[Hipsec-rg] Re: Native HIP API questions in the hipsec-rg meeting

touch@ISI.EDU (Joe Touch) Tue, 17 August 2004 23:19 UTC

From: touch@ISI.EDU (Joe Touch)
Date: Tue Aug 17 23:19:05 2004
Subject: [Hipsec-rg] Re: Native HIP API questions in the hipsec-rg meeting
In-Reply-To: <E1BwrbV-0007LC-00@alva.home>
References: <E1BwrbV-0007LC-00@alva.home>
Message-ID: <41218763.60307@isi.edu>

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigE99FF82FB3DBB9D4529409AE
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit



Tim Shepard wrote:

>>See Tim's email. I agree with him that finding a way to use HIP without 
>>a deployed DNS would be very useful. How do you bootstrap communication 
>>if someone hands you just a HIT?
> 
> You don't.   When I hear that question (and I've heard it many times)
> it sounds to me like a question equivalent to:
> 
>    How do you bootstrap an ssh connection if someone hands you (only)
>    the ssh host key of a machine?
> 
> Another equivalent question might be:
> 
>    How am I supposed to be able to begin a postal correspondence with
>    Alyssa P. Hacker  when the only think you've told me is her name?
> 
> A referral requires a name *and* an address.  I don't see anyway
> around that.  Directories can be useful, but no directory will ever
> have everything or everyone in it.

I always thought of HIP has having two uses:

	1. given global IDs and a rendezvous IP address, start a
	connection with that ID via the rendezvous. either the
	rendezvous point forwards the connection request, or replies
	with further info on how to find that ID

	2. given an initial IP address, go there and get an ID
	that is unique only to you and that end; allow the endpoints
	to move once established, based on keeping that ID

I always though of HIP as focusing on (2); (1) is somewhat nonsensical, 
as Tim points out above. Both end up requiring a rendezvous; (1) also 
requires global uniqueness of IDs and a global lookup infrastructure. 
(2) relies on the existing infrastructure (e.g., DNS) to get you to the 
rendezvous point, at which point the ID is between you and the other 
end, very much like a TCP ISN.

Joe

--------------enigE99FF82FB3DBB9D4529409AE
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFBIYdjE5f5cImnZrsRAso/AJwJY112ckbwNcAu1KKJhC2N4SyYkwCgkuU1
A6tRJI9tCs2NedkQ87bY3Hk=
=FOhd
-----END PGP SIGNATURE-----

--------------enigE99FF82FB3DBB9D4529409AE--

[Hipsec-rg] Re: Native HIP API questions in the h… Pekka Nikander
[Hipsec-rg] Re: Native HIP API questions in the h… Joe Touch
[Hipsec-rg] Re: Native HIP API questions in the h… Andrew McGregor
[Hipsec-rg] Re: Native HIP API questions in the h… Joe Touch
[Hipsec-rg] Re: Native HIP API questions in the h… Joe Touch
[Hipsec-rg] Re: Native HIP API questions in the h… Joe Touch
[Hipsec-rg] Re: Native HIP API questions in the h… Miika Komu
[Hipsec-rg] Re: Native HIP API questions in the h… Tim Shepard
[Hipsec-rg] Re: Native HIP API questions in the h… Lars Eggert
[Hipsec-rg] Re: Native HIP API questions in the h… Tim Shepard
[Hipsec-rg] Native HIP API questions in the hipse… Miika Komu
[Hipsec-rg] meeting minutes from HIP-RG meeting Henderson, Thomas R