Re: [Hipsec] Fwd: New Version Notification for draft-moskowitz-hip-hierarchical-hit-00.txt

Robert Moskowitz <rgm@htt-consult.com> Thu, 12 September 2019 18:32 UTC

Return-Path: <rgm@htt-consult.com>
X-Original-To: hipsec@ietfa.amsl.com
Delivered-To: hipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EC10612086A for <hipsec@ietfa.amsl.com>; Thu, 12 Sep 2019 11:32:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jBg8vjKPmigv for <hipsec@ietfa.amsl.com>; Thu, 12 Sep 2019 11:32:07 -0700 (PDT)
Received: from z9m9z.htt-consult.com (z9m9z.htt-consult.com [23.123.122.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B6757120220 for <hipsec@ietf.org>; Thu, 12 Sep 2019 11:32:07 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by z9m9z.htt-consult.com (Postfix) with ESMTP id 740DE60D1B for <hipsec@ietf.org>; Thu, 12 Sep 2019 14:32:06 -0400 (EDT)
X-Virus-Scanned: amavisd-new at htt-consult.com
Received: from z9m9z.htt-consult.com ([127.0.0.1]) by localhost (z9m9z.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id J1lEVRWqVWDg for <hipsec@ietf.org>; Thu, 12 Sep 2019 14:32:00 -0400 (EDT)
Received: from lx140e.htt-consult.com (unknown [192.168.160.12]) (using TLSv1.2 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by z9m9z.htt-consult.com (Postfix) with ESMTPSA id 580FC6096F for <hipsec@ietf.org>; Thu, 12 Sep 2019 14:31:59 -0400 (EDT)
To: HIP <hipsec@ietf.org>
References: <865fea77-8441-c25b-8860-2be138459b01@htt-consult.com>
From: Robert Moskowitz <rgm@htt-consult.com>
Message-ID: <ea408d95-6101-0aca-4ce5-a7c7b491902b@htt-consult.com>
Date: Thu, 12 Sep 2019 14:31:53 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0
MIME-Version: 1.0
In-Reply-To: <865fea77-8441-c25b-8860-2be138459b01@htt-consult.com>
Content-Type: multipart/alternative; boundary="------------C03A606804748F5770DF7070"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/hipsec/Fof7j2qn85FvNMFDwQlTpMrFTjU>
Subject: Re: [Hipsec] Fwd: New Version Notification for draft-moskowitz-hip-hierarchical-hit-00.txt
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/hipsec/>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Sep 2019 18:32:10 -0000

Some points about Hierarchical HITs.

The idea is not new.  See draft-moskowitz-hip-04 from 7/01.  One bit was 
used to identity Hierarchical HITs (HHITs) over flat HITs.

Since this concept was removed I am now faced with how to tell the 
difference in the HIT encoding?

HHITs use a different ORCHID construction.  Kind of violation the ORCHID 
rules.  Remains to be seen if it will take a direct addendum to ORCHID 
for this.  The HID is included with the HI in computing the ORCHID.  I 
often wondered if the HIT Suite should have been included.  Since it 
wasn't we do have to be careful in specifying HIT Suites so it is not 
possible to have identical BIT-level HIs for different HIT Suites.  I am 
not attempting to change this part; maybe I should.

So given a HIT in the wild (I1, or UAS RID broadcast), how do you know 
if it is a HHIT.  Instead of burning through HIT suites as I first 
thought in draft-moskowitz-hierarchical-hip, I am specifying a unique 
HIT prefix for HHITs.

If anyone can see any other way, please speak up.  Again, the ORCHID 
prefix is specified in the ORCHID RFC.  Will we best do an update to ORCHID?

Please chime in.

Bob

On 9/12/19 12:54 PM, Robert Moskowitz wrote:
> Hello all.
>
> Finally we are now funded to work on this project.  I am very unhappy 
> at what it took to get to this point.   Fortunately, I have been using 
> the time to put together some notes that I am quickly turning into drafts.
>
> So work on tm-rid is now open.  Two more drafts will be posted in the 
> next couple days.  I welcome reviews and comments.
>
> Also I will be working with the AD for time at IETF106.
>
> Bob
>
>
> -------- Forwarded Message --------
> Subject: 	New Version Notification for 
> draft-moskowitz-hip-hierarchical-hit-00.txt
> Date: 	Thu, 12 Sep 2019 09:49:01 -0700
> From: 	internet-drafts@ietf.org
> To: 	Stuart Card <stu.card@axenterprize.com>;, Adam Wiethuechter 
> <adam.wiethuechter@axenterprize.com>;, Robert Moskowitz 
> <rgm@labs.htt-consult.com>;, Stuart W. Card <stu.card@axenterprize.com>;
>
>
>
>
> A new version of I-D, draft-moskowitz-hip-hierarchical-hit-00.txt
> has been successfully submitted by Robert Moskowitz and posted to the
> IETF repository.
>
> Name: draft-moskowitz-hip-hierarchical-hit
> Revision: 00
> Title: Hierarchical HITs for HIPv2
> Document date: 2019-09-12
> Group: Individual Submission
> Pages: 9
> URL: 
> https://www.ietf.org/internet-drafts/draft-moskowitz-hip-hierarchical-hit-00.txt
> Status: 
> https://datatracker.ietf.org/doc/draft-moskowitz-hip-hierarchical-hit/
> Htmlized: 
> https://tools.ietf.org/html/draft-moskowitz-hip-hierarchical-hit-00
> Htmlized: 
> https://datatracker.ietf.org/doc/html/draft-moskowitz-hip-hierarchical-hit
>
>
> Abstract:
> This document describes using a hierarchical HIT to facilitate large
> deployments of managed devices. Hierarchical HITs differ from HIPv2
> flat HITs by only using 64 bits for mapping the Host Identity,
> freeing 32 bits to bind in a hierarchy of Registering Entities that
> provide services to the consumers of hierarchical HITs.
>
>
>
> Please note that it may take a couple of minutes from the time of 
> submission
> until the htmlized version and diff are available at tools.ietf.org.
>
> The IETF Secretariat
>
>
> _______________________________________________
> Hipsec mailing list
> Hipsec@ietf.org
> https://www.ietf.org/mailman/listinfo/hipsec