IETF Logo Mail Archive

Re: [Hipsec] WGLC: draft-ietf-hip-reload-instance-00

"Henderson, Thomas R" <thomas.r.henderson@boeing.com> Thu, 25 February 2010 16:46 UTC

Return-Path: <thomas.r.henderson@boeing.com>
X-Original-To: hipsec@core3.amsl.com
Delivered-To: hipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0EE6928C36A for <hipsec@core3.amsl.com>; Thu, 25 Feb 2010 08:46:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.518
X-Spam-Level:
X-Spam-Status: No, score=-6.518 tagged_above=-999 required=5 tests=[AWL=0.081, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xm9t2MlNJjgH for <hipsec@core3.amsl.com>; Thu, 25 Feb 2010 08:46:17 -0800 (PST)
Received: from slb-smtpout-01.boeing.com (slb-smtpout-01.boeing.com [130.76.64.48]) by core3.amsl.com (Postfix) with ESMTP id 23D683A7EA2 for <hipsec@ietf.org>; Thu, 25 Feb 2010 08:46:17 -0800 (PST)
Received: from stl-av-01.boeing.com (stl-av-01.boeing.com [192.76.190.6]) by slb-smtpout-01.ns.cs.boeing.com (8.14.4/8.14.4/8.14.4/SMTPOUT) with ESMTP id o1PGmH70013512 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Thu, 25 Feb 2010 08:48:17 -0800 (PST)
Received: from stl-av-01.boeing.com (localhost [127.0.0.1]) by stl-av-01.boeing.com (8.14.4/8.14.4/DOWNSTREAM_RELAY) with ESMTP id o1PGmGdB015286; Thu, 25 Feb 2010 10:48:16 -0600 (CST)
Received: from XCH-NWHT-04.nw.nos.boeing.com (xch-nwht-04.nw.nos.boeing.com [130.247.64.250]) by stl-av-01.boeing.com (8.14.4/8.14.4/UPSTREAM_RELAY) with ESMTP id o1PGmGXj015238 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=OK); Thu, 25 Feb 2010 10:48:16 -0600 (CST)
Received: from XCH-NW-10V.nw.nos.boeing.com ([130.247.25.83]) by XCH-NWHT-04.nw.nos.boeing.com ([130.247.64.250]) with mapi; Thu, 25 Feb 2010 08:48:16 -0800
From: "Henderson, Thomas R" <thomas.r.henderson@boeing.com>
To: 'Ari Keranen' <ari.keranen@nomadiclab.com>
Date: Thu, 25 Feb 2010 08:48:16 -0800
Thread-Topic: [Hipsec] WGLC: draft-ietf-hip-reload-instance-00
Thread-Index: Acq2JzLhh6/Txc2jQwOtpqdKeIgPsQADz5wg
Message-ID: <7CC566635CFE364D87DC5803D4712A6C4C1F48A7FF@XCH-NW-10V.nw.nos.boeing.com>
References: <4B5F07F6.7080800@ericsson.com> <7CC566635CFE364D87DC5803D4712A6C4C1F48A7C0@XCH-NW-10V.nw.nos.boeing.com> <4B83F243.6070208@nomadiclab.com> <7CC566635CFE364D87DC5803D4712A6C4C1F48A7D1@XCH-NW-10V.nw.nos.boeing.com> <4B8689B0.50704@nomadiclab.com>
In-Reply-To: <4B8689B0.50704@nomadiclab.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: HIP <hipsec@ietf.org>
Subject: Re: [Hipsec] WGLC: draft-ietf-hip-reload-instance-00
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hipsec>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Feb 2010 16:46:18 -0000

> >
> > When you say "In the other Peer ID mode, namely "RELOAD",..." which
> > case do you mean?  Just the self-generated case?  If it is the
> > centralized case, the Node IDs can't be used as HITs, and then the
> > Node IDs and the HITs are not related to one another and need to be
> > bound by some kind of certificate framework.  This is what I think
> > section 5.6.1.1 of the base draft refers to.  Or am I
> > misunderstanding something?
>
> We mean both cases.  I'm sorry but I don't follow why couldn't the
> non-ORCHID Node IDs be used as "HITs" (i.e., in the HIP header, VIA
> lists and certificates) in the centralized case?
>

Let's say that the enrollment server allocates the first node the Node ID of "0", the second node a Node ID of "1" etc.  Are you suggesting that these values are used as HITs?

I raised this issue in another thread yesterday, but it seems to me that a central idea in the HIP architecture is that the HIT is the hash of the public key of a public/private key pair and that the host holds the private key.  I don't believe we've talked before about the possibility that the HI and HIT are not related cryptographically.

- Tom

v2.23.0 | Report a Bug | By Email