IETF Logo Mail Archive

Re: [Hipsec] WGLC: draft-ietf-hip-reload-instance-00

"Henderson, Thomas R" <thomas.r.henderson@boeing.com> Mon, 01 March 2010 17:50 UTC

Return-Path: <thomas.r.henderson@boeing.com>
X-Original-To: hipsec@core3.amsl.com
Delivered-To: hipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B241528C411 for <hipsec@core3.amsl.com>; Mon, 1 Mar 2010 09:50:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZUcck50P67KO for <hipsec@core3.amsl.com>; Mon, 1 Mar 2010 09:50:18 -0800 (PST)
Received: from blv-smtpout-01.boeing.com (blv-smtpout-01.boeing.com [130.76.32.69]) by core3.amsl.com (Postfix) with ESMTP id 0685628C165 for <hipsec@ietf.org>; Mon, 1 Mar 2010 09:50:07 -0800 (PST)
Received: from blv-av-01.boeing.com (blv-av-01.boeing.com [130.247.48.231]) by blv-smtpout-01.ns.cs.boeing.com (8.14.4/8.14.4/8.14.4/SMTPOUT) with ESMTP id o21HnvM9014111 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Mon, 1 Mar 2010 09:49:58 -0800 (PST)
Received: from blv-av-01.boeing.com (localhost [127.0.0.1]) by blv-av-01.boeing.com (8.14.4/8.14.4/DOWNSTREAM_RELAY) with ESMTP id o21Hnv1c006758; Mon, 1 Mar 2010 09:49:57 -0800 (PST)
Received: from XCH-NWHT-10.nw.nos.boeing.com (xch-nwht-10.nw.nos.boeing.com [130.247.25.113]) by blv-av-01.boeing.com (8.14.4/8.14.4/UPSTREAM_RELAY) with ESMTP id o21Hnv2e006752 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=OK); Mon, 1 Mar 2010 09:49:57 -0800 (PST)
Received: from XCH-NW-10V.nw.nos.boeing.com ([130.247.25.83]) by XCH-NWHT-10.nw.nos.boeing.com ([130.247.25.113]) with mapi; Mon, 1 Mar 2010 09:49:57 -0800
From: "Henderson, Thomas R" <thomas.r.henderson@boeing.com>
To: 'Ari Keranen' <ari.keranen@nomadiclab.com>
Date: Mon, 01 Mar 2010 09:49:56 -0800
Thread-Topic: [Hipsec] WGLC: draft-ietf-hip-reload-instance-00
Thread-Index: Acq5Yg8qOyIOp18/TgeK86cAM/9wGwAAefZg
Message-ID: <7CC566635CFE364D87DC5803D4712A6C4C1F48A831@XCH-NW-10V.nw.nos.boeing.com>
References: <4B5F07F6.7080800@ericsson.com> <7CC566635CFE364D87DC5803D4712A6C4C1F48A7C0@XCH-NW-10V.nw.nos.boeing.com > <4B83F243.6070208@nomadiclab.com> <7CC566635CFE364D87DC5803D4712A6C4C1F48A7D1@XCH-NW-10V.nw.nos.boeing.com> <4B8689B0.50704@nomadiclab.com> <7CC566635CFE364D87DC5803D4712A6C4C1F48A7FF@XCH-NW-10V.nw.nos.boeing.com> <4B877153.10908@nomadiclab.com> <7CC566635CFE364D87DC5803D4712A6C4C1F48A81E@XCH-NW-10V.nw.nos.boeing.com> <4B8BF48E.2060301@nomadiclab.com>
In-Reply-To: <4B8BF48E.2060301@nomadiclab.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: HIP <hipsec@ietf.org>
Subject: Re: [Hipsec] WGLC: draft-ietf-hip-reload-instance-00
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hipsec>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Mar 2010 17:50:20 -0000

> >
> > I think we should really explore this idea more but let's
> do so in the more RFC4423bis context as discussed in the
> other thread.  I wasn't objecting to the idea per se, but
> just that we should not slip it into this draft if it is not
> really recognized as a part of HIP today.
>
> Actually, we used to have a milestone about this in the
> charter, but it
> was removed last July when the WG's conclusion was that
> transformations
> would be context specific. So, this already is recognized as
> part of the
> HIP today.

Can you point me to a document that shows where this is recognized as part of HIP today?

>
> > I see pros and cons to non-ORCHID HITs:
> > - pro:  can be designed to be hierarchical or formatted as
> needed.  Can they even be IPv6 addresses?
> > - con:  HITs are no longer unique.  It is really the
> certificate which is the unique identifier.
> > It does seem more flexible and may have deployment
> advantages.  Does it solve the ACL problem with current HITs
> (that they are non-aggregatable)?  It could lead to
> aggregatable HITs but then the ACL will need to know the
> authorizing enrollment server for those HITs, and check CERTs.
>
> These questions are good to be explored on RFC4423bis, but we
> don't need
> the answers to proceed with the RELOAD instance spec, so I would not
> delay the instance spec by making it depend on RFC4423bis.
>
> Anyhow, we are not changing anything fundamental in HIP, and
> having this
> property we can make HIP meet the different requirements that people
> building overlays have.
>

I disagree that this changes anything fundamental:  RFC5201, section 3.1:
3.1.  Host Identity Tag (HIT)

   The Host Identity Tag is a 128-bit value -- a hashed encoding of the
   Host Identifier.

I am not opposed to relaxing this in principle but I do not recall that we have agreed on how to do this.

- Tom

v2.23.0 | Report a Bug | By Email