ([127.0.0.1]) by localhost (inside.nomadiclab.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GnlpKe932Hdu; Wed, 5 May 2010 19:29:05 +0300 (EEST)
Received: from smtp.nomadiclab.com (d146.nomadiclab.com [IPv6:2001:14b8:400:100::146]) by gw.nomadiclab.com (Postfix) with ESMTP id 9BED44E6D5; Wed, 5 May 2010 19:29:05 +0300 (EEST)
Received: from smtp.nomadiclab.com (localhost [127.0.0.1]) by smtp.nomadiclab.com (Postfix) with ESMTP id 6812510709C; Wed, 5 May 2010 19:29:05 +0300 (EEST)
Received: from [IPv6:::1] (n2.nomadiclab.com [IPv6:2001:14b8:400:101::2]) by smtp.nomadiclab.com (Postfix) with ESMTP id C544E107022; Wed, 5 May 2010 19:28:58 +0300 (EEST)
Mime-Version: 1.0 (Apple Message framework v1078)
Content-Type: text/plain; charset="us-ascii"
From: Jan Melen <jan.melen@nomadiclab.com>
In-Reply-To: <4BE02580.8060808@htt-consult.com>
Date: Wed, 05 May 2010 19:28:52 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <5E24EE17-E367-4CA9-9453-EF3DFF264DFD@nomadiclab.com>
References: <4BDBD41E.5030107@ericsson.com> <4BDFE5B7.3020500@oracle.com> <4BE02580.8060808@htt-consult.com>
To: Robert Moskowitz <rgm@htt-consult.com>
X-Mailer: Apple Mail (2.1078)
X-Virus-Scanned: ClamAV using ClamSMTP
Cc: HIP <hipsec@ietf.org>
Subject: Re: [Hipsec] New HIP WG charter proposal
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hipsec>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 May 2010 16:29:32 -0000

Hi,

To me the new charter looks good. For referrals I don't see any big problems as mentioned already by Miika and Bob we have gained quite a bit experience on how much of an problem the referrals are and according to that experience there is only very few cases where they cannot be made to work, in all other cases the referrals can be resolved through mechanisms described by Bob.

Of course these are issues that need to be documented in architecture and DNS documents

   Regards,
    Jan

On May 4, 2010, at 4:47 PM, Robert Moskowitz wrote:

> On 05/04/2010 05:15 AM, Erik Nordmark wrote:
>> On 05/ 1/10 12:11 AM, Gonzalo Camarillo wrote:
>>> Hi,
>>> 
>>> as you know, we need to recharter the WG in order to move our specs to
>>> the standards track. I have put together a charter proposal (see
>>> attachment). Please, let me know if you have any comments on it.
>> 
>> What is the current state of handling applications that do referrals with HIP? Last time I looked there wasn't any useful support for this.
> 
> Here is pretty much what we have learned over the past many years...
> 
> If the referral is an IP address the following MAY occur:
> 
> If the app just issues an http://<addr>/<whatever> the HIP shim MAY perform an opportunistic HIP BEX and if successful proceed with the connection over HIP. If opportunistic failed or was not configured, then the connection will occur "open". That is without HIP.
> 
> If the app issues a reverse lookup on <addr> and retrieves a DNS HI record, then again, HIP would be used for the connection.
> 
> If the referral is a HIT, then the HIP shim would need some mechanism to perform the HIT to IP lookup. One would have to ASSuME that since a HIT was provided in a referral that a lookup mechanism was provided by the server and hopefully the client will use the 'right one'. One possiblity is DHT. Another is DNS. DNS reverse lookups of HITs is a problem, as they are flat within the ORCHID prefix (well flat within the new concept of HIT suites). This is where Hierarchical HITs MAY be of value.
> 
> So the short answer is: referrals work if the referral is an IP address. referrals MAY work if the referral is a HIT.
> 
>> 
>> I think preserving that part of the Internet architecture is important in whatever we put on the standards track.
> 
> We all think this and see regular cases where things work only sometimes. I feel that in HIP we have found that it makes more things work (like IPv4 dumb apps running over IPv6 networks) than it makes things hard.
> 
> Perhaps the abouve discussion can be captured in one of the HIP documents if it is already not there.
> 
> 
> _______________________________________________
> Hipsec mailing list
> Hipsec@ietf.org
> https://www.ietf.org/mailman/listinfo/hipsec

v2.29.0 | Report a Bug | By Email | System Status