Re: [Hipsec] HIP-based anycast
Julien Laganier <julien.ietf@gmail.com> Thu, 28 March 2013 23:36 UTC
Return-Path: <julien.ietf@gmail.com>
X-Original-To: hipsec@ietfa.amsl.com
Delivered-To: hipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 899F221F8F7A for <hipsec@ietfa.amsl.com>; Thu, 28 Mar 2013 16:36:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G65c1ObPKW-5 for <hipsec@ietfa.amsl.com>; Thu, 28 Mar 2013 16:36:58 -0700 (PDT)
Received: from mail-vc0-f169.google.com (mail-vc0-f169.google.com [209.85.220.169]) by ietfa.amsl.com (Postfix) with ESMTP id EB61321F8F0F for <hipsec@ietf.org>; Thu, 28 Mar 2013 16:36:54 -0700 (PDT)
Received: by mail-vc0-f169.google.com with SMTP id kw10so75930vcb.0 for <hipsec@ietf.org>; Thu, 28 Mar 2013 16:36:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:cc:content-type:content-transfer-encoding; bh=Xe1W6BLRSYl7CDymXHiKIfpdKsxLiefIcveamkKA6Ik=; b=VumG6EQ92Q+l6mQfsw2cBkW0Opv4JK+8/f/0pyKjHxdZcngQaJc807SEsI2JSNKFZw Zaw9b7Ft3BzjEsvwL9IuLYDkV9+Z6VbXpwwByQ4+viejE93nqKwgXNfFBti/t3fj+tI2 RZ0R7eOkQlKsOqo3VsC+PMrcfYkqw1NJJWGCpsD9Yd2+oVgVzxVNjocJnkMdfCAbi1Ar lM170KEPDYIaAxmaRyOqnFVQS80Jmu2UW9AuuyDKIWLJnVSYVZNX7iWDXXjtBs2YwHuw 9AyfZ+DGryX5ExdButH2IbguYGlhUBuYaPD30eMUcuBseumn3qgiTBKwuwA5wfcw7Emv r4dA==
MIME-Version: 1.0
X-Received: by 10.58.43.169 with SMTP id x9mr532329vel.13.1364513814371; Thu, 28 Mar 2013 16:36:54 -0700 (PDT)
Received: by 10.52.17.207 with HTTP; Thu, 28 Mar 2013 16:36:54 -0700 (PDT)
In-Reply-To: <50B48A1A.1080609@cs.hut.fi>
References: <50B48A1A.1080609@cs.hut.fi>
Date: Thu, 28 Mar 2013 16:36:54 -0700
Message-ID: <CAE_dhjv-7gg9RtY9-mGe5KSwU5gC7ucrMMiJ25o3Me4-XHUSWg@mail.gmail.com>
From: Julien Laganier <julien.ietf@gmail.com>
To: Miika Komu <mkomu@cs.hut.fi>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: quoted-printable
Cc: hip WG <hipsec@ietf.org>
Subject: Re: [Hipsec] HIP-based anycast
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hipsec>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Mar 2013 23:36:58 -0000
Hi, HIP anycast would need a HIT to identify the members of the anycast group, wouldn't it? So why not have a key pair generated for the group, and the HIT derived from the public key be the anycast HIT. One could then use the group anycast key pair to sign authorization certificates granting membership into the group. Similar concept has been explored for IPv6 multicast and anycast group in: CASTELLUCCIA, C. AND MONTENEGRO, G. 2003. Securing group management in ipv6 with cryptographically generated addresses. In The Eighth IEEE Symposium on Computers and Communications (ISCC’2003). --julien On Tue, Nov 27, 2012 at 1:38 AM, Miika Komu <mkomu@cs.hut.fi> wrote: > Hi, > > opportunistic mode with the help of a rendezvous server could be used for > implementing HIP-based anycast. The current RVS specification does not allow > this: > > http://tools.ietf.org/html/draft-ietf-hip-rfc5204-bis-02 > > 4.3.1. Processing Outgoing I1 Packets > > An initiator SHOULD NOT send an opportunistic I1 with a NULL > destination HIT to an IP address that is known to be a rendezvous > server address, unless it wants to establish a HIP association with > the rendezvous server itself and does not know its HIT. > > I think we could specify either a flag in the base exchange or alternatively > a special HIT encoding for the "NULL" destination HIT in the I1. What do you > think? > _______________________________________________ > Hipsec mailing list > Hipsec@ietf.org > https://www.ietf.org/mailman/listinfo/hipsec
- [Hipsec] HIP-based anycast Miika Komu
- Re: [Hipsec] HIP-based anycast Julien Laganier
- Re: [Hipsec] HIP-based anycast Miika Komu
- Re: [Hipsec] HIP-based anycast Julien Laganier
- Re: [Hipsec] HIP-based anycast Miika Komu