[Hipsec-rg] Re: Native HIP API questions in the hipsec-rg meeting

[shep@alum.mit.edu (Tim Shepard)]

> > Tim Shepard:  What if no DNS?  Nervous about building in dependencies on
> > DNS.
> >
> > Julien:  use /etc/hosts.  Can fall back to opportunistic mode too.
> 
> The other alternative for DNS is the DHT, but it remains to be seen if we
> ever get there. In the mean time, we should rely on DNS, as there are no
> real alternatives currently available.
> 
> Maybe the resolver should should support DHT queries too. With a new
> resolver, this should not be a problem. I'll have to look at this topic
> when I get my hands on a DHT DNS replacement implementation...
> 


What I mean is that it should be possible to install and use HIP in a
meaningful way without requiring that you get your site administrator
to update the DNS servers.  (If additional records in the DNS enhance
the usefulness and/or security of HIP, that's OK.)

I don't think SSH would have ever seen much deployment if in order to
use it you would have had to get special SSH keys distributed by the
DNS servers.   That would have made it as difficult to install and use
as the kerberos-based encrypted rlogin (which I was using for many
years until ssh came along and made it so much easier).

The web would have never gotten very far if a new record type had to
be put in the DNS to support http.

			-Tim Shepard
			 shep@alum.mit.edu